一键导入
strix-katana
Strix Katana 爬虫命令手册,覆盖深度、JS 抓取与稳定并发控制;触发名:strix-katana
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Strix Katana 爬虫命令手册,覆盖深度、JS 抓取与稳定并发控制;触发名:strix-katana
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | Strix•Katana 用法 |
| description | Strix Katana 爬虫命令手册,覆盖深度、JS 抓取与稳定并发控制;触发名:strix-katana |
Official docs:
Canonical syntax:
katana [flags]
High-signal flags:
-u, -list <url|file> target URL(s)-d, -depth <n> crawl depth-jc, -js-crawl parse JavaScript-discovered endpoints-jsl, -jsluice deeper JS parsing (memory intensive)-kf, -known-files <all|robotstxt|sitemapxml> known-file crawling mode-proxy <http|socks5 proxy> explicit proxy setting-c, -concurrency <n> concurrent fetchers-p, -parallelism <n> concurrent input targets-rl, -rate-limit <n> request rate limit-timeout <seconds> request timeout-retry <n> retry count-ef, -extension-filter <list> extension exclusions-tlsi, -tls-impersonate experimental JA3/TLS impersonation-hl, -headless enable hybrid headless crawling-sc, -system-chrome use local Chrome for headless mode-ho, -headless-options <csv> extra Chrome options (for example proxy-server)-nos, -no-sandbox run Chrome headless with no-sandbox-noi, -no-incognito disable incognito in headless mode-cdd, -chrome-data-dir <dir> persist browser profile/session-xhr, -xhr-extraction include XHR endpoints in JSONL output-silent, -j, -jsonl, -o <file> output controlsAgent-safe baseline for automation:
mkdir -p crawl && katana -u https://target.tld -d 3 -jc -kf robotstxt -c 10 -p 10 -rl 50 -timeout 10 -retry 1 -ef png,jpg,jpeg,gif,svg,css,woff,woff2,ttf,eot,map -silent -j -o crawl/katana.jsonl
Common patterns:
katana -u https://target.tld -d 3 -jc -silentkatana -u https://target.tld -d 5 -jc -jsl -kf all -c 10 -p 10 -rl 50 -o katana_urls.txtkatana -list urls.txt -d 3 -jc -silent -j -o katana.jsonlkatana -u https://target.tld -hl -sc -nos -xhr -j -o crawl/katana_headless.jsonlkatana -u https://target.tld -hl -sc -ho proxy-server=http://127.0.0.1:48080 -j -o crawl/katana_proxy.jsonlCritical correctness rules:
-kf must be followed by one of all, robotstxt, or sitemapxml.-hl for headless mode.-proxy expects a single proxy URL string (for example http://127.0.0.1:8080).-ho expects comma-separated Chrome options (example: -ho --disable-gpu,proxy-server=http://127.0.0.1:8080).-kf, keep depth at least -d 3 so known files are fully covered.-o.Usage rules:
-d, -c, -p, and -rl explicit for reproducible runs.-ef early to reduce static-file noise before fuzzing.-proxy over environment proxy variables when proxying only Katana traffic.-hc only for one-time diagnostics, not routine crawling loops.-h/--help for routine runs unless absolutely necessary.Failure recovery:
-d and optionally add -ct.-jsl and lower -c/-p.-sc or install system Chrome.-ef filters.If uncertain, query web_search with:
site:docs.projectdiscovery.io katana <flag> usage
面向中文用户和新手的统一入口,保持原有两种模式:1) 自动分流,2) 先头脑风暴再分流。分流目标既可以是 ctf-*,也可以在 Web/接口/漏洞验证阶段增强到 strix-*;适合不知道该用哪个 skill、想先理清题意、又不想自己先判断何时该切到工具链或漏洞专项的场景;触发名:ctf-beginner-hub
面向 CTF 新手与综合题的统一总控 skill。保持原有两种主模式:1) 自动分流,2) 先头脑风暴再分流。分流目标既可以是 ctf-*,也可以在 Web/接口/漏洞验证阶段增强到 strix-*;适合不知道该用哪个 skill、想边做边学、又不想自己先判断何时切换到工具链或漏洞专项的场景;触发名:ctf-super-hub
Strix JWT 与 OIDC 安全测试手册,覆盖令牌伪造、算法混淆与声明篡改;触发名:strix-authentication-jwt
给中文用户和新手用的 Strix Lite 统一入口:先判断该用哪一个 strix-* 工具或漏洞测试 skill,再给最小化起手步骤;适合在 Web 安全测试、工具链使用、漏洞验证时不知道先用哪个 Strix skill 的场景;触发名:strix-beginner-hub
Strix 功能级授权缺陷测试手册,覆盖操作级权限失效、管理功能越权与 API 操作绕过;触发名:strix-broken-function-level-authorization
Strix 业务逻辑漏洞测试手册,覆盖流程绕过、状态操控与领域约束破坏;触发名:strix-business-logic