"At the opportune moment (Kairos), clarity emerges from complexity. We bring that moment to web reconnaissance."
KAIROS (Karim Artificial Intelligence Reconnaissance Operating System) is not just another scanner; it's a sophisticated, Python-architected reconnaissance framework. It's designed to be the discerning eye for cybersecurity virtuosos, ethical hackers, and digital cartographers. Infused with the analytical acumen of K.A.I. (Karim Artificial Intelligence), KAIROS meticulously dissects web presences, unearthing critical intelligence and illuminating potential vulnerabilities with unparalleled precision.
Lead Alchemist & Visionary: Karim Karam (@kareemsoftware)
Project Citadel: github.com/kareemsoftware/KAIROS
In the intricate dance of digital offense and defense, profound understanding is the ultimate advantage. KAIROS is built upon this doctrine. We believe that intelligent, ethically-grounded reconnaissance is the vanguard of a resilient cybersecurity posture. Our aim is to furnish a tool that transcends mere automation, offering contextualized insights that empower strategic decision-making and foster a proactive security culture.
- Explicit Consent is Non-Negotiable: ANY engagement with a target system using KAIROS MUST be preceded by explicit, documented, and verifiable permission from the system's legitimate owners.
- No Malice, No Harm: Unauthorized scanning, intrusive testing, data exfiltration, or any activity that could disrupt or damage systems is strictly prohibited and antithetical to the spirit of KAIROS.
- Legal Adherence: Users are solely responsible for complying with all applicable local, national, and international laws regarding cybersecurity and data privacy.
KAIROS integrates a symphony of modules, each meticulously tuned for comprehensive reconnaissance:
🧠 K.A.I. Configuration Core (`config_kairos.json`) - Click to Expand
The sentient heart of KAIROS. A dynamic JSON-based control center allowing for granular customization of:
- Scanner behavior (timeouts, concurrency, user-agent).
- Module activation & parameters (enable/disable Nmap scan, WHOIS, Wayback, etc.).
- Custom wordlist paths (subdomains, fuzzing).
- Detection patterns (sensitive files, malware signatures, API keys, interesting JS patterns).
- CMS-specific configurations.
🌐 Subdomain Constellation Mapper - Click to Expand
Charting the hidden archipelagos of the target's domain:
- Certificate Transparency Log Mining: Leverages `crt.sh` for exhaustive discovery of SSL/TLS certificate-linked subdomains.
- Intelligent Bruteforce Engine: Employs customizable, file-based wordlists with adaptive techniques and basic Wildcard DNS detection.
- Verification of Discovered Subdomains: Attempts to connect to discovered subdomains via HTTP/HTTPS to confirm their activity.
⏳ Chronos Archive Retriever (Wayback Machine Integration) - Click to Expand
Peering into the digital past:
- Interfaces with the Wayback Machine's CDX API to unearth historical URLs, forgotten content, snapshots of previous site structures, and potentially exposed, since-removed sensitive files.
- Identifies shifts in technology stacks or content over time.
- Utilizes heuristics to identify potentially sensitive files in archives.
🛰️ API Vector Analyzer & GraphQL Probe - Click to Expand
Mapping the arteries of data exchange:
- Heuristically identifies common API endpoints (RESTful patterns, `/api/vX`, etc.).
- Discovers Swagger/OpenAPI specification files (`swagger.json`, `openapi.json`, `*api-docs*`) and performs basic parsing of defined paths.
- Probes for active GraphQL interfaces and attempts basic introspection where permissible.
🔬 JSpector™ (JavaScript Deep Analysis Engine) - Click to Expand
A meticulous static analysis engine for client-side JavaScript (dynamic analysis is a future feature):
- Secret Seeker: Hunts for embedded API keys, tokens, credentials, and sensitive hardcoded strings.
- Endpoint Extractor: Identifies AJAX calls, WebSocket URLs, and other communication channels.
- Malware Signature Detection: Scans for patterns indicative of cryptojackers, ad injectors, and other malicious scripts.
- Interesting Pattern Discovery: Identifies internal IP addresses, cloud storage URLs (S3, GCS, Azure Blob), and developer comments (TODO/FIXME).
📊 OmniReport™ Suite (HTML, JSON, TXT) - Click to Expand
Intelligence delivered with clarity and utility:
- Interactive HTML5 Dashboard: A rich, dynamic report with collapsible sections, a table of contents, embedded links, severity color-coding, and a clean, professional aesthetic.
- Structured JSON Data Stream: Machine-interpretable output, ideal for SIEM integration, data warehousing, or custom scripting. All findings, meticulously organized.
- Concise TXT Executive Brief: A human-readable summary highlighting critical findings and actionable intelligence for quick dissemination.
And many more core modules, including:
- 🛡️ DNS Intelligence & Security Audit: (MX, TXT, SOA, SPF, DMARC, DNSKEY analysis, and DNSSEC status).
- 📢 AdIntel Verifier: (
ads.txt/app-ads.txtparsing). - 🔑 Sentinel Matrix: (Exposure of
.env,web.config, backups, logs,.gitartifacts,.svn, etc.). - 🕵️ Error Page Forensics & Tech Fingerprinting: (Complements Wappalyzer, identifies servers and frameworks through error signatures).
- 🔗 CVE Intelligence Linker: (Generates direct search links for Vulners, MITRE, NVD for discovered software and versions).
- 🏛️ Resilient Asynchronous Architecture: (
asynciofor speed and efficiency, advanced error handling). - 🔐 SSL/TLS Configuration Deep Scan: (Certs, ciphers, protocols, weaknesses, expiration dates).
- 🚪 Nmap Integration (Optional): (Port, service, and OS detection - Nmap installation required).
- 📜 WHOIS Protocol Interrogation (Optional): (Domain registration intelligence - Correct
python-whoislibrary required). - 🛡️ Security.txt Protocol Adherence Check: (Basic RFC 9116 validation).
- 🗺️ Advanced Sitemap Processing: (Recursive processing of sitemap index files, support for XML, TXT, GZ).
- 💣 Experimental Path Fuzzing Module: (Basic path fuzzing with configurable wordlist and optional common extension appending).
- 🕵️♂️ CMS-Specific Detection: (Identifies common CMS like WordPress, Joomla, Drupal, and performs specific checks, including version detection attempts).
Embark on your reconnaissance journey with KAIROS in a few simple steps:
-
Forge Your Environment (Recommended):
python3 -m venv kairos_env source kairos_env/bin/activate # On Linux/macOS # kairos_env\Scripts\activate # On Windows
-
Clone the KAIROS Citadel:
git clone https://github.com/kareemsoftware/KAIROS.git cd KAIROS -
Install the Arcane Dependencies: A
requirements.txtfile should be present in the repository.pip install -r requirements.txt
Key Dependencies:
aiohttp,beautifulsoup4,dnspython,requests,python-nmap(optional),python-whois(optional),Wappalyzer,GitPython(optional),tqdm. -
Summon External Oracles (Optional Power-Ups):
- Nmap: For potent port scanning. Download from nmap.org and ensure it's in your system's PATH.
- Python-whois: For WHOIS queries. Ensure the correct library is installed (
pip install python-whois). - GitPython: For advanced analysis of exposed Git repositories (
pip install GitPython).
-
Attune the K.A.I. Configuration Scroll (
config_kairos.json):- On its inaugural run, KAIROS will create
config_kairos.jsonwith default settings if it's not found. - Unveil this scroll to tailor: wordlist paths (
common_subdomains_file,fuzzing_wordlist_file), timeouts, module directives, and custom detection patterns. Default configurations will be loaded if the file is not found.
- On its inaugural run, KAIROS will create
Unleash KAIROS from your command nexus:
python KAIROS.py