Konan is an advanced open source tool code written in python, designed for brute force attacks on directories and to discover filenames on web application servers.
Installation
git clone https://github.com/m4ll0k/Konan.git konan
cd konan && pip install -r requirements.txt
python konan.py
Support
- Linux
- Windows
- MacOSX
Specifications
Konan | dirsearch | dirb | gobuster | |
---|---|---|---|---|
multi-threaded | Yes | Yes | Yes | Yes |
Multiple Extensions | Yes | Yes | No. | No. |
HTTP Proxy Support | Yes | Yes | Yes | Yes |
Reporting | yes (text and json) | yes (text and json) | yes (text) | No. |
User-Agent randomization | Yes | Yes | No. | No. |
Ignore word in wordlist using regexp |
Yes | No. | No. | No. |
Split extension in wordlist | Yes | No. | No. | No. |
Multiple Methods | Yes | Yes | No. | No. |
Response Size Process | Yes | Yes | No. | No. |
Provide Sub-Dir for Brute Force | Yes | Yes | No. | No. |
Provide Dir for Recursively Brute Force | Yes | Yes | No. | No. |
URL Injection Point | Yes | No. | No. | No. |
Use
Basic:
- python konan.py -u / –url http://example.com/
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php
0.54% - 01:32:57 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 01:33:12 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.php
8.77% - 01:40:02 - 302 - GET - 14 - http://testphp.vulnweb.com/userinfo.php -> login.php
Injection Point:
- python konan.py -u / –url http://example.com/%%/index.php
URL: http://testphp.vulnweb.com/%%/index.php
PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/test/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search/index.php
- python konan.py -u / –url http://example.com/test%% -w /root/numbers.txt
URL: http://testphp.vulnweb.com/test%%
PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/test12
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/test34
Provide wordlist, default /db/dict.txt:
- python konan.py -u / –url http://example.com/ -w / –wordlist /root/dict.txt
- python konan.py -u / –url http://example.com/ -e / –extension php, html -f / –force
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 02:00:21 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.html
0.43% - 02:00:23 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php
0.54% - 02:00:30 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 02:00:46 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.html
0.87% - 02:00:50 - 200 - GET - 6115 - http://testphp.vulnweb.com/categories.html
Provide status code exclusion:
- python konan.py -u / –url http://example.com/ -x / –exclude 400,403,401
Provide only status code for output:
- python konan.py -u / –url http://example.com/ -o / –only 200,301,302
Wordlist lowercase (isATest -> isatest) and uppercase (isAtest -> ISATEST):
- python konan.py -u / –url http://example.com/ -w / –wordlist /root/dict.txt [-l / –lowercase OR -p / –uppercase]
Wordlist split (test.php -> to -> test):
- python konan.py -u / –url http://example.com/ -w / –wordlist /root/dict.txt -s / –split
Wordlist Ignore word, letters, number, etc provided by regexp (\ w * .php | \ w * .html, ^ [0-9 _-] +):_
- python konan.py -u / –url http://example.com/ -w / –wordlist -I / –ignore “\? +”
Output without -I / –ignore options:
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 02:06:31 - 200 - GET - 4958 - http://testphp.vulnweb.com/???.php
0.43% - 02:06:32 - 200 - GET - 4732 - http: //testphp.vulnweb.com/ ???????????
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/
Output with -I / –ignore (in this case \? +) Options:
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/
Recursive:
- python konan.py -u / –url http://example.com/ -E / –recursive
Recursive directory found and directory provided by -D / –dir-rec:
- python konan.py -u / –url http://example.com/ -E / –recursive -D / –dir-rec “admin, tests, dev, internal”
Brute Force directory provided by -S / –sub-dir:
- python konan.py -u / –url http://example.com/ -S / –sub-dir “admin, test, internal, dev”
Multiple Methods (check GET, POST, PUT and DELETE for word entry):
- python konan.py -u / –url http://example.com/ -m / –methods ”
- python konan.py -u / –url http://example.com/ -C / –length “<1000”
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.19% - 02:11:46 - 301 - GET - 184 - http://testphp.vulnweb.com/admin -> http://testphp.vulnweb.com/admin/
1.73% - 02:12:37 - 301 - GET - 184 - http://testphp.vulnweb.com/images -> http://testphp.vulnweb.com/images/
You can download the program from here.