一键导入
katana
Use katana for deep web crawling with full parameter discovery. Produces URLs with query strings, form targets, and JS endpoints that spray crawl strips.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Use katana for deep web crawling with full parameter discovery. Produces URLs with query strings, form targets, and JS endpoints that spray crawl strips.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | katana |
| description | Use katana for deep web crawling with full parameter discovery. Produces URLs with query strings, form targets, and JS endpoints that spray crawl strips. |
| internal | true |
Katana is a web crawler from ProjectDiscovery that preserves full URLs including query parameters, form actions, and JavaScript-discovered endpoints. Use it when you need to enumerate the attack surface of a web application beyond path discovery.
scan or spray discovers web targets — katana fills in the parameter layer that spray crawl strips-jc flag)Spray crawl discovers paths and fingerprints. Katana discovers parameterized URLs. They complement each other:
spray --crawl → paths, fingerprints, tech stack → feeds into neutron POCkatana → full URLs with ?key=value, form targets, API endpoints → feeds into manual fuzzingDo not feed every discovered URL back to the model one by one. Save or consume katana output as a batch, group by host/path/parameter shape, then select high-value candidates for authorization, unauthenticated access, upload, GraphQL, or injection validation.
katana -u https://target.com -d 3 -jc
katana -u https://target.com -d 2 -jsonl
katana -u https://target.com -f qurl
katana -u https://target.com -d 3 -jc -jsonl
katana -list urls.txt -d 2 -jc -timeout 60
-f qurl — only output URLs that contain query parameters-f kv — output key=value pairs extracted from URLs-f path — output only paths-em php,asp,jsp — match specific extensions-ef css,js,png,jpg,gif,svg,woff — filter out static assetsDefault output is one URL per line. Use -jsonl for structured JSON with request/response details. Agent should pick the format that fits the task — plain URLs for quick review, JSON for parameter extraction.
Use this skill when the agent needs to understand aiscan mechanisms, available capabilities, scanner pseudo-commands, and tool invocation rules.
Use this skill when working with proton for sensitive information scanning — detecting API keys, tokens, credentials, and secrets in files or piped data.
Use this skill to learn how to use the playwright pseudo-command for headless browsing, screenshots, network capture, and interactive vulnerability verification. Aligned with microsoft/playwright-cli conventions.
Use this skill when working with scan for the multi-stage aiscan pipeline across discovery, web probing, weak credentials, POC checks, and verification.
Use this skill when working with neutron for template-based POC execution, template filtering, and POC result analysis.
Use this skill when working with gogo for host, port, service, banner, fingerprint, or vulnerability-hint discovery.