Konan - Advanced Spider Web Application Dir Scanner


Konan is an advanced opened upward source tool designed to brute forcefulness directories as well as files names on web/application servers.

Installation
Download Konan yesteryear cloning the Git repository:
git clone https://github.com/m4ll0k/Konan.git konan
Install requirements alongside pip
cd konan && pip install -r requirements.txt
Run Konan
python konan.py

Support Platforms
  • Linux
  • Windows
  • MacOSX

Features
Features Konan dirsearch dirb gobuster
MultiThreaded yes yes yes yes
Multiple Extensions yes yes no no
HTTP Proxy Support yes yes yes yes
Reporting yes (text as well as json) yes (text as well as json) yes (text) no
User-Agent randomization yes yes no no
Ignore give-and-take inwards wordlist using regexp yes no no no
Split extension inwards wordlist yes no no no
Multiple Methods yes no no no
Response Size Process yes no no no
Provide Sub-Dir for Brute Force yes no no no
Provide Dir for Recursively Brute Force yes no no no
URL Injection Point yes no no no

Usage
Basic:
  • python konan.py -u/--url http://example.com/
URL: http://testphp.vulnweb.com/  PERCENT  -   TIME   - CODE  -   METHOD  - LENGHT - URL ------------------------------------------------------- 0.39%    - 01:32:50 -  200  - GET -  4958    - http://testphp.vulnweb.com/index.php  0.43%    - 01:32:52 -  200  - GET -  4732    - http://testphp.vulnweb.com/search.php  0.54%    - 01:32:57 -  200  - GET -  5523    - http://testphp.vulnweb.com/login.php  0.81%    - 01:33:12 -  200  - GET -  4830    - http://testphp.vulnweb.com/logout.php  8.77%    - 01:40:02 -  302  - GET -  xiv      - http://testphp.vulnweb.com/userinfo.php  -> login.php 
Injection Point:
  • python konan.py -u/--url http://example.com/%%/index.php
URL: http://testphp.vulnweb.com/%%/index.php  PERCENT  -   TIME   - CODE  -   METHOD  - LENGHT - URL ------------------------------------------------------- 0.39%    - 01:32:50 -  200  - GET -  4958    - http://testphp.vulnweb.com/test/index.php  0.43%    - 01:32:52 -  200  - GET -  4732    - http://testphp.vulnweb.com/search/index.php  
  • python konan.py -u/--url http://example.com/test%% -w /root/numbers.txt
URL: http://testphp.vulnweb.com/test%%  PERCENT  -   TIME   - CODE  -   METHOD  - LENGHT - URL ------------------------------------------------------- 0.39%    - 01:32:50 -  200  - GET -  4958    - http://testphp.vulnweb.com/test12 0.43%    - 01:32:52 -  200  - GET -  4732    - http://testphp.vulnweb.com/test34  
Provide wordlist, default /db/dict.txt:
  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt
Provide extensions alongside -f/--force option:
  • python konan.py -u/--url http://example.com/ -e/--extension php,html -f/--force
URL: http://testphp.vulnweb.com/  PERCENT  -   TIME   - CODE  -   METHOD  - LENGHT - URL ------------------------------------------------------- 0.39%    - 02:00:21 -  200  - GET -  4958    - http://testphp.vulnweb.com/index.html  0.43%    - 02:00:23 -  200  - GET -  4732    - http://testphp.vulnweb.com/search.php  0.54%    - 02:00:30 -  200  - GET -  5523    - http://testphp.vulnweb.com/login.php  0.81%    - 02:00:46 -  200  - GET -  4830    - http://testphp.vulnweb.com/logout.html  0.87%    - 02:00:50 -  200  - GET -  6115    - http://testphp.vulnweb.com/categories.html
Provide condition code exclusion:
  • python konan.py -u/--url http://example.com/ -x/--exclude 400,403,401
Provide solely condition code for output:
  • python konan.py -u/--url http://example.com/ -o/--only 200,301,302
Wordlist lowercase (isATest -> isatest) as well as majuscule (isAtest -> ISATEST):
  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt [-l/--lowercase OR -p/--uppercase]
Wordlist split upward (test.php -> to -> test):
  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt -s/--split
Wordlist Ignore word,letters,number,..etc provided yesteryear regexp (\w*.php|\w*.html,^[0-9_-]+):_
  • python konan.py -u/--url http://example.com/ -w/--wordlist -I/--ignore "\?+"
Output without -I/--ignore options:
URL: http://testphp.vulnweb.com/  PERCENT  -   TIME   - CODE  -   METHOD  - LENGHT - URL ------------------------------------------------------- 0.39%    - 02:06:31 -  200  - GET -  4958    - http://testphp.vulnweb.com/???.php  0.43%    - 02:06:32 -  200  - GET -  4732    - http://testphp.vulnweb.com/???????????  0.54%    - 02:06:35 -  200  - GET -  5523    - http://testphp.vulnweb.com/admin/ 
Output alongside -I/--ignore (in this instance \?+) options:
 URL: http://testphp.vulnweb.com/  PERCENT  -   TIME   - CODE  -   METHOD  - LENGHT - URL ------------------------------------------------------- 0.54%    - 02:06:35 -  200  - GET -  5523    - http://testphp.vulnweb.com/admin/ 
Recursive:_
  • python konan.py -u/--url http://example.com/ -E/--recursive
Recursive directory flora as well as directory provided yesteryear -D/--dir-rec:
  • python konan.py -u/--url http://example.com/ -E/--recursive -D/--dir-rec "admin,tests,dev,internal"
Brute Force directory provided yesteryear -S/--sub-dir:
  • python konan.py -u/--url http://example.com/ -S/--sub-dir "admin,test,internal,dev"
Multiple Methods (check GET,POST,PUT as well as DELETE for give-and-take entry):
Note: Much spider web application if non brand the asking alongside correct method render 404 code, this pick essay out all methods
  • python konan.py -u/--url http://example.com/ -m/--methods"
Content size procedure (show answer if the answer size is ">[number]","<[number]","=[number]"):
  • python konan.py -u/--url http://example.com/ -C/--lenght "<1000"
URL: http://testphp.vulnweb.com/  PERCENT  -   TIME   - CODE  -   METHOD  - LENGHT - URL ------------------------------------------------------- 0.19%    - 02:11:46 -  301  - GET -  184     - http://testphp.vulnweb.com/admin  -> http://testphp.vulnweb.com/admin/ 1.73%    - 02:12:37 -  301  - GET -  184     - http://testphp.vulnweb.com/images  -> http://testphp.vulnweb.com/images/