kiterunner brute
A contextual web scanner for bruteforcing API paths and web endpoints using wordlists. The `brute` subcommand targets one or multiple hosts.
More info →Options (8)
-A, --assetnote-wordlistbooleanBruteforce a target with an Assetnote wordlist (e.g., first 20,000 API routes)
kiterunner brute {{https://example.com}} {{[-A|--assetnote-wordlist]}} {{apiroutes-210328:20000}}-w, --wordlistbooleanBruteforce a target with a custom wordlist
kiterunner brute {{https://example.com}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}}-D, --dirsearch-compatbooleanBruteforce using a dirsearch-style wordlist with extension substitution
kiterunner brute {{https://example.com}} {{[-w|--wordlist]}} {{path/to/dirsearch.txt}} {{[-D|--dirsearch-compat]}} {{[-e|--extensions]}} {{json,txt}}-e, --extensionsbooleanBruteforce using a dirsearch-style wordlist with extension substitution
kiterunner brute {{https://example.com}} {{[-w|--wordlist]}} {{path/to/dirsearch.txt}} {{[-D|--dirsearch-compat]}} {{[-e|--extensions]}} {{json,txt}}-o, --outputbooleanBruteforce with specific file extensions appended and output in JSON format
kiterunner brute {{https://example.com}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}} {{[-e|--extensions]}} {{aspx,ashx}} {{[-o|--output]}} {{json}}-x, --max-connection-per-hostbooleanBruteforce a list of targets from a file with custom concurrency settings for performance
kiterunner brute {{path/to/targets.txt}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}} {{[-x|--max-connection-per-host]}} {{5}} {{[-j|--max-parallel-hosts]}} {{100}}-j, --max-parallel-hostsbooleanBruteforce a list of targets from a file with custom concurrency settings for performance
kiterunner brute {{path/to/targets.txt}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}} {{[-x|--max-connection-per-host]}} {{5}} {{[-j|--max-parallel-hosts]}} {{100}}-H, --headerbooleanBruteforce with custom HTTP headers
kiterunner brute {{https://example.com}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}} {{[-H|--header]}} "{{Authorization: Bearer token}}"Examples (8)
Bruteforce a target with an Assetnote wordlist (e.g., first 20,000 API routes)
kiterunner brute https://example.com [-A|--assetnote-wordlist] apiroutes-210328:20000Bruteforce a target with a custom wordlist
kiterunner brute https://example.com [-w|--wordlist] path/to/wordlist.txtBruteforce using a dirsearch-style wordlist with extension substitution
kiterunner brute https://example.com [-w|--wordlist] path/to/dirsearch.txt [-D|--dirsearch-compat] [-e|--extensions] json,txtBruteforce with specific file extensions appended and output in JSON format
kiterunner brute https://example.com [-w|--wordlist] path/to/wordlist.txt [-e|--extensions] aspx,ashx [-o|--output] jsonBruteforce a list of targets from a file with custom concurrency settings for performance
kiterunner brute path/to/targets.txt [-w|--wordlist] path/to/wordlist.txt [-x|--max-connection-per-host] 5 [-j|--max-parallel-hosts] 100Bruteforce and ignore specific content length responses
kiterunner brute https://example.com [-w|--wordlist] path/to/wordlist.txt --ignore-length 100-105Bruteforce with custom HTTP headers
kiterunner brute https://example.com [-w|--wordlist] path/to/wordlist.txt [-H|--header] "Authorization: Bearer token"Bruteforce a list of targets from a file with fail status code filtering
kiterunner brute path/to/targets.txt [-w|--wordlist] path/to/wordlist.txt --fail-status-codes 400,401,404