Cansina - Web Content Discovery Tool

Cansina is a web content discovery application.

Web applications don't publish all their resources or public links, so the only way to discover these resources is by requesting for them and checking the response.

Cansina's duty is to help you in making requests and filtering the responses to tell apart if it is an existing resource or just an annoying or disguised 404.

Other kinds of useful responses (401, 403, ...) are also processed in a similar fashion.

The responses are kept in an SQLite database for later process or viewing.

You can stop and resume a task by Ctrl-C; a resume file will then be generated for you.

Features

• Multithreading
• HTTP / HTTPS
• Proxy support
• Data persistence
• Basic Authentication
• Resume Capability

Dependencies

• Requests

• Python 2.7.x

Payloads

Cansina does not come with the list but there are some neat projects to supply this:

• SecLists
• FuzzDB

Usage

Simple case:

cansina.py -u target_url -p payload_filename

Will make GET requests using 4 threads by default

Banning HTTP response codes to output:

cansina.py -u target_url -p payload_filename -b 404,400,500

Selected codes will be skipped

Adding a .php extension to every record in payload:

cansina.py -u target_url -p payload_filename -e php

Make all payload entries end with an extension

Adding a list of extensions:

cansina.py -u target_url -p payload_filename -e php,asp,aspx

Same as above but will repeat every request for every extension provided

Inspecting content:

cansina.py -u target_url -p payload_filename -c look_for_this_text

Cansina will report to screen if the content is detected in response

Filtering by content:

cansina.py -u target_url -p payload_filename -d look_for_this_text

If the content is not found it will be processed as a 404 Not Found page

Autodiscriminator:

ansina.py -u target_url -p payload_filename -D

First, Cansina will try to make and remember a 404 response and will skip similar responses

Replacing:

cansina.py -u target_url/*_this/ -p payload_filename

Simple string replacing. Useful when a URL pattern is observable

Size filtering:

cansina.py -u target_url -s 1495 -p payload_filename

If you don't want a response and know its size is fixed this could help skipping all those responses

Uppercase all requests:

cansina.py -u target_url -U -p payload_filename

Just make every payload UPPERCASE

Threading:

cansina.py -u target_url -t8 -p payload_filename

Set the threading level. 4 by default.

Change GET -> HEAD requests:

cansina.py -u target_url -H -p payload_filename

Make requests using HEAD HTTP method. Be aware size and content filtering won't work

Delay between requests:

cansina.py -u target_url -T 1.25 -p payload_filename

Set a delay between requests. Time is set in float format. E.g: 1.25 seconds

User agent:

cansina.py -u target_url -p payload_filename -a user_agent

Set an alternative User-Agent string

Proxy requests:

cansina.py -u target_url -p payload_filename -Phttp://127.0.0.1:8080

Simple HTTP proxy

Basic authentication:

cansina.py -u target_url -p payload_filename -Auser:password

Manages basic authentication

Resume session:

cansina.py -r resume_file

Resume last interrupted session with all options and payload with former line-number

Parse robots.txt:

cansina.py -R

Cansina will parse the robots.txt file and use it as a payload if it exists

Download Cansina

You might also like:

• 14 Best IP Hide Tools 2017

• DroidSheep Tool - Android App For Hackers

• Top 10 Hacker Movies

• FaceNiff Tool - Android App For Hackers

• Smart and Easy Guide To Remove Malwares From Your Computer

• AxCrypt - File Encryption Software For Windows

• Ghiro - Automated Digital Image Forensics Tool

• Mellivora - A CTF (Capture The Flag) Engine

• Lynis - Security Auditing Tool For Unix/Linux Systems

• FoxOne - Server Reconnaissance Scanner

• Umap - The USB Host Security Assessment Tool

• FS-NyarL - Network Takeover & Forensic Analysis Tool