katana icon indicating copy to clipboard operation
katana copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

Custom field support with config file

Open ehsandeep opened this issue 2 years ago • 4 comments

Please describe your feature request:

By default, katana supports multiple pre-defined fields to customize output and can be extended to allow users to write custom fields in the config file named field-config.yaml located at ~/.config/katana/

Example field config file:

# custom fields

- name: email
  type: regex
  regex:
  - ([a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.[a-zA-Z0-9_-]+)
  - ([a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.[a-zA-Z0-9_-]+)
  - ([a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.[a-zA-Z0-9_-]+)

- name: phone
  type: regex
  regex:
  - ([a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.[a-zA-Z0-9_-]+)
  - ([a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.[a-zA-Z0-9_-]+)
  - ([a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.[a-zA-Z0-9_-]+)
  • regex is supported to write a custom field
  • group field is supported with regex like nuclei
  • regex will be applied on crawled response (header + body)
  • single or multiple regex can be used with a custom field
  • name value will be used as field name to pass with cli option
  • name field needs to be unique + pre-defined names are reserved.
  • name field validation to accept only aA-zZ-0-9_-
  • default example field config file will be created upon 1st run.
./katana -u https://www.hackerone.com -f email,phone 

[email protected]
[email protected]
[email protected]
[email protected]
+1-32424234
+1 32424234
+91324324324

./katana -u https://www.hackerone.com -f email,phone -v

[email] [email protected]
[email] [email protected]
[email] [email protected]
[email] [email protected]
[phone] +1-32424234
[phone] +1 32424234
[phone] +91324324324

ehsandeep avatar Oct 09 '22 09:10 ehsandeep

Ill definitely make use of this

fail-open avatar Oct 11 '22 16:10 fail-open

图片 when i add custom field to ~/.config/katana/field-config.yaml and run it

xiaoliangli1128 avatar Nov 08 '22 12:11 xiaoliangli1128

@xiaoliangli1128 this is a feature issue and will be supported in the future.

ehsandeep avatar Nov 08 '22 13:11 ehsandeep

@xiaoliangli1128 this is a feature issue and will be supported in the future.

Got it. Thank you very much.

xiaoliangli1128 avatar Nov 10 '22 17:11 xiaoliangli1128

@ehsandeep Is there an option to check all the custom fields in the config file? So instead of doing this: katana -u https://www.target.com -f email,phone

Can we do something like this? katana -u https://www.target.com -f all

Also, does Katana send a request for every regex, or does it send one request to check all the regex?

malekmahmed avatar Jun 23 '23 10:06 malekmahmed