No video :(

API Recon with Kiterunner - Hacker Toolbox

Подписаться 80 тыс.

Просмотров 31 тыс.

50% 1

Kiterunner is a brand new tool for API Recon which launched last week, and it's INCREDIBLE. I was so impressed when testing it out that I had to share it because this will be a game-changer for API recon, seriously. As in, this tool was able to find domain-specific API endpoints, where every tool has failed.
Did you know this episode was sponsored by Intigriti? Sign up with my link go.intigriti.com/katie I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
- Links -
- Kiterunner Introduction: blog.assetnote.io/2021/04/05/...
- Assetnote Wordlists: wordlists.assetnote.io
- Kiterunner GitHub: github.com/assetnote/kiterunner
- Slides from BSides Canberra: drive.google.com/file/d/1PDc2...
- Install Go: golang.org/doc/install
- Install Brew: brew.sh
- Commands -
- Windows Instructions: go build -o dist/kr.exe ./cmd/kiterunner
- Standard scan: kr scan 127.0.0.1:8000/ -w ~/Downloads/routes-large.kite
- Standard fuzzer: kr brute 192.168.1.2:8000/ -A=apiroutes-210228
- Multiple Targets: kr scan source.txt -w ~/Downloads/routes-large.kite
- Repeat a request: kr kb replay -w ~/Downloads/routes-large.kite "GET 404 [ 7620, 1867, 167] 127.0.0.1:8000/api/api/secure/acclandingpage/shoppers/60974302/orders/18350 0cf6832438c001b0aeeed5bc5a70f536908b08e7"
- Add a filter: kr scan 127.0.0.1:8000 -w ~/Downloads/routes-large.kite -A=apiroutes-210328:20000 --fail-status-codes 400,401,404,403,501,502,426,411
- Plain text format: kr scan 127.0.0.1:8000/api -w ~/Downloads/routes-large.kite -o text
- Social Media -
Discord: insiderphd.dev/discord
Patreon: / insiderphd
Twitter: / insiderphd
- Patreon Shoutouts -
David Kupratis
Bruna Simonian
Sean Doody
Forrest Held
Patreon
Wardell Castles
Gynvael
Ram
James Clee
00:00 - Introduction & Intigriti Sponsorship
02:00 - What makes Kiterunner special
10:55 - Installing Kiterunner
16:05 - Getting started, basic commands
22:33 - Adding extras
31:11 - Outro and Patreon shoutouts

Опубликовано:

8 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 51

@MosnoAlMoseeki 2 года назад

That was so excellent! Thank you so much. I've marked this video to watch again in the future, and I actually am using Kiterunner as I'm watching this video. I do wish you a speedy recovery, and congrats on the Bug Crowd position!

@dhruvkandpal9909 3 года назад

Thank you for explaining each aspect of the tool clearly. It was really helpful! :)

@x7331x Месяц назад

Great video and tutorial, thanks for doing that!

@wardellcastles 3 года назад

Thanks for the video! I am already using it!

@zerosum535 2 года назад

Thank you, using it first time tonight

@cihan-3439 3 года назад

Thanks for the great content !

@innerjoy6361 3 года назад

Love from india .great content thanks

@ismailramzan8927 3 года назад

Thank You so much :)

@sql7002 3 года назад

Our Queen 👸👸😍

@hanko1 3 года назад

you deserve 10000000000000000 likes Katie

@Unknown-zf9yg 3 года назад

i’m one of them 🤪

@cybersecurity3523 3 года назад

Very good Dr

@mikekihoro6372 2 года назад

Hi Katie, thanks for the informative video, do you have a step by step installation of the tool on linux, I am kind of a beginner and really struggling to get it up and running.

@chizzlemo3094 3 года назад

thank you !

@ihebhamad1477 2 месяца назад

Thank you @kati would you do some web application testing, how do you approach a real target.

@karimsz2009 3 года назад

Amazing video indeed..

@arbazfarooqi5050 3 года назад

thank you

@cristianmorillas2247 Год назад

So nice!

@hossamshady1383 9 месяцев назад

wow so great

@kumaran88thiru 3 года назад

Lot of love for u

@narsi_04a0 2 года назад

thank u

@bharathpatel1757 3 года назад

Hi dhidhi ! Is it necessary to shift from burpsuite community to professional version? Cant we find bugs with community version .

@cloufish7790 3 года назад

A great idea with marking when doing presentation, but I really recommend you buying a cheap graphics tablet. I'm sure It'll be easier to underline and draw arrows : P

@InsiderPhD 3 года назад

I knowwwww I use my iPad but it doesn’t play nice with the two screens I use. I might have to check out alternatives

@Imhamzaazam 3 года назад

Hey katie, I am unable to print any output out on the terminal. It keeps running and outputs no results found.

@axelvirtus2514 3 года назад

FTL failed to read from stdin error="failed to open file: open routes.json: no such file or directory" Downloaded and extracted this files same problem

@alph4byt3 3 года назад

This is why they say it's good to get familiar with Linux, not a must per say but very much a great thing to have....Linux familiarity

@bharathpatel1757 3 года назад

Hi dhidhi ! There is a thing people mostly discussing now a days . Do really AI replace cyber security ? For security Enthusiast like me we always look for future do this field goes green ?

@InsiderPhD 3 года назад

No! Don’t worry about AI! I did a talk at bugcrowd level up it’s in my playlist of talks on AI and why you don’t need to worry!

@DEADCODE_ Год назад

@@InsiderPhD this why I love dude

@bluey8302 2 года назад

It does not work on windows, I type in the command in cmd but returns errors.

@RR-hl6zi 5 месяцев назад

It seems that the kiterunner project has been abandoned. Do you know if it has been forked or if there are any similar (but more recently updated) tools? If not, I really need to learn golang and patch the tool up myself. And figure out how to keep the api definitions up to date...

@InsiderPhD 5 месяцев назад

Yeah :( this is an older video, you can download the larger wordlists, but I’ve not seen anything similar, the most I’ve seen is some work looking at swagger files and extracting a wordlist from thousands of them