Kanha - A web-app pentesting suite written in rust 🦀

Installation ⦾ Subcommands ⦾ Contribute

Kanha is a tool that can help you perform, a variety of attacks based on the target domain . With just kanha you can do, Fuzzing, Reverse dns lookup, common http response, subdomain takeover detection and many more.

The project is inspird by mini.nvim, basically helping you to be productive with less numbers of tools(plugins) installed on your system and be unobtrusive and function as a standalone single binary out of the box.

Built from the ground up with performance, ease of use, and portability in mind in your favourite programming lang rust 💝

Philosophy

• KISS - Keep things simple and stupid.
• Ease - Write code that can be used elsewhere as well.
• Efficiency - Optimize for performance without sacrificing readability.

Installation

Binary

 

• Manual : You can directly download the binary of your arch from releases and run it.
• One liner : Run this script, requires jq,curl, tar & wget

wget -qO- "$(curl -qfsSL "https://api.github.com/repos/pwnwriter/kanha/releases/latest" | jq -r '.assets[].browser_download_url' | grep -Ei "$(uname -m).*$(uname -s).*musl" | grep -v "\.sha")" | tar -xzf - --strip-components=1
./kanha -h

Important

For upstream updates, it's recommended to build kanha from source !

Source

 

  git clone --depth=1 https://github.com/pwnwriter/kanha --branch=main
  cd kanha
  cargo build --release

Cargo

• Using crates.io

  cargo install kanha

• Using binstall

  cargo binstall kanha

  Note ⚠️ This requires a working setup of rust/cargo & binstall.

METIS Linux

 

sudo/doas pacman -Syyy kanha

Arch user repository

 

paru/yay -S kanha-git

On Nix

 

# Build from source and run
nix run github:pwnwriter/kanha
# without flakes:
nix-env -iA nixpkgs.kanha
# with flakes:
nix profile install nixpkgs#kanha

Subcommands

• ➊ Status :- Just return the HTTP response code of URLs

  Help

   

  $ kanha status -h
  Just return the HTTP response code of URLs
  
  Usage: kanha status [OPTIONS]
  
  Options:
    -f, --filename <FILENAME>  A file containing multiple urls
    -t, --tasks <TASKS>        Define the maximum concurrent tasks [default: 20]
        --stdin                Reads input from the standard in
        --exclude <EXCLUDE>    Define your status code for selective exclusion
    -h, --help                 Print help
    -V, --version              Print version
  

• ➋ fuzz :- Fuzz URLs and return the response codes

  Help

   

  $ kanha fuzz -h
  Fuzz a URL and return the response codes
  
  Usage: kanha fuzz [OPTIONS] --payloads <PAYLOADS>
  
  Options:
    -p, --payloads <PAYLOADS>    A file containing a list of payloads
    -u, --url <URL>              A single url
    -f, --file-path <FILE_PATH>  Path of the file containing multiple urls
    -t, --tasks <TASKS>          Define the maximum concurrent tasks [default: 20]
        --exclude <EXCLUDE>      Define your status code for selective exclusion
        --stdin                  Reads input from the standard in
    -h, --help                   Print help
    -V, --version                Print version
  

• ➌ rdns :- Reverse dns lookup

  Help

   

  $ kanha rdns  -h
  Reverse dns lookup
  
  Usage: kanha rdns [OPTIONS] --filename <FILENAME>
  
  Options:
    -f, --filename <FILENAME>  a file containing a list of possible wordlists
        --stdin                Reads input from the standard in
    -h, --help                 Print help
    -V, --version              Print version

• ➍ Takeover :- Check possible subdomain takeover

  Help

   

  $ kanha takeover -h
  Check possible subdomain takeover vulnerability
  
  Usage: kanha takeover [OPTIONS]
  
  Options:
    -u, --url <URL>              A single url
    -f, --file-path <FILE_PATH>  Path of the file containing multiple urls
    -j, --json-file <JSON_FILE>  A json file containing signature values of different services
        --stdin                  Reads input from the standard in
    -h, --help                   Print help
    -V, --version                Print version
  

• ➎ urldencode :- (De|En) code urls

  Help

   

  $ kanha urldencode -h
  (De|En) code urls
  
  Usage: kanha urldencode [OPTIONS]
  
  Options:
        --encode <ENCODE>  Provide a url to encode
        --decode <DECODE>  Provide a url to dencode
    -h, --help             Print help
    -V, --version          Print version
  

Contributing

• Recommend a new feature
• Give the project a star
• Add new subcommand.
• Fix docx and improve code quality

Also see

• haylxon :- Blazingly fast tool to grab screenshots of your domain list right from terminal written in rust 🦀
• httpx :- httpx is a fast and multi-purpose HTTP toolkit.
• ffuf :- Fast web fuzzer written in Go

FAQ

• Development:
  • Progress may be gradual, but I assure you of delivering quality code!
• Why this?
  • This is a way for me to continually expand my knowledge in cybersecurity and Rust!
• I want my quote in Kanha.
  • Please feel free to add it here.

Support

I am a student, i like working for open-source during my free time. If you appreciate my work, kindly consider supporting me through Ko-fi.

Copying

Kanha is licensed under the MIT LICENSE, Feel free to consider Kanha as your own!

Copyright © 2023 - present pwnwriter xyz ☘️