pwnwriter / kanha

šŸ¦š A web-app pentesting suite written in rust .
https://crates.io/crates/kanha
MIT License
263 stars 16 forks source link
hackers-tools hacsectools hactoberfest offsec-tools osint pentesting-suite pwntools pwnwriter recon unixporn

Kanha - A web-app pentesting suite written in rust šŸ¦€

Installation ā¦¾ Subcommands ā¦¾ Contribute

Crate Release MIT LICENSE Ko-fi ![-----------------------------------------------------][line] img

[**`Kanha`**](/) is a tool that can help you perform, a variety of attacks based on the target domain . With just `kanha` you can do, [***`Fuzzing`***][wiki-fuzzing], [***`Reverse dns lookup`***][wiki-dns-lookup], [***`common http response`***][wiki-http], [***`subdomain takeover detection`***][wiki-subdomain] and many [**`more`**][commands]. The project is inspird by [`mini.nvim`][mini], basically helping you to be productive with less numbers of *tools(plugins)* installed on your system and be unobtrusive and function as a standalone **`single binary`** out of the box. Built from the ground up with performance, ease of use, and portability in mind in your favourite programming lang [**`rust`**][rust] šŸ’ ## Philosophy - **KISS** - Keep things simple and stupid. - **Ease** - Write code that can be used elsewhere as well. - **Efficiency** - Optimize for performance without sacrificing readability. ## Installation
Binary   - *Manual* : You can directly download the binary of your arch from [**releases**][releases] and run it. - *One liner* : Run this script, requires `jq`,`curl`, `tar` & `wget` ```bash wget -qO- "$(curl -qfsSL "https://api.github.com/repos/pwnwriter/kanha/releases/latest" | jq -r '.assets[].browser_download_url' | grep -Ei "$(uname -m).*$(uname -s).*musl" | grep -v "\.sha")" | tar -xzf - --strip-components=1 ./kanha -h ```
> [!IMPORTANT] > *_For upstream updates, it's recommended to build `kanha` from source !_*
Source   ```bash git clone --depth=1 https://github.com/pwnwriter/kanha --branch=main cd kanha cargo build --release ```
Cargo - Using [crates.io][crate] ```bash cargo install kanha ``` - Using [binstall][binstall] ```bash cargo binstall kanha ``` > **Note** āš ļø > This requires a working setup of rust/cargo & binstall.
METIS Linux   ```bash sudo/doas pacman -Syyy kanha ```
Arch user repository   ```bash paru/yay -S kanha-git ```
On Nix   ```bash # Build from source and run nix run github:pwnwriter/kanha # without flakes: nix-env -iA nixpkgs.kanha # with flakes: nix profile install nixpkgs#kanha ```
## Subcommands - āžŠ `Status` :- Just return the HTTP response code of URLs
Help   ```bash $ kanha status -h Just return the HTTP response code of URLs Usage: kanha status [OPTIONS] Options: -f, --filename A file containing multiple urls -t, --tasks Define the maximum concurrent tasks [default: 20] --stdin Reads input from the standard in --exclude Define your status code for selective exclusion -h, --help Print help -V, --version Print version ```
- āž‹ `fuzz` :- Fuzz URLs and return the response codes
Help   ```bash $ kanha fuzz -h Fuzz a URL and return the response codes Usage: kanha fuzz [OPTIONS] --payloads Options: -p, --payloads A file containing a list of payloads -u, --url A single url -f, --file-path Path of the file containing multiple urls -t, --tasks Define the maximum concurrent tasks [default: 20] --exclude Define your status code for selective exclusion --stdin Reads input from the standard in -h, --help Print help -V, --version Print version ```
- āžŒ `rdns` :- Reverse dns lookup
Help   ```bash $ kanha rdns -h Reverse dns lookup Usage: kanha rdns [OPTIONS] --filename Options: -f, --filename a file containing a list of possible wordlists --stdin Reads input from the standard in -h, --help Print help -V, --version Print version ```
- āž `Takeover` :- Check possible subdomain takeover
Help   ```bash $ kanha takeover -h Check possible subdomain takeover vulnerability Usage: kanha takeover [OPTIONS] Options: -u, --url A single url -f, --file-path Path of the file containing multiple urls -j, --json-file A json file containing signature values of different services --stdin Reads input from the standard in -h, --help Print help -V, --version Print version ```
- āžŽ `urldencode` :- (De|En) code urls
Help   ```bash $ kanha urldencode -h (De|En) code urls Usage: kanha urldencode [OPTIONS] Options: --encode Provide a url to encode --decode Provide a url to dencode -h, --help Print help -V, --version Print version ```
## Contributing - Recommend a new feature - Give the project a star - Add new [subcommand][commands]. - Fix docx and improve code quality ## Also see - [`haylxon`][haylxon] :- Blazingly fast tool to grab screenshots of your domain list right from terminal written in rust šŸ¦€ - [`httpx`][httpx] :- httpx is a fast and multi-purpose HTTP toolkit. - [`ffuf`][ffuf] :- Fast web fuzzer written in Go ## FAQ - **Development:** - Progress may be gradual, but I assure you of delivering quality code! - **Why this?** - This is a way for me to continually expand my knowledge in cybersecurity and Rust! - **I want my quote in Kanha.** - Please feel free to add it [here][splash]. ## Support I am a student, i like working for open-source during my free time. If you appreciate my work, kindly consider supporting me through [Ko-fi][Ko-Fi]. ## Copying `Kanha` is licensed under the [**`MIT LICENSE`**][license], Feel free to consider Kanha as your own! [license]:/LICENSE [splash]:/src/interface/splashes.rs [commands]:/src/commands [releases]:https://github.com/pwnwriter/kanha/releases [line]:https://github.com/pwnwriter/haylxon/blob/readme-assets/colored.png [Ko-Fi]:https://ko-fi.com/pwnwriter [haylxon]:https://github.com/pwnwriter/haylxon [ffuf]:https://github.com/ffuf/ffuf [httpx]:https://github.com/projectdiscovery/httpx [crate]:https://crates.io/crates/kanha [binstall]:https://github.com/cargo-bins/cargo-binstall [mini]:https://github.com/echasnovski/mini.nvim [rust]:https://www.rust-lang.org [wiki-fuzzing]:https://en.wikipedia.org/wiki/Fuzzing [wiki-dns-lookup]:https://en.wikipedia.org/wiki/Reverse_DNS_lookup [wiki-http]:https://en.wikipedia.org/wiki/List_of_HTTP_status_codes [wiki-subdomain]:https://en.wikipedia.org/wiki/Domain_hijacking

Copyright © 2023 - present pwnwriter xyz ā˜˜ļø