Kiterunner Logo

Kiterunner

0
Free
Visit Website

For the longest of times, content discovery has been focused on finding files and folders. While this approach is effective for legacy web servers that host static files or respond with 3xx’s upon a partial path, it is no longer effective for modern web applications, specifically APIs. Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning fast speeds, but also bruteforcing routes/endpoints in modern applications. Modern application frameworks such as Flask, Rails, Express, Django and others follow the paradigm of explicitly defining routes which expect certain HTTP methods, headers, parameters and values. When using traditional content discovery tooling, such routes are often missed and cannot easily be discovered. By collating a dataset of Swagger specifications and condensing it into our own schema, Kiterunner can use this dataset to bruteforce API endpoints by sending the correct HTTP method, headers, path, parameters.

FEATURES

ALTERNATIVES

Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Orchestration toolchain for scanning source code and infrastructure IaC against security risks.

Static code analyzer for Infrastructure as Code with 500+ security policies and support for various IaC tools and cloud platforms.

A Rust-based command-line tool for analyzing .apk files to detect vulnerabilities.

Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.

Yara Based Detection for web browsers

A tool for identifying and extracting parameters from HTTP requests and responses