Konan is an advanced open source tool code written in python, designed for brute force attacks on directories and to discover names files on the web application servers.
Installation
git clone https://github.com/m4ll0k/Konan.git konan
cd konan && pip install -r requirements.txt
python konan.py
Support
- Linux
- Windows
- MacOSX
Specifications
Konan | dirsearch | dirb | gobuster | |
---|---|---|---|---|
multi-threaded | Yes | Yes | Yes | Yes |
Multiple Extensions | Yes | Yes | No. | No. |
HTTP Proxy Support | Yes | Yes | Yes | Yes |
Reporting | yes (text and json) | yes (text and json) | yes (text) | No. |
User-Agent randomization | Yes | Yes | No. | No. |
Ignore word in wordlist using regexp |
Yes | No. | No. | No. |
Split extension in wordlist | Yes | No. | No. | No. |
Multiple Methods | Yes | Yes | No. | No. |
Response Size Our Process | Yes | Yes | No. | No. |
Provide Sub-Dir for Brute Force | Yes | Yes | No. | No. |
Provide Dir for Recursively Brute Force | Yes | Yes | No. | No. |
URL Injection Point | Yes | No. | No. | No. |
Use
Basic:
- python konan.py -u / –url http://example.com/
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php
0.54% - 01:32:57 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 01:33:12 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.php
8.77% - 01:40:02 - 302 - GET - 14 - http://testphp.vulnweb.com/userinfo.php -> login.php
Injection Point:
- python konan.py -u / –url http://example.com/%%/index.php
URL: http://testphp.vulnweb.com/%%/index.php
PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/test/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search/index.php
- python konan.py -u / –url http://example.com/test%% -w /root/numbers.txt
URL: http://testphp.vulnweb.com/test%%
PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/test12
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/test34
Provide wordlist, default /db/dict.txt:
- python konan.py -u / –url http://example.com/ -w / –wordlist /root/dict.txt
- python konan.py -u / –url http://example.com/ -e / –extension php, html -f / –force
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 02:00:21 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.html
0.43% - 02:00:23 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php
0.54% - 02:00:30 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 02:00:46 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.html
0.87% - 02:00:50 - 200 - GET - 6115 - http://testphp.vulnweb.com/categories.html
Provide status code exclusion:
- python konan.py -u / –url http://example.com/ -x / –exclude 400,403,401
Provide only status code for output:
- python konan.py -u / –url http://example.com/ -o / –only 200,301,302
Wordlist lowercase (isATest -> isatest) and uppercase (isAtest -> ISATEST):
- python konan.py -u / –url http://example.com/ -w / –wordlist /root/dict.txt [-l / –lowercase OR -p / –uppercase]
Wordlist split (test.php -> to -> test):
- python konan.py -u / –url http://example.com/ -w / –wordlist /root/dict.txt -s / –split
Wordlist Ignore word, letters, number, etc provided by regexp (\ w * .php | \ w * .html, ^ [0-9 _-] +):_
- python konan.py -u / –url http://example.com/ -w / –wordlist -I / –ignore “\? +”
Output without -I / –ignore options:
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 02:06:31 - 200 - GET - 4958 - http://testphp.vulnweb.com/???.php
0.43% - 02:06:32 - 200 - GET - 4732 - http: //testphp.vulnweb.com/ ???????????
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/
Output with -I / –ignore (in this case \? +) Options:
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/
Recursive:
- python konan.py -u / –url http://example.com/ -E / –recursive
Recursive directory found and directory provided by -D / –dir-rec:
- python konan.py -u / –url http://example.com/ -E / –recursive -D / –dir-rec “admin, tests, dev, internal”
Brute Force directory provided by -S / –sub-dir:
- python konan.py -u / –url http://example.com/ -S / –sub-dir “admin, test, internal, dev”
Multiple Methods (check GET, POST, PUT and DELETE for word entry):
- python konan.py -u / –url http://example.com/ -m / –methods ”
- python konan.py -u / –url http://example.com/ -C / –length “<1000”
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.19% - 02:11:46 - 301 - GET - 184 - http://testphp.vulnweb.com/admin -> http://testphp.vulnweb.com/admin/
1.73% - 02:12:37 - 301 - GET - 184 - http://testphp.vulnweb.com/images -> http://testphp.vulnweb.com/images/
You can download the program from here.