Web Enumeration

Web Enumeration

Menu key: 3 · File: lib/modules/web.sh · Entry point: kraken_web_run

Probes an HTTP(S) endpoint for headers, interesting paths, technology fingerprints and robots.txt. Requires curl.

Input handling

The module accepts a URL. If you omit the scheme it assumes http://. The host portion is then validated with kraken_valid_target, so a malformed host is rejected before any request is made. The slugified host becomes the output directory name.

What it does

Step	Output file	Notes
Connectivity	(console)	reports the HTTP status of the root URL
Headers	headers.txt	curl -I, first 10 lines echoed
Directories	directories.txt	parallel probe of common paths
Technologies	technologies.txt	CMS hints + Server / X-Powered-By
robots.txt	robots.txt	saved if present and non-empty

Parallel directory enumeration

The candidate path list is:

admin administrator login dashboard panel backup backups
config api test dev phpinfo.php info.php .git .env

Each path is probed with curl returning only the HTTP status code. Probes run as bounded background jobs rather than one blocking request at a time, so a slow or dead host no longer serialises a dozen timeouts. Concurrency defaults to 8 and is configurable:

KRAKEN_WEB_JOBS=16 ./kraken.sh

Results are collected, sorted for deterministic output, then rendered and written. Interesting codes are tagged:

• 200 → FOUND: (path exists)
• 403 → FORBIDDEN: (exists but access denied)
• 401 → AUTH: (authentication required)

See Configuration for KRAKEN_WEB_JOBS.

Technology detection

A lightweight heuristic: the root page is fetched once and grepped for WordPress / Drupal / Joomla markers, and the Server and X-Powered-By response headers are recorded. This is a hint, not a replacement for a dedicated fingerprinter such as WhatWeb or Wappalyzer.

Output location

kraken_output/<session>/web_<host>/
  headers.txt
  directories.txt
  technologies.txt
  robots.txt

These feed the Web enumeration section of the report. See Reporting.