Kanha - A web-app pentesting suite written in rust š¦
![-----------------------------------------------------][line]
[**`Kanha`**](/) is a tool that can help you perform, a variety of attacks based on the target domain . With just `kanha` you can do, [***`Fuzzing`***][wiki-fuzzing], [***`Reverse dns lookup`***][wiki-dns-lookup], [***`common http response`***][wiki-http], [***`subdomain takeover detection`***][wiki-subdomain] and many [**`more`**][commands].
The project is inspird by [`mini.nvim`][mini], basically helping you to be productive with less numbers of *tools(plugins)* installed on your system and be unobtrusive and function as a standalone **`single binary`** out of the box.
Built from the ground up with performance, ease of use, and portability in mind in your favourite programming lang [**`rust`**][rust] š
## Philosophy
- **KISS** - Keep things simple and stupid.
- **Ease** - Write code that can be used elsewhere as well.
- **Efficiency** - Optimize for performance without sacrificing readability.
## Installation
Binary
- *Manual* : You can directly download the binary of your arch from [**releases**][releases] and run it.
- *One liner* : Run this script, requires `jq`,`curl`, `tar` & `wget`
```bash
wget -qO- "$(curl -qfsSL "https://api.github.com/repos/pwnwriter/kanha/releases/latest" | jq -r '.assets[].browser_download_url' | grep -Ei "$(uname -m).*$(uname -s).*musl" | grep -v "\.sha")" | tar -xzf - --strip-components=1
./kanha -h
```
> [!IMPORTANT]
> *_For upstream updates, it's recommended to build `kanha` from source !_*
Source
```bash
git clone --depth=1 https://github.com/pwnwriter/kanha --branch=main
cd kanha
cargo build --release
```
Cargo
- Using [crates.io][crate]
```bash
cargo install kanha
```
- Using [binstall][binstall]
```bash
cargo binstall kanha
```
> **Note** ā ļø
> This requires a working setup of rust/cargo & binstall.
METIS Linux
```bash
sudo/doas pacman -Syyy kanha
```
Arch user repository
```bash
paru/yay -S kanha-git
```
On Nix
```bash
# Build from source and run
nix run github:pwnwriter/kanha
# without flakes:
nix-env -iA nixpkgs.kanha
# with flakes:
nix profile install nixpkgs#kanha
```
## Subcommands
- ā `Status` :- Just return the HTTP response code of URLs
Help
```bash
$ kanha status -h
Just return the HTTP response code of URLs
Usage: kanha status [OPTIONS]
Options:
-f, --filename A file containing multiple urls
-t, --tasks Define the maximum concurrent tasks [default: 20]
--stdin Reads input from the standard in
--exclude Define your status code for selective exclusion
-h, --help Print help
-V, --version Print version
```
- ā `fuzz` :- Fuzz URLs and return the response codes
Help
```bash
$ kanha fuzz -h
Fuzz a URL and return the response codes
Usage: kanha fuzz [OPTIONS] --payloads
Options:
-p, --payloads A file containing a list of payloads
-u, --url A single url
-f, --file-path Path of the file containing multiple urls
-t, --tasks Define the maximum concurrent tasks [default: 20]
--exclude Define your status code for selective exclusion
--stdin Reads input from the standard in
-h, --help Print help
-V, --version Print version
```
- ā `rdns` :- Reverse dns lookup
Help
```bash
$ kanha rdns -h
Reverse dns lookup
Usage: kanha rdns [OPTIONS] --filename
Options:
-f, --filename a file containing a list of possible wordlists
--stdin Reads input from the standard in
-h, --help Print help
-V, --version Print version
```
- ā `Takeover` :- Check possible subdomain takeover
Help
```bash
$ kanha takeover -h
Check possible subdomain takeover vulnerability
Usage: kanha takeover [OPTIONS]
Options:
-u, --url A single url
-f, --file-path Path of the file containing multiple urls
-j, --json-file A json file containing signature values of different services
--stdin Reads input from the standard in
-h, --help Print help
-V, --version Print version
```
- ā `urldencode` :- (De|En) code urls
Help
```bash
$ kanha urldencode -h
(De|En) code urls
Usage: kanha urldencode [OPTIONS]
Options:
--encode Provide a url to encode
--decode Provide a url to dencode
-h, --help Print help
-V, --version Print version
```
## Contributing
- Recommend a new feature
- Give the project a star
- Add new [subcommand][commands].
- Fix docx and improve code quality
## Also see
- [`haylxon`][haylxon] :- Blazingly fast tool to grab screenshots of your domain list right from terminal written in rust š¦
- [`httpx`][httpx] :- httpx is a fast and multi-purpose HTTP toolkit.
- [`ffuf`][ffuf] :- Fast web fuzzer written in Go
## FAQ
- **Development:**
- Progress may be gradual, but I assure you of delivering quality code!
- **Why this?**
- This is a way for me to continually expand my knowledge in cybersecurity and Rust!
- **I want my quote in Kanha.**
- Please feel free to add it [here][splash].
## Support
I am a student, i like working for open-source during my free time. If you appreciate my work, kindly consider supporting me through [Ko-fi][Ko-Fi].
## Copying
`Kanha` is licensed under the [**`MIT LICENSE`**][license], Feel free to consider Kanha as your own!
[license]:/LICENSE
[splash]:/src/interface/splashes.rs
[commands]:/src/commands
[releases]:https://github.com/pwnwriter/kanha/releases
[line]:https://github.com/pwnwriter/haylxon/blob/readme-assets/colored.png
[Ko-Fi]:https://ko-fi.com/pwnwriter
[haylxon]:https://github.com/pwnwriter/haylxon
[ffuf]:https://github.com/ffuf/ffuf
[httpx]:https://github.com/projectdiscovery/httpx
[crate]:https://crates.io/crates/kanha
[binstall]:https://github.com/cargo-bins/cargo-binstall
[mini]:https://github.com/echasnovski/mini.nvim
[rust]:https://www.rust-lang.org
[wiki-fuzzing]:https://en.wikipedia.org/wiki/Fuzzing
[wiki-dns-lookup]:https://en.wikipedia.org/wiki/Reverse_DNS_lookup
[wiki-http]:https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
[wiki-subdomain]:https://en.wikipedia.org/wiki/Domain_hijacking
Copyright © 2023 - present pwnwriter xyz āļø