From 0faf88f3ca9d5c128571d29aab0d73b55a1968a7 Mon Sep 17 00:00:00 2001
From: Machiavelli <145562237+MachiavelliII@users.noreply.github.com>
Date: Tue, 6 May 2025 07:06:54 +0300
Subject: [PATCH] kiterunner-{brute, kb, scan, wordlist}, kite, kr: add page
 (#16389)

* kiterunner-{brute, kb, scan, wordlist}, kite, kr: add page

* Update pages/common/kiterunner-brute.md

Co-authored-by: K.B.Dharun Krishna <kbdharunkrishna@gmail.com>

* Tweaks

* Update pages/common/kiterunner-brute.md

Co-authored-by: Managor <42655600+Managor@users.noreply.github.com>

* Twe4ks

---------

Co-authored-by: Managor <42655600+Managor@users.noreply.github.com>
Co-authored-by: K.B.Dharun Krishna <kbdharunkrishna@gmail.com>
---
 pages/common/kite.md                |  7 ++++++
 pages/common/kiterunner-brute.md    | 37 +++++++++++++++++++++++++++++
 pages/common/kiterunner-kb.md       | 37 +++++++++++++++++++++++++++++
 pages/common/kiterunner-scan.md     | 37 +++++++++++++++++++++++++++++
 pages/common/kiterunner-wordlist.md | 33 +++++++++++++++++++++++++
 pages/common/kiterunner.md          | 20 ++++++++++++++++
 pages/common/kr.md                  |  7 ++++++
 7 files changed, 178 insertions(+)
 create mode 100644 pages/common/kite.md
 create mode 100644 pages/common/kiterunner-brute.md
 create mode 100644 pages/common/kiterunner-kb.md
 create mode 100644 pages/common/kiterunner-scan.md
 create mode 100644 pages/common/kiterunner-wordlist.md
 create mode 100644 pages/common/kiterunner.md
 create mode 100644 pages/common/kr.md

diff --git a/pages/common/kite.md b/pages/common/kite.md
new file mode 100644
index 0000000000..772ea5d253
--- /dev/null
+++ b/pages/common/kite.md
@@ -0,0 +1,7 @@
+# kite
+
+> This command is an alias of `kiterunner`.
+
+- View documentation for the original command:
+
+`tldr kiterunner`
diff --git a/pages/common/kiterunner-brute.md b/pages/common/kiterunner-brute.md
new file mode 100644
index 0000000000..d9895028a6
--- /dev/null
+++ b/pages/common/kiterunner-brute.md
@@ -0,0 +1,37 @@
+# kiterunner brute
+
+> A contextual web scanner for bruteforcing API paths and web endpoints using wordlists.
+> The `brute` subcommand targets one or multiple hosts.
+> More information: <https://github.com/assetnote/kiterunner>.
+
+- Bruteforce a target with an Assetnote wordlist (e.g., first 20,000 API routes):
+
+`kiterunner brute {{https://example.com}} {{[-A|--assetnote-wordlist]}} {{apiroutes-210328:20000}}`
+
+- Bruteforce a target with a custom wordlist:
+
+`kiterunner brute {{https://example.com}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}}`
+
+- Bruteforce using a dirsearch-style wordlist with extension substitution:
+
+`kiterunner brute {{https://example.com}} {{[-w|--wordlist]}} {{path/to/dirsearch.txt}} {{[-D|--dirsearch-compat]}} {{[-e|--extensions]}} {{json,txt}}`
+
+- Bruteforce with specific file extensions appended and output in JSON format:
+
+`kiterunner brute {{https://example.com}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}} {{[-e|--extensions]}} {{aspx,ashx}} {{[-o|--output]}} {{json}}`
+
+- Bruteforce a list of targets from a file with custom concurrency settings for performance:
+
+`kiterunner brute {{path/to/targets.txt}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}} {{[-x|--max-connection-per-host]}} {{5}} {{[-j|--max-parallel-hosts]}} {{100}}`
+
+- Bruteforce and ignore specific content length responses:
+
+`kiterunner brute {{https://example.com}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}} --ignore-length {{100-105}}`
+
+- Bruteforce with custom HTTP headers:
+
+`kiterunner brute {{https://example.com}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}} {{[-H|--header]}} "{{Authorization: Bearer token}}"`
+
+- Bruteforce a list of targets from a file with fail status code filtering:
+
+`kiterunner brute {{path/to/targets.txt}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}} --fail-status-codes {{400,401,404}}`
diff --git a/pages/common/kiterunner-kb.md b/pages/common/kiterunner-kb.md
new file mode 100644
index 0000000000..4584f845ef
--- /dev/null
+++ b/pages/common/kiterunner-kb.md
@@ -0,0 +1,37 @@
+# kiterunner kb
+
+> A contextual web scanner for manipulating kitebuilder schemas used in API and web endpoint discovery.
+> The `kb` subcommand handles schema compilation, conversion, parsing, and request replay.
+> More information: <https://github.com/assetnote/kiterunner>.
+
+- Compile a kitebuilder schema from JSON to a kite file:
+
+`kiterunner kb compile {{path/to/wordlist.json}} {{path/to/wordlist.kite}}`
+
+- Convert a kite file to a text wordlist:
+
+`kiterunner kb convert {{path/to/wordlist.kite}} {{path/to/wordlist.txt}}`
+
+- Convert a text wordlist to a kite file:
+
+`kiterunner kb convert {{path/to/wordlist.txt}} {{path/to/wordlist.kite}}`
+
+- Convert a kite file to a JSON schema:
+
+`kiterunner kb convert {{path/to/wordlist.kite}} {{path/to/wordlist.json}}`
+
+- Parse a kitebuilder schema and output prettified JSON data:
+
+`kiterunner kb parse {{path/to/wordlist.json}} {{[-o|--output]}} {{json}}`
+
+- Parse a kite file and output prettified text data:
+
+`kiterunner kb parse {{path/to/wordlist.kite}} {{[-o|--output]}} {{text}}`
+
+- Replay a specific request from a kitebuilder schema output:
+
+`kiterunner kb replay {{[-w|--kitebuilder-list]}} {{path/to/wordlist.kite}} "{{request_output}}"`
+
+- Replay a request through a proxy for inspection:
+
+`kiterunner kb replay {{[-w|--kitebuilder-list]}} {{path/to/wordlist.kite}} {{[-p|--proxy]}} {{http://localhost:8080}} "{{request_output}}"`
diff --git a/pages/common/kiterunner-scan.md b/pages/common/kiterunner-scan.md
new file mode 100644
index 0000000000..18b84b7c68
--- /dev/null
+++ b/pages/common/kiterunner-scan.md
@@ -0,0 +1,37 @@
+# kiterunner scan
+
+> A contextual web scanner for concurrently scanning API paths and web endpoints using kitebuilder wordlists.
+> The `scan` subcommand targets one or multiple hosts with structured API requests.
+> More information: <https://github.com/assetnote/kiterunner>.
+
+- Scan a target with an Assetnote wordlist (e.g., first 5000 API routes):
+
+`kiterunner scan {{https://example.com}} {{[-A|--assetnote-wordlist]}} {{apiroutes-210228:5000}}`
+
+- Scan a target with a kitebuilder wordlist:
+
+`kiterunner scan {{https://example.com}} {{[-w|--kitebuilder-list]}} {{path/to/wordlist.kite}}`
+
+- Scan multiple hosts from a file with a kitebuilder wordlist:
+
+`kiterunner scan {{path/to/hosts.txt}} {{[-w|--kitebuilder-list]}} {{path/to/wordlist.kite}}`
+
+- Scan with an Assetnote wordlist and JSON output:
+
+`kiterunner scan {{https://example.com}} {{[-A|--assetnote-wordlist]}} {{apiroutes-210228:5000}} -o {{json}}`
+
+- Scan with custom concurrency settings for performance:
+
+`kiterunner scan {{https://example.com}} {{[-w|--kitebuilder-list]}} {{path/to/wordlist.kite}} {{[-x|--max-connection-per-host]}} {{5}} {{[-j|--max-parallel-hosts]}} {{100}}`
+
+- Scan with a wordlist as a normal wordlist, disabling depth scanning:
+
+`kiterunner scan {{https://example.com}} {{[-w|--kitebuilder-list]}} {{path/to/rafter.txt}} {{[-d|--preflight-depth]}} {{0}}`
+
+- Scan with custom headers and ignore specific content length responses:
+
+`kiterunner scan {{https://example.com}} {{[-w|--kitebuilder-list]}} {{path/to/wordlist.kite}} {{[-H|--header]}} "{{Authorization: Bearer token}}" --ignore-length {{100-105}}`
+
+- Perform a full kitebuilder scan without phase scanning:
+
+`kiterunner scan {{https://example.com}} {{[-w|--kitebuilder-list]}} {{path/to/wordlist.kite}} --kitebuilder-full-scan`
diff --git a/pages/common/kiterunner-wordlist.md b/pages/common/kiterunner-wordlist.md
new file mode 100644
index 0000000000..967eab3253
--- /dev/null
+++ b/pages/common/kiterunner-wordlist.md
@@ -0,0 +1,33 @@
+# kiterunner wordlist
+
+> A contextual web scanner for managing wordlists used in API and web endpoint discovery.
+> The `wordlist` subcommand handles listing and saving wordlists in `~/.cache/kiterunner`.
+> More information: <https://github.com/assetnote/kiterunner>.
+
+- List all cached and available Assetnote wordlists:
+
+`kiterunner wordlist list`
+
+- List wordlists with JSON output:
+
+`kiterunner wordlist list {{[-o|--output]}} {{json}}`
+
+- List wordlists with verbose debug output:
+
+`kiterunner wordlist list {{[-v|--verbose]}} {{debug}}`
+
+- Save a specific Assetnote wordlist by alias:
+
+`kiterunner wordlist save {{apiroutes-210328}}`
+
+- Save a specific Assetnote wordlist by full filename:
+
+`kiterunner wordlist save {{path/to/httparchive_apiroutes_2024_05_28.txt}}`
+
+- Save multiple wordlists by alias:
+
+`kiterunner wordlist save {{apiroutes-210328,aspx-210328}}`
+
+- Save a wordlist with quiet mode to suppress output:
+
+`kiterunner wordlist save {{apiroutes-210328}} {{[-q|--quiet]}}`
diff --git a/pages/common/kiterunner.md b/pages/common/kiterunner.md
new file mode 100644
index 0000000000..aef224f25f
--- /dev/null
+++ b/pages/common/kiterunner.md
@@ -0,0 +1,20 @@
+# kiterunner
+
+> A contextual web scanner for discovering API paths and web endpoints using wordlists and kitebuilder schemas.
+> More information: <https://github.com/assetnote/kiterunner>.
+
+- View documentation for bruteforcing API paths and web endpoints:
+
+`tldr kiterunner brute`
+
+- View documentation for concurrently scanning hosts with kitebuilder wordlists:
+
+`tldr kiterunner scan`
+
+- View documentation for manipulating kitebuilder schemas:
+
+`tldr kiterunner kb`
+
+- View documentation for managing cached and remote wordlists:
+
+`tldr kiterunner wordlist`
diff --git a/pages/common/kr.md b/pages/common/kr.md
new file mode 100644
index 0000000000..3437cde486
--- /dev/null
+++ b/pages/common/kr.md
@@ -0,0 +1,7 @@
+# kr
+
+> This command is an alias of `kiterunner`.
+
+- View documentation for the original command:
+
+`tldr kiterunner`