API Recon with Kiterunner - Hacker Toolbox

Name: API Recon with Kiterunner - Hacker Toolbox
Uploaded: Apr 14, 2021
Duration: 2060 s

InsiderPhD100K subscribers

35.0K views

Apr 14, 2021

34:20

Kiterunner is a brand new tool for API Recon which launched last week, and it's INCREDIBLE. I was so impressed when testing it out that I had to share it because this will be a game-changer for API recon, seriously. As in, this tool was able to find domain-specific API endpoints, where every tool has failed. Did you know this episode was sponsored by Intigriti? Sign up with my link http://go.intigriti.com/katie I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome! - Links - - Kiterunner Introduction: https://blog.assetnote.io/2021/04/05/contextual-content-discovery/ - Assetnote Wordlists: https://wordlists.assetnote.io - Kiterunner GitHub: https://github.com/assetnote/kiterunner - Slides from BSides Canberra: https://drive.google.com/file/d/1PDc238fkooRJqSI-K5SkeSwkKYmC9Uk6/view - Install Go: https://golang.org/doc/install - Install Brew: https://brew.sh - Commands - - Windows Instructions: go build -o dist/kr.exe ./cmd/kiterunner - Standard scan: kr scan http://127.0.0.1:8000/ -w ~/Downloads/routes-large.kite - Standard fuzzer: kr brute http://192.168.1.2:8000/ -A=apiroutes-210228 - Multiple Targets: kr scan source.txt -w ~/Downloads/routes-large.kite - Repeat a request: kr kb replay -w ~/Downloads/routes-large.kite "GET 404 [ 7620, 1867, 167] http://127.0.0.1:8000/api/api/secure/acclandingpage/shoppers/60974302/orders/18350 0cf6832438c001b0aeeed5bc5a70f536908b08e7" - Add a filter: kr scan http://127.0.0.1:8000 -w ~/Downloads/routes-large.kite -A=apiroutes-210328:20000 --fail-status-codes 400,401,404,403,501,502,426,411 - Plain text format: kr scan http://127.0.0.1:8000/api -w ~/Downloads/routes-large.kite -o text - Social Media - Discord: https://insiderphd.dev/discord Patreon: https://www.patreon.com/insiderphd Twitter: https://twitter.com/insiderphd - Patreon Shoutouts - David Kupratis Bruna Simonian Sean Doody Forrest Held Patreon Wardell Castles Gynvael Ram James Clee 00:00 - Introduction & Intigriti Sponsorship 02:00 - What makes Kiterunner special 10:55 - Installing Kiterunner 16:05 - Getting started, basic commands 22:33 - Adding extras 31:11 - Outro and Patreon shoutouts

Download

1 formats

Video Formats

360pmp445.4 MB

Download

Right-click 'Download' and select 'Save Link As' if the file opens in a new tab.