Cansina – Open Source Hidden Content Discovery Tool

  • 207
  •  
  •  
  •  
  •  
  • 2
  •  
  •  
    209
    Shares

Reconnaissance is one of the first steps to conduct within a pen test engagement. During this stage, information is gathered using different tools and sources. Some web applications may hide web resources from public, there is however a way to discover the hidden content. Cansina is one such open source tool that helps aid in discovering hidden content using a request and response method.

How do I install this tool?

cansina cloning

Cansina can be installed by copying the setup from github repository. we do however also need to install the dependencies to ensure the tool works properly. The tool and dependencies can be installed using the following commands:

pip install --user requests[security]
git clone --depth=1 https://github.com/deibit/cansina

Content Discovery Using Cansina

cansina scan

Cansina provides different options (commands) to discover the content on the target website. We can use the following command to discover content on the target web application.

python cansina.py –u <target website> -R

cansina scanned codes

The aforementioned command scans for hidden content. The tool looks for robots.txt file on the target webserver to use it as a payload. The output (discovered content) is displayed in a tabular format. By default, server response codes and file sizes are recorded for the discovered content.

we can skip the server response codes if required. Additionally, we can use a custom payload to discover content on the target website using the following command:

cansina.py -u <target_url> -p <payload_filename> -b 400,500

different server response codes identified

The above command uses a custom payload and skips the 400,500 http server responses.

We can narrow down the discovery process to direct the tool to look for specific content using the following command.

cansina.py -u <target_url> -p <payload_filename> -c <look_for_this_content>

Similarly, we can skip specific file sizes (say for example 500) to filter the content using the following command. We can also provide a list of sizes to skip them in the search result.

cansina.py -u <target_url> -s 500 -p <payload_filename>

Cansina Features

– Cansina supports multithreading and multi-extension search process.

– The tool offers multiple options to filter the content discovery.

– SSL and proxy support is available for the tool.

–  Cansina stores the output in sqlite database for easy data management.

What Bunny rating does it get?

Cansina is a fantastic, easy to use tool that helps discover web based content that could be leveraged within a pen test for later exploitation . As a result we have decided to give this tool an awesome rating of 3.5 out of 5 bunnies.

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

The following two tabs change content below.

Adil Adeel

I am a cyber-security enthusiast with the focus on network security, cloud security, data-driven security, and advanced cryptography. Contact me at [email protected]

Adil Adeel

I am a cyber-security enthusiast with the focus on network security, cloud security, data-driven security, and advanced cryptography. Contact me at [email protected]

Leave a Reply

Do NOT follow this link or you will be banned from the site!