Konan – Advanced Web Application Dir Scanner

Directories on the target domain can contain some sensitive information about the Web-Application which should not be revealed. We can discover this hidden directory by automating our task. Konan is an automated tool for fuzzing the hidden directories from the target domain. Konan tool is an advanced Directory Scanner as it provided various features like :

1. Konan is Multi-Threaded
2. Konan has Multiple Extensions
3. Konan support HTTP Proxy Support
4. Konan support Reporting
5. Konan support User-Agent randomization
6. Konan support Ignoring word in word-list using regexp
7. Konan support splitting extension in the word-list
8. Konan support Multiple Methods
9. Konan support Response Size Process etc.

Konan tool is developed in the Python language and is available on GitHub. Konan tool is open-source and free-to-use. It supports filtering the results by excluding the status codes, brute-forcing only the words, excluding the numerical and symbols from the Wordlist. We can provide our own custom word list for brute-forcing.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of Konan Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/Shikhar0051/Konan.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd Konan

Step 3: You are in the directory of the Konan. Now you have to install a dependency of the Konan using the following command.

sudo pip3 install -r requirements.txt

Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

python3 darkscrape.py -h

Working with Konan Tool on Kali Linux OS

Example 1:  Basic Scan

python3 konan.py -u http://testphp.vulnweb.com/

Example 2: Finding Injection Point

python3 konan.py -u http://testphp.vulnweb.com/%%/

Example 3: Provide wordlist

python3 konan.py -u http://testphp.vulnweb.com/ -w db/dict.txt

Example 4: Provide extensions with  option and force-extension for every wordlist entry with  option:-f/–force-e/–extension

python3 konan.py -u http://testphp.vulnweb.com/ -e php,html -f

Example 5: Provide status code exclusion

python3 konan.py -u http://testphp.vulnweb.com/ -x 400,403,401

Example 6: Provide only status code for output

python3 konan.py -u http://testphp.vulnweb.com/ -o 200,301,302

Example 7: Wordlist lowercase (isATest -> isatest) and uppercase (isAtest -> ISATEST)

python3 konan.py -u http://testphp.vulnweb.com/ -w db/dict.txt -p

Example 8: Wordlist split (test.php -> to -> test)

python3 konan.py -u http://testphp.vulnweb.com/ -w db/dict.txt -i

Example 9: Wordlist Ignore word, letters, number,..etc provided by regexp ():\w*.php|\w*.html,^[0-9_-]+_

python3 konan.py -u http://testphp.vulnweb.com/ -w db/dict.txt -I “\?+”

Example 10: Recursive

python3 konan.py -u http://testphp.vulnweb.com/ -E

Example 11: Recursive directory found and directory provided by -D/–dir-rec

python3 konan.py -u http://testphp.vulnweb.com/ -E -D “admin,tests,dev,internal”

Example 12: Brute Force directory provided by -S/–sub-dir

python3 konan.py -u http://testphp.vulnweb.com/ -S “admin,test,internal,dev”

Example 13: Multiple Methods (check GET, POST, PUT, and DELETE for word entry)

python3 konan.py -u http://testphp.vulnweb.com/ -m

Example 14: Content size process (show response if the response size is “>[number]”,”<[number]”,”=[number]”)

python3 konan.py -u http://testphp.vulnweb.com/ -C "<1000"