Konan: Advanced Web Application and Dir Scanner

Konan is an advanced open source tool written in python, designed for brute force attacks on directories and to detect filenames on web application servers.

Installation

git clone https://github.com/m4ll0k/Konan.git konan

cd konan && pip -r requirements.txt

python konan.py

Support

  • Linux
  • Windows
  • MacOSX

Specifications

Konan dirsearch dirb gobuster
multi-threaded Yes Yes Yes Yes
Multiple Extensions Yes Yes No. No.
HTTP Proxy Support Yes Yes Yes Yes
Reporting yes (text and json) yes (text and json) yes (text) No.
User-Agent randomization Yes Yes No. No.
Ignore word in wordlist using regexp Yes No. No. No.
Split extension in wordlist Yes No. No. No.
Multiple Methods Yes Yes No. No.
Response Size Process Yes Yes No. No.
Provide Sub-Dir for Brute Force Yes Yes No. No.
Provide Dir for Recursively Brute Force Yes Yes No. No.
URL Injection Point Yes No. No. No.

Use

Basic:

  • python konan.py -u / –url http://example.com/

URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php
0.54% - 01:32:57 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 01:33:12 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.php
8.77% - 01:40:02 - 302 - GET - 14 - http://testphp.vulnweb.com/userinfo.php -> login.php

Injection Point:

  • python konan.py -u / –url http://example.com/%%/index.php

URL: http://testphp.vulnweb.com/%%/index.php

PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/test/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search/index.php

  • python konan.py -u / –url http://example.com/test%% -w /root/numbers.txt

URL: http://testphp.vulnweb.com/test%%

PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/test12
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/test34

Provide wordlist, default /db/dict.txt:

  • python konan.py -u / –url http://example.com/ -w / –wordlist /root/dict.txt
  • python konan.py -u / –url http://example.com/ -e / –extension php, html -f / –force

URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 02:00:21 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.html
0.43% - 02:00:23 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php
0.54% - 02:00:30 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 02:00:46 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.html
0.87% - 02:00:50 - 200 - GET - 6115 - http://testphp.vulnweb.com/categories.html

Provide status code exclusion:

  • python konan.py -u / –url http://example.com/ -x / –exclude 400,403,401

Provide only status code for output:

  • python konan.py -u / –url http://example.com/ -o / –only 200,301,302

Wordlist lowercase (isATest -> isatest) and uppercase (isAtest -> ISATEST):

  • python konan.py -u / –url http://example.com/ -w / –wordlist /root/dict.txt [-l / –lowercase OR -p / –uppercase]

Wordlist split (test.php -> to -> test):

  • python konan.py -u / –url http://example.com/ -w / –wordlist /root/dict.txt -s / –split

Wordlist Ignore word, letters, number, etc provided by regexp (\ w * .php | \ w * .html, ^ [0-9 _-] +):_

  • python konan.py -u / –url http://example.com/ -w / –wordlist -I / –ignore “\? +”

Output without -I / –ignore options:
URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 02:06:31 - 200 - GET - 4958 - http://testphp.vulnweb.com/???.php
0.43% - 02:06:32 - 200 - GET - 4732 - http: //testphp.vulnweb.com/ ???????????
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/

Output with -I / –ignore (in this case \? +) Options:
URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/

Recursive:

  • python konan.py -u / –url http://example.com/ -E / –recursive

recursive found and directory provided by -D/–dir-rec:

  • python konan.py -u / –url http://example.com/ -E / –recursive -D / –dir-rec “admin, tests, dev, internal”

Brute Force directory provided by -S / –sub-dir:

  • python konan.py -u / –url http://example.com/ -S / –sub-dir “admin, test, internal, dev”

Multiple Methods (check GET, POST, PUT and DELETE for word entry):

  • python konan.py -u / –url http://example.com/ -m / –methods ”

  • python konan.py -u / –url http://example.com/ -C / –length “<1000”

URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.19% - 02:11:46 - 301 - GET - 184 - http://testphp.vulnweb.com/admin -> http://testphp.vulnweb.com/admin/
1.73% - 02:12:37 - 301 - GET - 184 - http://testphp.vulnweb.com/images -> http://testphp.vulnweb.com/images/

You can download the program from here.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.082 registrants.

Konan

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).