Description
Katana is a next-generation crawling and spidering framework by ProjectDiscovery. It supports both standard and headless crawling, JavaScript parsing, and multiple output formats. Designed for speed and efficiency in bug bounty reconnaissance.
Installation
BASH
go install github.com/projectdiscovery/katana/cmd/katana@latestBasic Usage
BASH
# Basic crawling
katana -u https://target.com
# Depth control
katana -u https://target.com -d 5
# Save output
katana -u https://target.com -o urls.txtAdvanced Usage
BASH
# JavaScript parsing
katana -u https://target.com -jc
# Headless mode (renders JS)
katana -u https://target.com -hl
# Include subdomains in scope
katana -u https://target.com -fs fqdn
# Filter extensions
katana -u https://target.com -ef css,woff,svg,png,jpg
# Custom headers
katana -u https://target.com -H "Cookie: session=abc123"
# Multiple targets
katana -list targets.txt -o all-urls.txt
# Automatic form filling
katana -u https://target.com -affCommon Workflows
BASH
# Crawl and find JS files
katana -u https://target.com -jc | grep "\.js$" | httpx -silent
# Crawl and discover endpoints for fuzzing
katana -u https://target.com -d 3 -jc | grep -E "\?" > parameterized-urls.txt