Revealing my Private tool for Instant Bounties[Find Sensitive Info]

What is this all about?

Ravaan
3 min readApr 6, 2023

Red Teaming, WAPT, VAPT or call it any jargon you want. They have standard tools. I spend the majority of my day playing with burpsuite and writing custom plugins and tools. This is part of my toolset. These tools are made for a very specific purpose and here, I will try to explain them. Using this, you can earn Bounties, Make your current job easier or simply just try it out.

What is KakHunt?

KakHunt is a simple tool written in Python, though I mostly code in Java for burpsuite plugins. This tool uses waybackurls as an engine and gets a bunch of URLs on the specified target. It then greps sensitive files based on the filter. The logic being simple, and yet powerful. If you have read my previous content, then you already know that I write mostly with finding sensitive info. This thus is a goldmine!

Why does this exist?

If you’re into WAPT or you collect files and analyze them, you know the 20–50 commands you have to type in order to even format things properly, well this I have faced myself and I have created this.
Though I initially kept this private for my team’s internal Use, I later made some changes and made it public so enjoy!

Why the Naming?[MYTH]

Well, the naming is inspired by Kakabhushundi. He was a learned brahman who devoted himself to a deity and would ignore everything else. Since Brahmans should be versed in all subjects and not just one, people tried to make him understand but it was to no avail. In myths, he got a curse to turn into a crow. It is believed that he could travel through space and time and thus he saw the epic of Ramayan 11 times and Mahabharat 16 times and each time he saw something different.

My inspiration came from the last line as when we analyze code or even a parameter, just revisiting it can make it do something else. POLYMORPHISM, research it:)

How to install it?

Simply go to https://github.com/Ravaan21/KakHunt.git and you will get all the steps but here’s the same thing.

  • go install github.com/tomnomnom/waybackurls@latest
  • pip install tkinter
  • python3 KakHunt.py

How to use?

  • python3 KakHunt.py.
  • Simply put the URL of the target.
  • Run and Filter.
  • Export.
IT'S PRETTY POWERFUL

What can you expect?

Once you filter through the juicy list of files given, you can try to download them or perhaps you want to analyze a .js file. If you’re in WAPT, you know the power this tool is giving you, 2 clicks and you have sensitive information served right to you.

Conclusion

If you get bounties, throw me a DM. I like to hear stories, also I am highly inactive online in general, I have decided to make a Discord so if you want to connect or in general want ideas and help, do join. In the end, keep hacking, clapping more than once gives 2X bounties.

DISCORD:

Signing off- Ravaan!

--

--

Ravaan

Red Teamer/BBHH. APPLE HOF ADOBE HOF, Governments to fortune 500 companies, UN. Reaseacher/Malware. CVE Hunting. Bookworm. CEH(prac)