Open dinosn opened 3 years ago
Case 1.
This is potentially a bug with the calculations for the progress bar.
Case 2.
--kitebuilder-full-scan
will allow you to immediately perform a full scan without requiring confirmation while in scan mode. The first scan performs a minimised scan where 1 path from each API is used. and if any of the paths return, then the corresponding APIs are fully tested.
---kitebuilder-full-scan will allow you to immediately perform a full scan without requiring confirmation while in scan mode. The first scan performs a minimised scan where 1 path from each API is used. and if any of the paths return, then the corresponding APIs are fully tested.
which exact list is loaded when using this argument because i see number of 53033 when passing this argument
Hello,
Thank you for creating the tool it's amazing for api endpoing scanning. During the tests I have encountered some issues as described below.
Case 1.
In multiple occasions and on different targets the scan is incomplete with the following being shown as result:
As one can see the items processed are not matching the full list, though % indication is showing at 100%. The same case will appear on brute method.
Case 2.
On the latest version the -w parameter
kr scan -w /root/.cache/kiterunner/wordlists/httparchive_apiroutes_2021_03_28.kite URL -x 30
will force quickscan which additionally requires actions to proceed:Accepting continue will proceed with the full list. I don't seem to find a way to proceed directly without requiring confirmation. The initial action for the tool was specified in the command line as a wordlist scan.
Thank you again for providing a great tool.
Regards, Nicolas