Skip to content

pwnwriter/kanha

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Kanha - A web-app pentesting suite written in rust 🦀

Crate Release MIT LICENSE Ko-fi

-----------------------------------------------------

img

Kanha is a tool that can help you perform, a variety of attacks based on the target domain . With just kanha you can do, Fuzzing, Reverse dns lookup, common http response, subdomain takeover detection and many more.

The project is inspird by mini.nvim, basically helping you to be productive with less numbers of tools(plugins) installed on your system and be unobtrusive and function as a standalone single binary out of the box.

Built from the ground up with performance, ease of use, and portability in mind in your favourite programming lang rust 💝

Philosophy

  • KISS - Keep things simple and stupid.
  • Ease - Write code that can be used elsewhere as well.
  • Efficiency - Optimize for performance without sacrificing readability.

Installation

Binary  
  • Manual : You can directly download the binary of your arch from releases and run it.
  • One liner : Run this script, requires jq,curl, tar & wget
wget -qO- "$(curl -qfsSL "https://api.github.com/repos/pwnwriter/kanha/releases/latest" | jq -r '.assets[].browser_download_url' | grep -Ei "$(uname -m).*$(uname -s).*musl" | grep -v "\.sha")" | tar -xzf - --strip-components=1
./kanha -h

Important

For upstream updates, it's recommended to build kanha from source !

Source  
  git clone --depth=1 https://github.com/pwnwriter/kanha --branch=main
  cd kanha
  cargo build --release
Cargo
  • Using crates.io

    cargo install kanha
  • Using binstall

    cargo binstall kanha

    Note ⚠️ This requires a working setup of rust/cargo & binstall.

METIS Linux  
sudo/doas pacman -Syyy kanha
Arch user repository  
paru/yay -S kanha-git
On Nix  
# Build from source and run
nix run github:pwnwriter/kanha
# without flakes:
nix-env -iA nixpkgs.kanha
# with flakes:
nix profile install nixpkgs#kanha

Subcommands

  • Status :- Just return the HTTP response code of URLs

    Help  
    $ kanha status -h
    Just return the HTTP response code of URLs
    
    Usage: kanha status [OPTIONS]
    
    Options:
      -f, --filename <FILENAME>  A file containing multiple urls
      -t, --tasks <TASKS>        Define the maximum concurrent tasks [default: 20]
          --stdin                Reads input from the standard in
          --exclude <EXCLUDE>    Define your status code for selective exclusion
      -h, --help                 Print help
      -V, --version              Print version
    
  • fuzz :- Fuzz URLs and return the response codes

    Help  
    $ kanha fuzz -h
    Fuzz a URL and return the response codes
    
    Usage: kanha fuzz [OPTIONS] --payloads <PAYLOADS>
    
    Options:
      -p, --payloads <PAYLOADS>    A file containing a list of payloads
      -u, --url <URL>              A single url
      -f, --file-path <FILE_PATH>  Path of the file containing multiple urls
      -t, --tasks <TASKS>          Define the maximum concurrent tasks [default: 20]
          --exclude <EXCLUDE>      Define your status code for selective exclusion
          --stdin                  Reads input from the standard in
      -h, --help                   Print help
      -V, --version                Print version
    
  • rdns :- Reverse dns lookup

    Help  
    $ kanha rdns  -h
    Reverse dns lookup
    
    Usage: kanha rdns [OPTIONS] --filename <FILENAME>
    
    Options:
      -f, --filename <FILENAME>  a file containing a list of possible wordlists
          --stdin                Reads input from the standard in
      -h, --help                 Print help
      -V, --version              Print version
  • Takeover :- Check possible subdomain takeover

    Help  
    $ kanha takeover -h
    Check possible subdomain takeover vulnerability
    
    Usage: kanha takeover [OPTIONS]
    
    Options:
      -u, --url <URL>              A single url
      -f, --file-path <FILE_PATH>  Path of the file containing multiple urls
      -j, --json-file <JSON_FILE>  A json file containing signature values of different services
          --stdin                  Reads input from the standard in
      -h, --help                   Print help
      -V, --version                Print version
    
  • urldencode :- (De|En) code urls

    Help  
    $ kanha urldencode -h
    (De|En) code urls
    
    Usage: kanha urldencode [OPTIONS]
    
    Options:
          --encode <ENCODE>  Provide a url to encode
          --decode <DECODE>  Provide a url to dencode
      -h, --help             Print help
      -V, --version          Print version
    

Contributing

  • Recommend a new feature
  • Give the project a star
  • Add new subcommand.
  • Fix docx and improve code quality

Also see

  • haylxon :- Blazingly fast tool to grab screenshots of your domain list right from terminal written in rust 🦀
  • httpx :- httpx is a fast and multi-purpose HTTP toolkit.
  • ffuf :- Fast web fuzzer written in Go

FAQ

  • Development:
    • Progress may be gradual, but I assure you of delivering quality code!
  • Why this?
    • This is a way for me to continually expand my knowledge in cybersecurity and Rust!
  • I want my quote in Kanha.
    • Please feel free to add it here.

Support

I am a student, i like working for open-source during my free time. If you appreciate my work, kindly consider supporting me through Ko-fi.

Copying

Kanha is licensed under the MIT LICENSE, Feel free to consider Kanha as your own!

Copyright © 2023 - present pwnwriter xyz ☘️