Kiterunner
Kiterunner is a tool for content discovery, focusing on modern web applications and APIs. It goes beyond traditional file and folder discovery by bruteforcing routes/endpoints, especially in API-driven applications.
Key features:
- API Endpoint Bruteforcing: Leverages a curated dataset of Swagger specifications to intelligently bruteforce API endpoints, considering HTTP methods, headers, parameters, and values.
- Traditional Content Discovery: Performs fast content discovery for legacy web servers.
- Customizable Wordlists: Supports custom wordlists and integrates with Assetnote's wordlists.
- Depth Scanning: Handles virtual application path-based routing with configurable directory depth for wildcard detection.
- Request Replaying: Reconstructs and replays requests from scan output for analysis and debugging.
- Format Conversion: Converts between various file formats (txt, json, kite) for wordlists.
Use cases:
- Discovering hidden API endpoints in web applications.
- Identifying potential security vulnerabilities in APIs.
- Performing comprehensive content discovery on modern web applications.
- Automating API endpoint testing.
