Cansina is a Web Content Discovery Application. It is well known Web applications don't publish all their resources or public links, so the only way to discover these resources is requesting for them and check the response. Cansina duty is to help you making requests and filtering the responses to tell apart if it is an existing resource or just an annoying or disguised 404. Other kind of useful responses (401, 403, ...) are processed in a similar fashion. Responses are kept in a sqlite database for later process or viewing.
You can stop and resume a task by ctrl-c, a resume file will be generated for you.
Check the options '-h' for more features.
There is an ongoing effort to add features via plugins.
Feature requests and comments are welcome.
Cansina is included in BlackArch Linux, give it a try!
- Http / Https
- Proxy support
- Data persistence
- Basic Authentication
cansina.py -h for a comprehensive list of features and choices
Will make GET requests using 4 threads by default
cansina.py -u target_url -p payload_filename
Banning HTTP responde codes to output
Selected codes will be skipped
cansina.py -u target_url -p payload_filename -b 404,400,500
Adding a .php extension to every record in payload
Make all payload entries end with an extension
cansina.py -u target_url -p payload_filename -e php
Adding a list of extensions
Same as above but will repeat every request for every extension provided
cansina.py -u target_url -p payload_filename -e php,asp,aspx
Cansina will report to screen if the content is detected in response
cansina.py -u target_url -p payload_filename -c look_for_this_text
Filtering by content
If the content is found it will be processed as a 404 Not Found page
cansina.py -u target_url -p payload_filename -d look_for_this_text
First, Cansina will try to make and remember a 404 response and will skip similar responses
cansina.py -u target_url -p payload_filename -D
cansina.py -u target_url/
Simple string replacing. Useful when a URL pattern is observable
_this/ -p payload_filename
If you don't want a response and know its size is fixed this could help skipping all those responses.
cansina.py -u target_url -s 1495 -p payload_filename
Also, it can be a list of sizes:
cansina.py -u target_url -s 0,1495,1337 -p payload_filename
Uppercase all requests
Just make every payload UPPERCASE
cansina.py -u target_url -U -p payload_filename
Set the threading level. 4 by default.
cansina.py -u target_url -t8 -p payload_filename
Change GET -> HEAD requests
Make requests using HEAD HTTP method. Be aware size and content filtering won't work
cansina.py -u target_url -H -p payload_filename
Delay between requests
Set a delay between resquests. Time is set in float format. E.g: 1.25 seconds
cansina.py -u target_url -T 1.25 -p payload_filename
Set an alternative User-Agent string
cansina.py -u target_url -p payload_filename -a user_agent
Simple http proxy
cansina.py -u target_url -p payload_filename -Phttp://127.0.0.1:8080
Manages basic authentication
cansina.py -u target_url -p payload_filename -Auser:password
Resume last interrupted session with all options and payload with former linenumber
cansina.py -r resume_file
Cansina will parse the robots.txt file an use it as a payload if it exists
This tool is intended to be used in a fair and legal context, meaning, for example, a penetration testing for which you have been provided previous authorization.
One of its legitimate uses might be the one described in the following article:
- Python 2.7.x
Cansina does not come with list but there are some neat projects to supply this:
pip install --user requests
git clone --depth=1 https://github.com/deibit/cansina