It takes general available lists of common path and files used by web applications and make URL requests looking back to the server response code. Cansina stores the information in a sqlite database (omitting 404 responses). One for every new url (think this as a kind of projects feature) and the same database for every new payload on the same url.
It aims to be (very) simple and straight to use doing only one thing: Discover content.
The app is far from being finished, probably is poorly coded and I wouldn't recommend it to use in a serious pentesting session.
Lists from fuzzdb are included in this repository for convenience but are not part of the project. You can use whatever list you want.
- Threads (well, processes)
- HTTP/S Proxy support (thanks to requests)
- Data persistance (sqlite3)
- Support for multiextensions list (-e php,asp,aspx,txt...)
- Content inspector (will watch for a specific string inside web page content)
- Skip fake 404 (best as possible)
- Skip by filtering content
- Replacing (for URL fuzzing)
- Reporting tool
- Basic Authentication