# Cansina
**IMPORTANT**: Clone this repository with:
```
git clone --depth=1 https://github.com/deibit/cansina
```
---
[](https://travis-ci.org/deibit/cansina)
Cansina is a Web Content Discovery Application.
It is well known Web applications don't publish all their resources or public links,
so the only way to discover these resources is requesting for them and check the response.
Cansina duty is to help you making requests and filtering and inspecting the responses to tell
apart if it is an existing resource or just an annoying or disguised 404.
Feature requests and comments are welcome.
Cansina is included in [BlackArch Linux](https://www.blackarch.org/), give it a try!
## Speed
Wanna make Cansina run faster? Grab my cup of coffee.
Cansina downloads page content for inspection by default (Yep, Cansina does not racing for speed). but you can disable GET requests and make them HEAD (no body page download). Also, do no print the fancy terminal interface (you will lost some hackish points).
- Put **-H** to make requests lighter
- Put **--no-progress** to print no fancy information in the screen
- Raise default threads to ten with **-t 10** (or even more if you don't mind noise and faulty tries)
## Integrated tree viewer
Cansina integrates a tree viewer (thanks to asciitree package) to output a project sqlite base stored results (http 200 status code by now).
```
./cansina.py -V output/http_testphp.vulnweb.com.sqlite
```
## Windows
Untested in Windows. It should work with **--no-progress**
## Installation
```
git clone --depth=1 https://github.com/deibit/cansina
cd cansina
pip install -r requirements.txt
```
From release tagged Py27, Cansina is made with Python 3.x in mind.
[Last version with Python 2.7 support](https://github.com/deibit/cansina/tree/Py27)
## Usage
[Wiki](https://github.com/deibit/cansina/wiki) is full of documentation and examples. But as a fast example:
```
python3 cansina.py -u <site_url> -p <payload_file>
```
Help summary:
```
python3 cansina.py -h
```
## Options
```
usage: cansina.py -u url -p payload [options]
Cansina is a web content discovery tool. It makes requests and analyze the
responses trying to figure out whether the resource is or not accessible.
optional arguments:
-h, --help show this help message and exit
-A AUTHENTICATION Basic Authentication (e.g: user:password)
-C COOKIES your cookies (e.g: key:value)
-D Check for fake 404 (warning: machine decision)
-H Make HTTP HEAD requests
-P PROXIES Set a http and/or https proxy (ex:
http://127.0.0.1:8080,https://...
-S Remove ending slash for payloads
-T REQUEST_DELAY Time (a float number, e.g: 0.25 or 1.75) between
requests
-U Make payload requests upper-case
-a USER_AGENT The preferred user-agent (default provided)
-b BANNED List of banned response codes
-B UNBANNED List of unbanned response codes, mark all response as
invalid without unbanned response codes, higher
priority than banned
-c CONTENT Inspect content looking for a particular string
-d DISCRIMINATOR If this string if found it will be treated as a 404
-e EXTENSION Extension list to use e.g: php,asp,...(default none)
-o OUTPUT Write (append) results in CSV format to a file; -o
<filename>
-p PAYLOAD A single file, a file with filenames (.payload) or a
directory (will do *.txt)
-s SIZE_DISCRIMINATOR
Will skip pages with this size in bytes (or a list of
sizes 0,500,1500...)
-t THREADS Number of threads (default 4)
-u TARGET Target url
-r RESUME Resume a session
-R Parse robots.txt and check its contents
--recursive Recursive descend on path directories
--no-persist Do not Use HTTP persistent connections
--full-path Show full path instead of only resources
--show-type Show content-type in results
--no-follow Do not follow redirections
--line CONTINUE_LINE Continue payload in line <n>
--resumer Save session in a file
--headers HEADERS Set personalized headers: key=value;key=value...
--capitalize Transform 'word' into 'Word'.
--strip-extension Strip word extension: word.ext into word
--alpha Filter non alphanumeric words from wordlist
--no-progress Don't show tested words and progress. (For dumb
terminals)
--no-colors Don't use output colors to keep output clean, e.g.
when redirecting output to file
License, requests, etc: https://github.com/deibit/cansina
```
## Features
- Data persistence with sqlite database
- Optional output in CSV format
- Multithreading
- Multiextension
- Custom headers
- Multiple wordlists from directories
- Content detection
- Filter results by size
- Filter results by content
- URL pattern (\*\*\*) to interpolate strings
- SSL support
- Proxy support
- Basic Authentication
- Cookie jar
- Resuming
- Path recursion
- Persistent connections
- Complementary tools
## Important
This tool is intended to be used in a fair and legal context, meaning, for example,
a penetration testing for which you have been provided previous authorization.
One of its legitimate uses might be the one described in the following article:
- [Forced browsing](https://www.owasp.org/index.php/Forced_browsing)
## Dependencies
- [requests](https://github.com/kennethreitz/requests)
- Python 3
## Wordlists
- [SecList](https://github.com/danielmiessler/SecLists)
## License information
License: GNU General Public License, version 3 or later; see LICENSE.txt
included in this archive for details.
Raw data
{
"_id": null,
"home_page": "https://github.com/deibit/cansina",
"name": "cansina",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "pentesting,cybersecurity,websecurity",
"author": "David Garcia",
"author_email": "daganu@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/c9/2d/5b44288b8e9b79c0354d32982722325e529eb156938620dc4aacae15ab84/cansina-0.9.tar.gz",
"platform": null,
"description": "# Cansina\n\n**IMPORTANT**: Clone this repository with:\n\n```\n git clone --depth=1 https://github.com/deibit/cansina\n```\n\n---\n\n[](https://travis-ci.org/deibit/cansina)\n\nCansina is a Web Content Discovery Application.\n\nIt is well known Web applications don't publish all their resources or public links,\nso the only way to discover these resources is requesting for them and check the response.\n\nCansina duty is to help you making requests and filtering and inspecting the responses to tell\napart if it is an existing resource or just an annoying or disguised 404.\n\nFeature requests and comments are welcome.\n\nCansina is included in [BlackArch Linux](https://www.blackarch.org/), give it a try!\n\n![CansinaImage](https://github.com/deibit/cansina/raw/gh-pages/images/cansina-showcase.png \"Image\")\n\n## Speed\n\nWanna make Cansina run faster? Grab my cup of coffee.\n\nCansina downloads page content for inspection by default (Yep, Cansina does not racing for speed). but you can disable GET requests and make them HEAD (no body page download). Also, do no print the fancy terminal interface (you will lost some hackish points).\n\n- Put **-H** to make requests lighter\n- Put **--no-progress** to print no fancy information in the screen\n- Raise default threads to ten with **-t 10** (or even more if you don't mind noise and faulty tries)\n\n## Integrated tree viewer\n\nCansina integrates a tree viewer (thanks to asciitree package) to output a project sqlite base stored results (http 200 status code by now).\n\n```\n./cansina.py -V output/http_testphp.vulnweb.com.sqlite\n```\n\n![ViewerImage](https://github.com/deibit/cansina/raw/gh-pages/images/viewer.png \"Image\")\n\n\n## Windows\n\nUntested in Windows. It should work with **--no-progress**\n\n## Installation\n\n```\ngit clone --depth=1 https://github.com/deibit/cansina\n\ncd cansina\n\npip install -r requirements.txt\n```\n\nFrom release tagged Py27, Cansina is made with Python 3.x in mind.\n\n[Last version with Python 2.7 support](https://github.com/deibit/cansina/tree/Py27)\n\n## Usage\n\n[Wiki](https://github.com/deibit/cansina/wiki) is full of documentation and examples. But as a fast example:\n\n```\npython3 cansina.py -u <site_url> -p <payload_file>\n```\n\nHelp summary:\n\n```\npython3 cansina.py -h\n```\n\n## Options\n\n```\nusage: cansina.py -u url -p payload [options]\n\nCansina is a web content discovery tool. It makes requests and analyze the\nresponses trying to figure out whether the resource is or not accessible.\n\noptional arguments:\n -h, --help show this help message and exit\n -A AUTHENTICATION Basic Authentication (e.g: user:password)\n -C COOKIES your cookies (e.g: key:value)\n -D Check for fake 404 (warning: machine decision)\n -H Make HTTP HEAD requests\n -P PROXIES Set a http and/or https proxy (ex:\n http://127.0.0.1:8080,https://...\n -S Remove ending slash for payloads\n -T REQUEST_DELAY Time (a float number, e.g: 0.25 or 1.75) between\n requests\n -U Make payload requests upper-case\n -a USER_AGENT The preferred user-agent (default provided)\n -b BANNED List of banned response codes\n -B UNBANNED List of unbanned response codes, mark all response as\n invalid without unbanned response codes, higher\n priority than banned\n -c CONTENT Inspect content looking for a particular string\n -d DISCRIMINATOR If this string if found it will be treated as a 404\n -e EXTENSION Extension list to use e.g: php,asp,...(default none)\n -o OUTPUT Write (append) results in CSV format to a file; -o\n <filename>\n -p PAYLOAD A single file, a file with filenames (.payload) or a\n directory (will do *.txt)\n -s SIZE_DISCRIMINATOR\n Will skip pages with this size in bytes (or a list of\n sizes 0,500,1500...)\n -t THREADS Number of threads (default 4)\n -u TARGET Target url\n -r RESUME Resume a session\n -R Parse robots.txt and check its contents\n --recursive Recursive descend on path directories\n --no-persist Do not Use HTTP persistent connections\n --full-path Show full path instead of only resources\n --show-type Show content-type in results\n --no-follow Do not follow redirections\n --line CONTINUE_LINE Continue payload in line <n>\n --resumer Save session in a file\n --headers HEADERS Set personalized headers: key=value;key=value...\n --capitalize Transform 'word' into 'Word'.\n --strip-extension Strip word extension: word.ext into word\n --alpha Filter non alphanumeric words from wordlist\n --no-progress Don't show tested words and progress. (For dumb\n terminals)\n --no-colors Don't use output colors to keep output clean, e.g.\n when redirecting output to file\n\nLicense, requests, etc: https://github.com/deibit/cansina\n```\n\n## Features\n\n- Data persistence with sqlite database\n- Optional output in CSV format\n- Multithreading\n- Multiextension\n- Custom headers\n- Multiple wordlists from directories\n- Content detection\n- Filter results by size\n- Filter results by content\n- URL pattern (\\*\\*\\*) to interpolate strings\n- SSL support\n- Proxy support\n- Basic Authentication\n- Cookie jar\n- Resuming\n- Path recursion\n- Persistent connections\n- Complementary tools\n\n## Important\n\nThis tool is intended to be used in a fair and legal context, meaning, for example,\na penetration testing for which you have been provided previous authorization.\n\nOne of its legitimate uses might be the one described in the following article:\n\n- [Forced browsing](https://www.owasp.org/index.php/Forced_browsing)\n\n## Dependencies\n\n- [requests](https://github.com/kennethreitz/requests)\n- Python 3\n\n## Wordlists\n\n- [SecList](https://github.com/danielmiessler/SecLists)\n\n## License information\n\nLicense: GNU General Public License, version 3 or later; see LICENSE.txt\nincluded in this archive for details.\n",
"bugtrack_url": null,
"license": "",
"summary": "Web Content Discovery Tool",
"version": "0.9",
"project_urls": {
"Homepage": "https://github.com/deibit/cansina"
},
"split_keywords": [
"pentesting",
"cybersecurity",
"websecurity"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "7485e49236bcd56768784f972ecd4e7a48c6e0948007d57d606f82af5a78303d",
"md5": "437ceed5c11bd183ab24fe53c97dfe46",
"sha256": "ca10f56387ece26f6623b8ca5b7700cb8e6f482270eeb3723e09f47552c52fc5"
},
"downloads": -1,
"filename": "cansina-0.9-py3-none-any.whl",
"has_sig": false,
"md5_digest": "437ceed5c11bd183ab24fe53c97dfe46",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 47135,
"upload_time": "2023-09-23T23:03:03",
"upload_time_iso_8601": "2023-09-23T23:03:03.898704Z",
"url": "https://files.pythonhosted.org/packages/74/85/e49236bcd56768784f972ecd4e7a48c6e0948007d57d606f82af5a78303d/cansina-0.9-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "c92d5b44288b8e9b79c0354d32982722325e529eb156938620dc4aacae15ab84",
"md5": "99620a08bbc62f8982a013f75b135f77",
"sha256": "eed1d09db940ab6df45610bbbee15ec48b63e2144d488d8a7e894e6a246e783c"
},
"downloads": -1,
"filename": "cansina-0.9.tar.gz",
"has_sig": false,
"md5_digest": "99620a08bbc62f8982a013f75b135f77",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 45916,
"upload_time": "2023-09-23T23:03:06",
"upload_time_iso_8601": "2023-09-23T23:03:06.244803Z",
"url": "https://files.pythonhosted.org/packages/c9/2d/5b44288b8e9b79c0354d32982722325e529eb156938620dc4aacae15ab84/cansina-0.9.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-09-23 23:03:06",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "deibit",
"github_project": "cansina",
"travis_ci": true,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "cansina"
}
JSON
