Konan: Advanced Web Application and Dir Scanner

Konan is an advanced open source tool written in python, designed for brute force attacks on directories and to detect filenames on web application servers.

Installation

git clone https://github.com/m4ll0k/Konan.git konan

cd konan && pip install -r requirements.txt

python konan.py

Support

  • Linux
  • Windows
  • MacOSX

Characteristics

Features Konan dirsearch dirb gobuster
multi-threaded yes yes yes yes
Multiple Extensions yes yes No. No.
HTTP Proxy Support yes yes yes yes
Reporting yes (text and json) yes (text and json) yes (text) No.
User-Agent randomization yes yes No. No.
Ignore word in wordlist using regexp yes No. No. No.
Split extension in wordlist yes No. No. No.
Multiple Methods yes yes No. No.
Response Size Process yes yes No. No.
Provide Sub-Dir for Brute Force yes yes No. No.
Provide Dir for Recursively Brute Force yes yes No. No.
URL Injection Point yes No. No. No.

Use

Basic:

  • python konan.py -u / –url http://example.com/

URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php
0.54% - 01:32:57 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 01:33:12 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.php
8.77% - 01:40:02 - 302 - GET - 14 - http://testphp.vulnweb.com/userinfo.php -> login.php

  Access blocked pages via Google translate - trick

Injection Point:

  • python konan.py -u / –url http://example.com/%%/index.php

URL: http://testphp.vulnweb.com/%%/index.php

PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/test/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search/index.php

  • python konan.py -u / –url http://example.com/test%% -w /root/numbers.txt

URL: http://testphp.vulnweb.com/test%%

PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/test12
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/test34

Provide wordlist, default /db/dict.txt:

  • python konan.py -u / –url http://example.com/ -w / –wordlist /root/dict.txt
  • python konan.py -u / –url http://example.com/ -e / –extension php, html -f / –force

URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 02:00:21 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.html
0.43% - 02:00:23 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php
0.54% - 02:00:30 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 02:00:46 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.html
0.87% - 02:00:50 - 200 - GET - 6115 - http://testphp.vulnweb.com/categories.html

Provide status code exclusion:

  • python konan.py -u / –url http://example.com/ -x / –exclude 400,403,401

Provide only status code for output:

  • python konan.py -u / –url http://example.com/ -o / –only 200,301,302

Wordlist lowercase (isATest -> isatest) and uppercase (isAtest -> ISATEST):

  • python konan.py -u / –url http://example.com/ -w / –wordlist /root/dict.txt [-l / –lowercase OR -p / –uppercase]

Wordlist split (test.php -> to -> test):

  • python konan.py -u / –url http://example.com/ -w / –wordlist /root/dict.txt -s / –split
  Emsisoft Browser Security protection from malicious sites

Wordlist Ignore word, letters, number, etc provided by regexp (\ w * .php | \ w * .html, ^ [0-9 _-] +):_

  • python konan.py -u / –url http://example.com/ -w / –wordlist -I / –ignore “\? +”

Output without -I / –ignore options:
URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.39% - 02:06:31 - 200 - GET - 4958 - http://testphp.vulnweb.com/???.php
0.43% - 02:06:32 - 200 - GET - 4732 - http: //testphp.vulnweb.com/ ???????????
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/

Output with -I / –ignore (in this case \? +) Options:
URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/

Recursive:

  • python konan.py -u / –url http://example.com/ -E / –recursive

Recursive directory found and directory provided by -D / –dir-rec:

  • python konan.py -u / –url http://example.com/ -E / –recursive -D / –dir-rec “admin, tests, dev, internal”

Brute Force directory provided by -S / –sub-dir:

  • python konan.py -u / –url http://example.com/ -S / –sub-dir “admin, test, internal, dev”

Multiple Methods (check GET, POST, PUT and DELETE for word entry):

  • python konan.py -u / –url http://example.com/ -m / –methods ”

Content size process (show response if the response size is “> [number]”, ”<[number]”, ”= [number]”):

  • python konan.py -u / –url http://example.com/ -C / –length “<1000”

URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGTH - URL
-------------------
0.19% - 02:11:46 - 301 - GET - 184 - http://testphp.vulnweb.com/admin -> http://testphp.vulnweb.com/admin/
1.73% - 02:12:37 - 301 - GET - 184 - http://testphp.vulnweb.com/images -> http://testphp.vulnweb.com/images/

You can download the program from here.

Registration in iGuRu.gr via email

Your email for sending each new post

Follow us on Google News iGuRu.gr at Google news

Leave a reply

Your email address Will not be published.

  + 86 = 90

Previous Story

Edward Snowden permanent residence permit in Russia

Next Story

Make a custom keyboard layout in Windows 10