项目地址:https://github.com/m4ll0k/Konan
安装
通过克隆Git存储库来下载Konan:
git clone https://github.com/m4ll0k/Konan.git konan
安装要求 pip
cd konan && pip install -r requirements.txt
运行程序
python konan.py
支持平台
- Linux
- windows
- MacOSX
用法
基础:
python konan.py -u/--url http://example.com/
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php
0.54% - 01:32:57 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 01:33:12 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.php
8.77% - 01:40:02 - 302 - GET - 14 - http://testphp.vulnweb.com/userinfo.php -> login.php
注射点:
python konan.py -u/--url http://example.com/%%/index.php
URL: http://testphp.vulnweb.com/%%/index.php
PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/test/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search/index.php
python konan.py -u/--url http://example.com/test%% -w /root/numbers.txt
URL: http://testphp.vulnweb.com/test%%
PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/test12
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/test34
提供wordlist,默认/db/dict.txt
:
python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt
使用-e/--extension
选项为每个wordlist条目提供扩展选项和强制扩展-f/--force
:
python konan.py -u/--url http://example.com/ -e/--extension php,html -f/--force
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 02:00:21 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.html
0.43% - 02:00:23 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php
0.54% - 02:00:30 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 02:00:46 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.html
0.87% - 02:00:50 - 200 - GET - 6115 - http://testphp.vulnweb.com/categories.html
提供状态代码排除:
python konan.py -u/--url http://example.com/ -x/--exclude 400,403,401
仅提供输出的状态代码:
python konan.py -u/--url http://example.com/ -o/--only 200,301,302
Wordlist小写(isATest – > isatest)和大写(isAtest – > ISATEST):
python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt [-l/--lowercase OR -p/--uppercase]
Wordlist split(test.php – > to – > test):
python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt -s/--split
Wordlist忽略regexp(\w*.php|\w*.html
,^[0-9_-]+
)提供的单词,字母,数字等.. : _
python konan.py -u/--url http://example.com/ -w/--wordlist -I/--ignore "\?+"
没有-I/--ignore
选项的输出:
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 02:06:31 - 200 - GET - 4958 - http://testphp.vulnweb.com/???.php
0.43% - 02:06:32 - 200 - GET - 4732 - http://testphp.vulnweb.com/???????????
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/
输出-I/--ignore
(在这种情况下\?+
)选项:
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/
递归:
python konan.py -u/--url http://example.com/ -E/--recursive
找到的递归目录和目录提供者-D/--dir-rec
:
python konan.py -u/--url http://example.com/ -E/--recursive -D/--dir-rec "admin,tests,dev,internal"
Brute Force目录提供者-S/--sub-dir
:
python konan.py -u/--url http://example.com/ -S/--sub-dir "admin,test,internal,dev"
多种方法(检查GET,POST,PUT和DELETE以进行单词输入):
注意:很多Web应用程序如果没有用正确的方法发出请求返回404代码,这个选项测试所有方法
python konan.py -u/--url http://example.com/ -m/--methods"
内容大小过程(如果响应大小为“> [数字]”,“<[数字]”,“= [数字]”,则显示响应):
python konan.py -u/--url http://example.com/ -C/--lenght "<1000"
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.19% - 02:11:46 - 301 - GET - 184 - http://testphp.vulnweb.com/admin -> http://testphp.vulnweb.com/admin/
1.73% - 02:12:37 - 301 - GET - 184 - http://testphp.vulnweb.com/images -> http://testphp.vulnweb.com/images/