Konan – Advanced Web Application Dir Scanner

Konan is an advanced open source tool designed to brute force directories and files names on web/application servers.

Installation

Download it by cloning the Git repository:

git clone https://github.com/m4ll0k/Konan.git konan

Install requirements with pip

cd konan && pip install -r requirements.txt

Run

python konan.py

Support Platforms

  • Linux
  • Windows
  • MacOSX

Also Read – KaliTorify : Transparent Proxy Through Tor For Kali Linux OS

Features

FeaturesTooldirsearchdirbgobuster
MultiThreadedyesyesyesyes
Multiple Extensionsyesyesnono
HTTP Proxy Supportyesyesyesyes
Reportingyes (text and json)yes (text and json)yes (text)no
User-Agent randomizationyesyesnono
Ignore word in wordlist using regexpyesnonono
Split extension in wordlistyesnonono
Multiple Methodsyesnonono
Response Size Processyesnonono
Provide Sub-Dir for Brute Forceyesnonono
Provide Dir for Recursively Brute Forceyesnonono
URL Injection Pointyesnonono

Usage

Basic:

  • python konan.py -u/–url http://example.com/

Injection Point:

  • python konan.py -u/–url http://example.com/%%/index.php
  • python konan.py -u/–url http://example.com/test%% -w /root/numbers.txt

Provide wordlist, default /db/dict.txt

  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt

Provide extensions with -e/--extension option and force extension for every wordlist entry with -f/--force option:

  • python konan.py -u/--url http://example.com/ -e/--extension php,html -f/--force

Provide status code exclusion:

  • python konan.py -u/--url http://example.com/ -x/--exclude 400,403,401

Provide only status code for output:

  • python konan.py -u/--url http://example.com/ -o/--only 200,301,302

Wordlist lowercase (isATest -> isatest) and uppercase (isAtest -> ISATEST):

  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt [-l/--lowercase OR -p/--uppercase]

Wordlist split (test.php -> to -> test):

  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt -s/--split

Wordlist Ignore word,letters,number,..etc provided by regexp (\w*.php|\w*.html,^[0-9_-]+):_

  • python konan.py -u/--url http://example.com/ -w/--wordlist -I/--ignore "\?+"

Output without -I/--ignore options:

Output with -I/--ignore (in this case \?+) options:

Recursive:

  • python konan.py -u/--url http://example.com/ -E/--recursive

Recursive directory found and directory provided by -D/--dir-rec:

  • python konan.py -u/--url http://example.com/ -E/--recursive -D/--dir-rec "admin,tests,dev,internal"

Brute Force directory provided by -S/--sub-dir:

  • python konan.py -u/--url http://example.com/ -S/--sub-dir "admin,test,internal,dev"

Multiple Methods (check GET,POST,PUT and DELETE for word entry):

Note: Much web application if not make the request with right method return 404 code, this option test all methods

  • python konan.py -u/--url http://example.com/ -m/--methods"

Content size process (show response if the response size is “>[number]”,”<[number]”,”=[number]”):

  • python konan.py -u/--url http://example.com/ -C/--lenght "<1000"
R K

Recent Posts

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

6 hours ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

7 hours ago

What is SIEM? Complete Guide to Security Information and Event Management

Introduction As cyber threats grow more sophisticated, organizations need more than just firewalls and antivirus…

17 hours ago

Website OSINT: Tools and Techniques for Reconnaissance

Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…

1 day ago

Top OSINT Tools to Find Emails, Usernames and Passwords

Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…

2 days ago

Google Dorking in Cybersecurity: A Complete Guide

Introduction In the vast ocean of the internet, the most powerful tool you already have…

2 days ago