Kitsune is a powerful asset discovery tool written in Go that helps security professionals and developers identify and analyze web applications, their technologies, and configurations.
- 2025-02-12
- Enhanced command output with colored text and better formatting
- Added GitHub profile link to banner
- Improved documentation with detailed command examples
- Added security headers check with status indicators
-
Web Application Fingerprinting
- CMS Detection (WordPress, Drupal, Joomla, etc.)
- Web Framework Detection (React, Angular, Vue.js, etc.)
- JavaScript Library Detection
- Version Detection
- Security Header Analysis
-
Batch Scanning
- Concurrent Multiple Target Scanning
- Proxy Pool Support
- Text File Import
- Real-time Result Display
- JSON Format Export
-
Additional Features
- Subdomain Scanning
- Port Scanning
- Service Detection
# Install from go.dev
go install github.com/MochizukiSec/Kitsune@latest
# Or build from source
git clone https://github.com/MochizukiSec/Kitsune.git
cd Kitsune
go buildThe webapp command performs fingerprinting of web applications to detect technologies, frameworks, and security configurations.
./kitsune webapp [options]Options:
-u, --url(required): Target URL to scan-t, --timeout(default: 30s): Timeout for HTTP requests--skip-verify: Skip SSL certificate verification-o, --output: Save results to JSON file--db(default: db/cms_finger.db): Path to fingerprint database
Examples:
# Basic scan
./kitsune webapp -u https://example.com
# With 5 second timeout and SSL verification disabled
./kitsune webapp -u https://example.com -t 5s --skip-verify
# Save results to JSON file
./kitsune webapp -u https://example.com -o results.jsonThe batch command allows scanning multiple targets concurrently with optional proxy support.
./kitsune batch [options]Options:
-i, --input(required): Input file containing target URLs (one per line)-o, --output-dir(default: results): Directory to store scan results-p, --proxy-file: File containing proxy servers (one per line)-c, --concurrency(default: 10): Number of concurrent scans-t, --timeout(default: 30s): Timeout for each scan--db(default: db/cms_finger.db): Path to fingerprint database
Examples:
# Basic batch scan
./kitsune batch -i targets.txt -o results
# With proxy pool and increased concurrency
./kitsune batch -i targets.txt -p proxies.txt -c 20 -o results
# With custom timeout
./kitsune batch -i targets.txt -t 10s -o resultsThe subdomain command performs subdomain enumeration using wordlist-based scanning.
./kitsune subdomain <domain> [options]Options:
-w, --wordlist(default: wordlists/subdomains.txt): Path to wordlist file-c, --concurrency(default: 10): Number of concurrent workers-o, --output: Save results to JSON file
Examples:
# Basic scan
./kitsune subdomain example.com
# With custom wordlist and increased concurrency
./kitsune subdomain example.com -w custom_wordlist.txt -c 100
# Save results to JSON file
./kitsune subdomain example.com -o results.jsonThe portscan command performs TCP port scanning with optional service detection.
./kitsune portscan <target> [options]Options:
-p, --ports(default: 1-1024): Port ranges to scan (e.g., '80,443,8000-8100')-c, --concurrency(default: 100): Number of concurrent workers-o, --output: Save results to JSON file--service-detection: Enable service version detection
Examples:
# Scan default ports
./kitsune portscan example.com
# Scan specific ports with service detection
./kitsune portscan example.com -p 80,443,8080 --service-detection
# Scan custom range with high concurrency
./kitsune portscan example.com -p 1-65535 -c 500
# Save results to JSON file
./kitsune portscan example.com -o results.json╔═══════════════════════════════════════════╗
║ Asset Scanner v1.0 ║
║ Security Asset Detection Tool ║
║ Author: Liam @MochizukiSec ║
╚═══════════════════════════════════════════╝
Web Application Information:
URL: https://example.com
Status Code: 200
Page Title: Example Site
Server: nginx/1.18.0
Detected Technologies:
[+] WordPress (version: 6.7.2) [CMS]
└── Path pattern: /wp-content/
└── Path pattern: /wp-json/
└── Version detected: 6.7.2
[+] jQuery [Framework]
└── Path pattern: /jquery-
[+] Bootstrap [Framework]
└── Body pattern: class="container"
Security Headers:
[+] Content-Security-Policy: present
[+] X-Frame-Options: DENY
[+] X-Content-Type-Options: nosniff
[+] Strict-Transport-Security: max-age=31536000
[-] X-XSS-Protection: missing{
"url": "https://example.com",
"status_code": 200,
"title": "Example Site",
"technologies": [
{
"name": "WordPress",
"category": "CMS",
"version": "6.7.2",
"hints": [
"Path pattern: /wp-content/",
"Path pattern: /wp-json/"
]
},
{
"name": "jQuery",
"category": "JavaScript Library"
}
],
"headers": {
"server": "nginx/1.18.0",
"x-powered-by": "PHP/7.4.3",
"content-security-policy": "default-src 'self'",
"x-frame-options": "DENY",
"x-content-type-options": "nosniff",
"strict-transport-security": "max-age=31536000"
},
"security_score": 85
}- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Liam (@MochizukiSec)
- Thanks to all contributors who helped with the development
- Special thanks to the Go community for their excellent packages