Bug Bounty for Beginners - Reference Little Book
  • 📘Little Bug Bounty Book
  • ❓What is Bug Bounty
  • 🎯Bug Bounty Platforms
  • 🪜Phases of Bug Hunting
  • ⚠️Required Knowledge
  • 📣So, where do I start?
    • Network Security
    • Application Security
    • Mobile Security
    • Code Review and SAST
    • OWASP?
  • 🔎Reconnaissance Phase
    • Footprinting
      • OSINT
      • Google Dorks
      • Censys
      • Shodan
    • Subdomain Enumeration
      • Amass
      • Subfinder
      • Assetfinder
      • Aquatone
      • DNSrecon
      • DNSEnum
      • HTTPX
      • ReconFTW
    • Fingerprint
      • Nmap
      • Rustscan
      • Masscan
  • 🐞Scanning Phase
    • OpenVAS
    • Nuclei
    • OWASP Zap
    • NMAP
    • Looking for Parameters with Katana
    • Searching for XSS
    • SQL Injection (SQLi)
  • ♨️Testing Phase
    • Manual Validation
    • Severity Assessment in Vulnerability Testing
    • Exploitation Phase
    • Documentation of Findings
  • 📖Reporting Phase
Powered by GitBook
On this page
  • Katana
  • Installation
  • Basic Usage
  • Additional Options
  1. Scanning Phase

Looking for Parameters with Katana

PreviousNMAPNextSearching for XSS

Last updated 7 months ago

Katana

Identifying URL Parameters

Katana is a high-speed web crawler developed by ProjectDiscovery, designed for automation pipelines and capable of both headless and non-headless crawling. It excels at discovering endpoints and parameters within web applications, making it a valuable tool for security assessments and web analysis.

Installation

Katana requires Go 1.18 or later. To install:

CGO_ENABLED=1 go install github.com/projectdiscovery/katana/cmd/katana@latest

Alternatively, download the pre-compiled binary from the .

Basic Usage

To identify URL parameters using Katana, follow these steps:

  1. Run Katana with the Query URL Filter: Use the -f qurl option to filter and display URLs containing query parameters.

    katana -u https://example.com -f qurl

    This command crawls https://example.com and outputs URLs that include query parameters.

  2. Process Multiple URLs: To analyze multiple URLs, create a file (e.g., urls.txt) with each URL on a new line.

    katana -list urls.txt -f qurl

    This command processes each URL in urls.txt and extracts those with query parameters.

  3. Integrate with Other Tools: Katana can be integrated into workflows with other tools. For instance, combining Katana with allows for fuzzing of discovered endpoints.

    katana -u https://example.com -f qurl -o endpoints.txt
nuclei -list endpoints.txt -t fuzzing-templates/

    This sequence discovers endpoints with parameters and then applies fuzzing templates to test for vulnerabilities.

Additional Options

Katana offers various options to customize its behavior:

  • Depth Control: Use the -d option to set the maximum crawl depth.

    katana -u https://example.com -d 2 -f qurl

    This limits the crawl to two levels deep.

  • Scope Control: The -cs (crawl scope) and -cos (crawl out scope) options allow you to define in-scope and out-of-scope URL patterns using regular expressions.

    katana -u https://example.com -cs "example.com" -cos "logout"

    This configuration includes URLs containing "example.com" and excludes those containing "logout".

  • Headless Crawling: Enable headless mode with the -hl option to render JavaScript-heavy pages.

    katana -u https://example.com -hl -f qurl

    This approach is beneficial for applications that rely heavily on JavaScript.

By leveraging Katana's capabilities, you can efficiently identify and analyze URL parameters within web applications, enhancing your security assessments and web analysis processes.

For a comprehensive list of options and detailed usage instructions, refer to the .

🐞
release page
Nuclei
Katana documentation