Skip to content
David García edited this page Sep 15, 2017 · 11 revisions

Help by categories

Options for add user/pass, cookie authentication, etc -> Authentication

Options for modifying request at HTTP level, like proxy, persistent connection, threads, personalized User-Agent, etc -> Requests

Options for processing payloads, like path recursion, adding an extension, inspect for a particular interesting content, etc -> Payload

Options for filtering responses, like skipping 403 code, nasty false 200 codes, list of sizes not interesting, etc -> Filtering

Options for modifying console output, like show content type or full path -> Output

Simple usage

There are two mandatory parameters: '-u' with the target URL and '-p' with the desired payload.

$ cansina.py -u <target> -p <payload>

It will start cansina with 4 threads and will ban 404 code responses from GET requests.

This is a very basic shoot. A previous careful manual inspection is recommended in order to fine tuning arguments and reduce false positives.

You can also used the standard out using '-' in case you want to preprocess the payloads, for example sorting them or cat a couple of files:

$ cat <payload.txt> | sort | cansina.py -u <target> -p -

The Viewer

All your results will be stored in dir 'output' inside a sqlite file.

You have a convenient tool 'util/viewer.py' to browse/filter/output the content.

Resume session

Resume last interrupted session with all options and payload with former linenumber.

$ cansina.py -r <resume_file>

Clone this wiki locally