Next Level API Hacking with Kiterunner
Рет қаралды 21,279
Күн бұрын00:00 Intro
00:47 Setup
02:52 Running kr
03:40 Wordlists
04:12 Basic scans
05:45 Filtering results
07:42 Outro
Pentests & Security Consulting: tcm-sec.com
Get Trained: academy.tcm-sec.com
Get Certified: certifications.tcm-sec.com
Merch: merch.tcm-sec.com
Sponsorship Inquiries: info@thecybermentor.com
📱Social Media📱
___________________________________________
Twitter: / thecybermentor
Twitch: / thecybermentor
Instagram: / thecybermentor
LinkedIn: / heathadams
TikTok: / thecybermentor
Discord: / discord
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
@Just2Dimes Жыл бұрын
Good video. Small tip if you didn't know it: you can CTRL+click urls in the terminal.
@pr0tagnist Жыл бұрын
00:39 is the most important part of the video. Good video Alex!! Thanks again.😊
@skysunset877 2 ай бұрын
This is so good!!! I love your content!!
@ghafarzamani2999 Жыл бұрын
Thanks bro i love you i support you always ❤❤
@luizferraz209 9 ай бұрын
Que aula ,meu deus ! vlw , essa ferramenta é maravilhosa ! tks guy ! very good video !
@lucasiomha3502 6 ай бұрын
Thanks man, subscribed
@ridingyourride Жыл бұрын
Thanks for the tip. 😊
@MFoster392 9 ай бұрын
Thank you alex
@Lx_ole Жыл бұрын
So helpfull
@RajatSharma_1111 Жыл бұрын
How this tool is different from any other directory bruteforcer? Such as dirsearch or dirbuster, FFUF, Gobuster etc?
@jeffdurkin4893 9 ай бұрын
thats some good content
@Z0nd4 11 ай бұрын
Love API Hacking. I used this tool before, and its very good! Thanks!
@aleksjagger9770 Ай бұрын
are you even allowed to use this tool in a bug bounty on a live target...?!?
@Ms.Robot. Жыл бұрын
Thanks❤
@Aditya_khedekar Жыл бұрын
not gono lie i spent over 10 hours installing kiterunner on my vm and 2 days later u post this video
@anthonysmith1770 2 ай бұрын
Lol same haha
@x1ns44n3 Жыл бұрын
It will show you around 54 hours of time if you will try it on a real domain instead of local host.
@denisvoroshilov2682 4 ай бұрын
I do love this tool to use in real projects to perform api pentest. My experience shows that it takes about 6 hours against prod (not staging/test) environment.
@aleksjagger9770 Ай бұрын
@@denisvoroshilov2682are you even allowed to use this tool in a bug bounty on a live target...?!?
@user-ku5gi6bb8m Жыл бұрын
I wanted to try but I can't authenticate I can pass the --headers but there's no equivalent to curl's --data-raw option
@imosolar Жыл бұрын
Please how I bypass 403 on api
@andyobioma3100 Жыл бұрын
Failed to list wordlist error= "failed to get remote wordlists"
@Lx_ole Жыл бұрын
First ❤
@alexandersoltesz8103 Жыл бұрын
it gets stuck at 0% when trying on a real target, anyone has a similar issue and a potential solution?
@akashpatel-bs8ve Жыл бұрын
I will take hours and hours on real target 😢
@alexandersoltesz8103 Жыл бұрын
@@akashpatel-bs8ve I wonder if it's different on a super strong VPS but I don't think so, I have normal internet for enumeration/bruteforce with other tools so I don't really get it.
@aleksjagger9770 Ай бұрын
are you even allowed to use this tool in a bug bounty on a live target...?!?
@andrericardo8824 Жыл бұрын
Hi, I am trying to do the PNPT Certificate, what is the url for me to start? I finished all the training but I can’t find the place to start the test
Dharni
Рет қаралды 144 МЛН
Павел Хмурчик
Рет қаралды 57 М.