Hacking Tools

Cansina – Open Source Hidden Content Discovery Tool

Reconnaissance is one of the first steps to conduct within a pen test engagement. During this stage, information is gathered using different tools and sources. Some web applications may hide web resources from public, there is however a way to discover the hidden content. Cansina is one such open source tool that helps aid in discovering hidden content using a request and response method.

How do I install this tool?

Cansina can be installed by copying the setup from github repository. we do however also need to install the dependencies to ensure the tool works properly. The tool and dependencies can be installed using the following commands:

pip install --user requests[security]
git clone --depth=1 https://github.com/deibit/cansina

Content Discovery Using Cansina

Cansina provides different options (commands) to discover the content on the target website. We can use the following command to discover content on the target web application.

python cansina.py –u <target website> -R

The aforementioned command scans for hidden content. The tool looks for robots.txt file on the target webserver to use it as a payload. The output (discovered content) is displayed in a tabular format. By default, server response codes and file sizes are recorded for the discovered content.

we can skip the server response codes if required. Additionally, we can use a custom payload to discover content on the target website using the following command:

cansina.py -u <target_url> -p <payload_filename> -b 400,500

The above command uses a custom payload and skips the 400,500 http server responses.

We can narrow down the discovery process to direct the tool to look for specific content using the following command.

cansina.py -u <target_url> -p <payload_filename> -c <look_for_this_content>

Similarly, we can skip specific file sizes (say for example 500) to filter the content using the following command. We can also provide a list of sizes to skip them in the search result.

cansina.py -u <target_url> -s 500 -p <payload_filename>

Cansina Features

– Cansina supports multithreading and multi-extension search process.

– The tool offers multiple options to filter the content discovery.

– SSL and proxy support is available for the tool.

–  Cansina stores the output in sqlite database for easy data management.

To Top

Pin It on Pinterest

Share This