Тёмный

Hack EVERY API! KiteRunner - Hacker Tools 

Intigriti
Подписаться 26 тыс.
Просмотров 26 тыс.
50% 1
ВидеоПоделитьсяСкачатьДобавить в

👨‍💻🛠️​ In this week's episode of Hacker Tools, we will take a look at KiteRunner.
00:00 Introduction
00:15 Why do we need API enumeration?
00:40 What is KiteRunner?
01:40 Running KiteRunner
03:00 Checking out KiteRunner wordlists and bruteforces
06:15 Checking the results
07:00 Outro
---
📰 Check out the accompanying blog post here: blog.intigriti.com/2021/09/07...
🧑‍💻 Sign up and start hacking right now - go.intigriti.com/register
👾 Join our Discord - go.intigriti.com/discord
🎙️ This show is hosted by / pinkdraconian & / intigriti
👕 Do you want some Intigriti Swag? Check out swag.intigriti.com/

Опубликовано:

 

5 авг 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 30   
@redteamgarage299
@redteamgarage299 9 месяцев назад
Very informative ❤
@intigriti
@intigriti 9 месяцев назад
Glad it was helpful!
@droidhackerr
@droidhackerr 2 года назад
wow ... thanks for this.
@intigriti
@intigriti 2 года назад
Glad you enjoyed it!
@seiv-
@seiv- 2 года назад
What’s the difference of this one with gobuster for example ? What extra does this bring ?
@intigriti
@intigriti 2 года назад
We actually had someone ask this in our Discord as well. So feel free to check that out. Gobuster just bruteforces directories whereas KiteRunner uses the context it's in more.
@fahadfaisal2383
@fahadfaisal2383 2 года назад
Good!
@intigriti
@intigriti 2 года назад
Thanks!
@basitkhan3853
@basitkhan3853 2 года назад
Sir I found a endpoint name"admin.sign up" but when I visit this endpoint in a browser I found a empty page in which there are only 2 HTML tag and whole page is empty can you give me some idea how I move on forward
@user-uj2km6zr7s
@user-uj2km6zr7s 2 года назад
Lol
@intigriti
@intigriti 2 года назад
This is highly dependent on implementation so without further contextual information, there isn't much I can do I'm afraid ;)
@juanjoivars3254
@juanjoivars3254 Год назад
Whats the difference between scan and brute?
@intigriti
@intigriti Год назад
# Use a dirsearch style wordlist with %EXT% kr brute target.com/subapp/ -w dirsearch.txt -x 20 -j 1 -exml,asp,aspx,ashx -D # You have your own wordlist but you want assetnote wordlists too kr scan target.com -w routes.kite -A=apiroutes-210328:20000 -x 20 -j 1 --fail-status-codes 400,401,404,403,501,502,426,411
@tired409
@tired409 2 года назад
the one simple scan is taking me just over 4hrs to complete am i doing something wrong?
@intigriti
@intigriti Год назад
It could be that the website is very slow, the wordlist large and perhaps your internet a bit slower as well.
@crusader_
@crusader_ 2 года назад
Could you cover a waf detection tool
@intigriti
@intigriti 2 года назад
Do you have any examples of tools for that?
@crusader_
@crusader_ 2 года назад
Wafwoof. But I'm not sure if it's the best one out there.
@InsaneRecords997
@InsaneRecords997 Год назад
@@crusader_ bro wafw00f is used to detect waf technology behind web app
@tcib5055
@tcib5055 2 года назад
'kr' is not recognized as an internal or external command
@intigriti
@intigriti 2 года назад
Make sure the binary is in your PATH.
@deepaksaini3257
@deepaksaini3257 Год назад
How to download wordlist
@intigriti
@intigriti Год назад
KiteRunner will do that for you!
@yuhiahtyun5665
@yuhiahtyun5665 2 года назад
noice
@intigriti
@intigriti 2 года назад
Thanks!
@tcib5055
@tcib5055 2 года назад
" " or " " get error The filename, directory name, or volume label syntax is incorrect but type localhost:8080 to pass
@intigriti
@intigriti 2 года назад
Nice!
@InsaneRecords997
@InsaneRecords997 Год назад
@@intigriti 😂
Далее
Your WordPress isn't safe! WPScan - Hacker Tools
8:12
Your WordPress isn't safe! WPScan - Hacker Tools
Просмотров 4,2 тыс.
Hacking APIs: Fuzzing 101
13:29
Hacking APIs: Fuzzing 101
Просмотров 48 тыс.
Моя очередь СТРАДАТЬ с Китайское авто Li Auto L7
00:47
Моя очередь СТРАДАТЬ с Китайское авто Li Auto L7
Просмотров 379 тыс.
Я НЕ ОЖИДАЛ ЭТОГО!!! #Shorts #Глент
00:19
Я НЕ ОЖИДАЛ ЭТОГО!!! #Shorts #Глент
Просмотров 1,4 млн
СМОТРИМ YOUTUBE В МАЙНКРАФТЕ
00:34
СМОТРИМ YOUTUBE В МАЙНКРАФТЕ
Просмотров 895 тыс.
WHOA, HUMAN! ARE YOU A FRIDGE-NINJA? SHOW ME THOSE FOOD STORING PAWS! 😺🗡️
00:14
WHOA, HUMAN! ARE YOU A FRIDGE-NINJA? SHOW ME THOSE FOOD STORING PAWS! 😺🗡️
Просмотров 1,9 млн
API Recon with Kiterunner - Hacker Toolbox
34:20
API Recon with Kiterunner - Hacker Toolbox
Просмотров 31 тыс.
Find XSS the easy way! Dalfox - Hacker Tools
7:09
Find XSS the easy way! Dalfox - Hacker Tools
Просмотров 25 тыс.
How To Hack An API In 15 Minutes - Igor Matlin
47:54
How To Hack An API In 15 Minutes - Igor Matlin
Просмотров 6 тыс.
How Hackers Hack JSON Web Tokens
13:15
How Hackers Hack JSON Web Tokens
Просмотров 90 тыс.
2024 Guide: Hacking APIs
20:21
2024 Guide: Hacking APIs
Просмотров 17 тыс.
Next Level API Hacking with Kiterunner
8:02
Next Level API Hacking with Kiterunner
Просмотров 22 тыс.
Real Bugs - API Information Disclosure
17:32
Real Bugs - API Information Disclosure
Просмотров 33 тыс.
Hacking Windows TrustedInstaller (GOD MODE)
31:07
Hacking Windows TrustedInstaller (GOD MODE)
Просмотров 458 тыс.
$200 Bug Bounty PoC Worth | Full API Key Recon
14:28
$200 Bug Bounty PoC Worth | Full API Key Recon
Просмотров 9 тыс.
API Hacking Toolbox w/ Dr. Katie Paxton-Fear
26:44
API Hacking Toolbox w/ Dr. Katie Paxton-Fear
Просмотров 6 тыс.
Моя очередь СТРАДАТЬ с Китайское авто Li Auto L7
00:47
Моя очередь СТРАДАТЬ с Китайское авто Li Auto L7
Просмотров 379 тыс.