Kiterunner

Kiterunner

Kiterunner is a tool for content discovery, focusing on modern web applications and APIs. It goes beyond traditional file and folder discovery by bruteforcing routes/endpoints, especially in API-driven applications.

Key features:

• API Endpoint Bruteforcing: Leverages a curated dataset of Swagger specifications to intelligently bruteforce API endpoints, considering HTTP methods, headers, parameters, and values.
• Traditional Content Discovery: Performs fast content discovery for legacy web servers.
• Customizable Wordlists: Supports custom wordlists and integrates with Assetnote's wordlists.
• Depth Scanning: Handles virtual application path-based routing with configurable directory depth for wildcard detection.
• Request Replaying: Reconstructs and replays requests from scan output for analysis and debugging.
• Format Conversion: Converts between various file formats (txt, json, kite) for wordlists.

Use cases:

• Discovering hidden API endpoints in web applications.
• Identifying potential security vulnerabilities in APIs.
• Performing comprehensive content discovery on modern web applications.
• Automating API endpoint testing.