3 releases

0.1.2 Oct 17, 2023
0.1.1 Oct 13, 2023
0.1.0 Sep 8, 2023

#1750 in Web programming

38 downloads per month

MIT license

36KB
627 lines

Kanha - A web-app pentesting suite written in rust ðŸĶ€

Installation âĶū Subcommands âĶū Contribute

Crate Release MIT LICENSE Ko-fi

-----------------------------------------------------

img

Kanha is a tool that can help you perform, a variety of attacks based on the target domain . With just kanha you can do, Fuzzing, Reverse dns lookup, common http response, subdomain takeover detection and many more.

The project is inspird by mini.nvim, basically helping you to be productive with less numbers of tools(plugins) installed on your system and be unobtrusive and function as a standalone single binary out of the box.

Built from the ground up with performance, ease of use, and portability in mind in your favourite programming lang rust 💝

🧠 Philosophy

  • KISS - Keep things simple and stupid.
  • Ease - Write code that can be used elsewhere as well.
  • Efficiency - Optimize for performance without sacrificing readability.

ðŸą Installation

🊄 Binary  
  • You can directly download the binary of your arch and run it.
🌞 Source  
git clone --depth=1 https://github.com/pwnwriter/kanha --branch=main
cd kanha
cargo build --release 

Then go to release dir and ./kanha or move the binary to your any $PATH for instant access from anywhere.

🎠 Cargo
  • Using crates.io

    cargo install kanha
    
  • Using binstall

    cargo binstall kanha
    

    Note ⚠ïļ This requires a working setup of rust/cargo & binstall.

ðŸšĐ METIS Linux  
sudo/doas pacman -Syyy kanha

🌈 Subcommands

  • ➊ Status :- Just return the HTTP response code of URLs

    ðŸ‘ŧ Help  
    $ kanha status -h
    Just return the HTTP response code of URLs
    
    Usage: kanha status [OPTIONS]
    
    Options:
      -f, --filename <FILENAME>  A file containing multiple urls
      -t, --tasks <TASKS>        Define the maximum concurrent tasks [default: 20]
          --stdin                Reads input from the standard in
          --exclude <EXCLUDE>    Define your status code for selective exclusion
      -h, --help                 Print help
      -V, --version              Print version
    
    
    ðŸĶŠ Screenshots  

    status status-stdin

  • ➋ fuzz :- Fuzz URLs and return the response codes

    ðŸ‘ŧ Help  
    $ kanha fuzz -h
    Fuzz a URL and return the response codes
    
    Usage: kanha fuzz [OPTIONS] --payloads <PAYLOADS>
    
    Options:
      -p, --payloads <PAYLOADS>    A file containing a list of payloads
      -u, --url <URL>              A single url
      -f, --file-path <FILE_PATH>  Path of the file containing multiple urls
      -t, --tasks <TASKS>          Define the maximum concurrent tasks [default: 20]
          --exclude <EXCLUDE>      Define your status code for selective exclusion
          --stdin                  Reads input from the standard in
      -h, --help                   Print help
      -V, --version                Print version
    
    
    ðŸĶŠ Screenshots  

    screenshot_2023-10-13_14-08-46 screenshot_2023-10-13_14-07-45

  • ➌ rdns :- Reverse dns lookup

    ðŸ‘ŧ Help  
    
    $ kanha rdns  -h
    Reverse dns lookup
    
    Usage: kanha rdns [OPTIONS] --filename <FILENAME>
    
    Options:
      -f, --filename <FILENAME>  a file containing a list of possible wordlists
          --stdin                Reads input from the standard in
      -h, --help                 Print help
      -V, --version              Print version
    
    ðŸĶŠ Screenshots  

    rdns rdns-stdin

  • ➍ Takeover :- Check possible subdomain takeover

    ðŸ‘ŧ Help  
    $ kanha takeover -h
    Check possible subdomain takeover vulnerability
    
    Usage: kanha takeover [OPTIONS]
    
    Options:
      -u, --url <URL>              A single url
      -f, --file-path <FILE_PATH>  Path of the file containing multiple urls
      -j, --json-file <JSON_FILE>  A json file containing signature values of different services
          --stdin                  Reads input from the standard in
      -h, --help                   Print help
      -V, --version                Print version
    
    
    ðŸĶŠ Screenshots  

    Takeover single Takeover multiple

    takeover-stdin

  • ➎ urldencode :- (De|En) code urls

    ðŸ‘ŧ Help  
    $ kanha urldencode -h
    (De|En) code urls
    
    Usage: kanha urldencode [OPTIONS]
    
    Options:
          --encode <ENCODE>  Provide a url to encode
          --decode <DECODE>  Provide a url to dencode
      -h, --help             Print help
      -V, --version          Print version
    
    
    ðŸĶŠ Screenshots  

    urldencode urldencode

👐 Contributing

  • ðŸŠķ Recommend a new features
  • ⭐ Give the project a star
  • 🐎 Add new subcommand.
  • 🧑‍🚒 Fix docx // improve code quality

👀 Also see

  • haylxon :- Blazingly fast tool to grab screenshots of your domain list right from terminal written in rust ðŸĶ€
  • httpx :- httpx is a fast and multi-purpose HTTP toolkit.
  • ffuf :- Fast web fuzzer written in Go

🔏 License

As always, this project is also licensed under the MIT LICENSE  

Copyright ÂĐ 2023 pwnwriter xyz ☘ïļ

Dependencies

~8–20MB
~286K SLoC