Skip to content
Related Articles
Get the best out of our app
GeeksforGeeks App
Open App

Related Articles

Konan – Advanced Web Application Dir Scanner

Improve Article
Save Article
Like Article
Improve Article
Save Article
Like Article

Directories on the target domain can contain some sensitive information about the Web-Application which should not be revealed. We can discover this hidden directory by automating our task. Konan is an automated tool for fuzzing the hidden directories from the target domain. Konan tool is an advanced Directory Scanner as it provided various features like :

  1. Konan is Multi-Threaded
  2. Konan has Multiple Extensions
  3. Konan support HTTP Proxy Support
  4. Konan support Reporting
  5. Konan support User-Agent randomization
  6. Konan support Ignoring word in word-list using regexp
  7. Konan support splitting extension in the word-list
  8. Konan support Multiple Methods
  9. Konan support Response Size Process etc.

Konan tool is developed in the Python language and is available on GitHub. Konan tool is open-source and free-to-use. It supports filtering the results by excluding the status codes, brute-forcing only the words, excluding the numerical and symbols from the Wordlist. We can provide our own custom word list for brute-forcing.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of Konan Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd Konan

Step 3: You are in the directory of the Konan. Now you have to install a dependency of the Konan using the following command.

sudo pip3 install -r requirements.txt

Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

python3 -h

Working with Konan Tool on Kali Linux OS

Example 1:  Basic Scan

python3 -u

Example 2: Finding Injection Point

python3 -u

Example 3: Provide wordlist

python3 -u -w db/dict.txt

Example 4: Provide extensions with  option and force-extension for every wordlist entry with  option:-f/–force-e/–extension

python3 -u -e php,html -f

Example 5: Provide status code exclusion

python3 -u -x 400,403,401

Example 6: Provide only status code for output

python3 -u -o 200,301,302

Example 7: Wordlist lowercase (isATest -> isatest) and uppercase (isAtest -> ISATEST)

python3 -u -w db/dict.txt -p

Example 8: Wordlist split (test.php -> to -> test)

python3 -u -w db/dict.txt -i

Example 9: Wordlist Ignore word, letters, number,..etc provided by regexp ():\w*.php|\w*.html,^[0-9_-]+_

python3 -u -w db/dict.txt -I “\?+”

Example 10: Recursive

python3 -u -E

Example 11: Recursive directory found and directory provided by -D/–dir-rec

python3 -u -E -D “admin,tests,dev,internal”

Example 12: Brute Force directory provided by -S/–sub-dir

python3 -u -S “admin,test,internal,dev”

Example 13: Multiple Methods (check GET, POST, PUT, and DELETE for word entry)

python3 -u -m

Example 14: Content size process (show response if the response size is “>[number]”,”<[number]”,”=[number]”)

python3 -u -C "<1000"

My Personal Notes arrow_drop_up
Last Updated : 28 Nov, 2022
Like Article
Save Article
Similar Reads