`Kanha` - A web-app pentesting suite written in rust 🦀

`Installation` ⦾ `Subcommands` ⦾ `Contribute`

![-----------------------------------------------------](https://github.com/pwnwriter/haylxon/blob/readme-assets/colored.png)

[**`Kanha`**](/) is a tool that can help you perform, a variety of attacks based on the target domain . With just `kanha` you can do, [***`Fuzzing`***](https://en.wikipedia.org/wiki/Fuzzing), [***`Reverse dns lookup`***](https://en.wikipedia.org/wiki/Reverse_DNS_lookup), [***`common http response`***](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes), [***`subdomain takeover detection`***](https://en.wikipedia.org/wiki/Domain_hijacking) and many [**`more`**](/src/commands). The project is inspird by [`mini.nvim`](https://github.com/echasnovski/mini.nvim), basically helping you to be productive with less numbers of *tools(plugins)* installed on your system and be unobtrusive and function as a standalone **`single binary`** out of the box. Built from the ground up with performance, ease of use, and portability in mind in your favourite programming lang [**`rust`**](https://www.rust-lang.org/) 💝 ## 🧠 Philosophy - **KISS** - Keep things simple and stupid. - **Ease** - Write code that can be used elsewhere as well. - **Efficiency** - Optimize for performance without sacrificing readability. ## 🐱 Installation

🪄 Binary

- You can directly download the [**binary**](https://github.com/pwnwriter/kanha/releases) of your arch and run it.

🌼 Source

```bash git clone --depth=1 https://github.com/pwnwriter/kanha --branch=main cd kanha cargo build --release ``` Then go to `release` dir and `./kanha` or move the `binary` to your any `$PATH` for instant access from anywhere.

🎠 Cargo

- Using [crates.io](https://crates.io/crates/kanha) ```bash cargo install kanha ``` - Using [binstall](https://github.com/cargo-bins/cargo-binstall) ```bash cargo binstall kanha ``` > **Note** ⚠️ > This requires a working setup of rust/cargo & binstall.

🚩 METIS Linux

```bash sudo/doas pacman -Syyy kanha ```

## 🌈 Subcommands - ➊ `Status` :- Just return the HTTP response code of URLs

👻 Help

```bash $ kanha status -h Just return the HTTP response code of URLs Usage: kanha status [OPTIONS] Options: -f, --filename A file containing multiple urls -t, --tasks Define the maximum concurrent tasks [default: 20] --stdin Reads input from the standard in --exclude Define your status code for selective exclusion -h, --help Print help -V, --version Print version ```

🦊 Screenshots

![status](https://github.com/pwnwriter/kanha/assets/90331517/93f7656f-563c-4c92-a118-500b1fabae9e) ![status-stdin](https://github.com/pwnwriter/kanha/assets/90331517/5ac0d6c6-497a-4a8d-a1a2-d3326010d7a8)

- ➋ `fuzz` :- Fuzz URLs and return the response codes

👻 Help

```bash $ kanha fuzz -h Fuzz a URL and return the response codes Usage: kanha fuzz [OPTIONS] --payloads Options: -p, --payloads A file containing a list of payloads -u, --url A single url -f, --file-path Path of the file containing multiple urls -t, --tasks Define the maximum concurrent tasks [default: 20] --exclude Define your status code for selective exclusion --stdin Reads input from the standard in -h, --help Print help -V, --version Print version ```

🦊 Screenshots

![screenshot_2023-10-13_14-08-46](https://github.com/pwnwriter/kanha/assets/90331517/e3418630-b5c4-4986-95e8-57f832ee91f2) ![screenshot_2023-10-13_14-07-45](https://github.com/pwnwriter/kanha/assets/90331517/692e1214-8b32-40c9-bae7-9cce1ab064f0)

- ➌ `rdns` :- Reverse dns lookup

👻 Help

```bash $ kanha rdns -h Reverse dns lookup Usage: kanha rdns [OPTIONS] --filename Options: -f, --filename a file containing a list of possible wordlists --stdin Reads input from the standard in -h, --help Print help -V, --version Print version ```

🦊 Screenshots

![rdns](https://github.com/pwnwriter/kanha/assets/90331517/44f2f7f1-9f47-4794-87e9-1366b4a3e443) ![rdns-stdin](https://github.com/pwnwriter/kanha/assets/90331517/9ad5e5b6-711e-4396-a46f-5c190000e185)

- ➍ `Takeover` :- Check possible subdomain takeover

👻 Help

```bash $ kanha takeover -h Check possible subdomain takeover vulnerability Usage: kanha takeover [OPTIONS] Options: -u, --url A single url -f, --file-path Path of the file containing multiple urls -j, --json-file A json file containing signature values of different services --stdin Reads input from the standard in -h, --help Print help -V, --version Print version ```

🦊 Screenshots

![Takeover single](https://github.com/pwnwriter/kanha/assets/90331517/b868146d-03eb-4803-81b3-5283135f3d4f) ![Takeover multiple](https://github.com/pwnwriter/kanha/assets/90331517/f13e0001-b39d-4132-b98f-86836f789be3) ![takeover-stdin](https://github.com/pwnwriter/kanha/assets/90331517/1b956c9d-2d37-4656-97ee-2aca2199750b)

- ➎ `urldencode` :- (De|En) code urls

👻 Help

```bash $ kanha urldencode -h (De|En) code urls Usage: kanha urldencode [OPTIONS] Options: --encode Provide a url to encode --decode Provide a url to dencode -h, --help Print help -V, --version Print version ```

🦊 Screenshots

![urldencode](https://github.com/pwnwriter/kanha/assets/90331517/b757694d-a4f9-4ea2-a962-c8419fe59b56) ![urldencode](https://github.com/pwnwriter/kanha/assets/90331517/dcf45079-7514-4951-b264-a3e6f708ebdb)

## 👐 Contributing - 🪶 Recommend a new features - ⭐ Give the project a star - 🐎 Add new [subcommand](/src/commands). - 🧑‍🚒 Fix docx // improve code quality ## 👀 Also see - [`haylxon`](https://github.com/pwnwriter/haylxon) :- Blazingly fast tool to grab screenshots of your domain list right from terminal written in rust 🦀 - [`httpx`](https://github.com/projectdiscovery/httpx) :- httpx is a fast and multi-purpose HTTP toolkit. - [`ffuf`](https://github.com/ffuf/ffuf) :- Fast web fuzzer written in Go ## 🔏 License As always, this project is also licensed under the [**`MIT LICENSE`**](/LICENSE)

Kanha - A web-app pentesting suite written in rust 🦀

Installation ⦾ Subcommands ⦾ Contribute

`Kanha` - A web-app pentesting suite written in rust 🦀

`Installation` ⦾ `Subcommands` ⦾ `Contribute`