Kiterunner
For the longest of times, content discovery has been focused on finding files and folders. While this approach is effective for legacy web servers that host static files or respond with 3xx’s upon a partial path, it is no longer effective for modern web applications, specifically APIs. Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning fast speeds, but also bruteforcing routes/endpoints in modern applications. Modern application frameworks such as Flask, Rails, Express, Django and others follow the paradigm of explicitly defining routes which expect certain HTTP methods, headers, parameters and values. When using traditional content discovery tooling, such routes are often missed and cannot easily be discovered. By collating a dataset of Swagger specifications and condensing it into our own schema, Kiterunner can use this dataset to bruteforce API endpoints by sending the correct HTTP method, headers, path, parameters.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
SearchCode is an extensive code search engine that indexes 75 billion lines of code from millions of projects to help developers find coding examples and libraries.
A simple Swagger-ui scanner that detects old versions vulnerable to various XSS attacks
Static code analyzer for Infrastructure as Code with 500+ security policies and support for various IaC tools and cloud platforms.
Argus-SAF is a static analysis framework for security vetting Android applications.
Cutting-edge technology for developing security applications within the Linux kernel.
StepSecurity is a platform that enhances GitHub Actions security by providing network egress control, risk discovery, action replacement, and security best practices orchestration.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.