Katana is an open-source web application security scanner that automates the process of identifying vulnerabilities in web applications. It was created by Project Discovery, a security company that specializes in vulnerability assessment and penetration testing.

The tool is designed to be fast, efficient, and easy to use, making it a popular choice among security professionals and developers alike. It is written in Go, a programming language known for its performance and concurrency, which makes Katana a powerful and efficient tool for scanning large web applications.

Features of Katana

Katana offers a range of features that make it an effective web application security scanner. Some of its key features include:

  1. Dynamic scanning: Katana can dynamically crawl web applications to identify vulnerabilities such as SQL injection, cross-site scripting (XSS), and other web application vulnerabilities.
  2. Automated testing: The tool can automate the testing process, allowing security professionals to quickly identify vulnerabilities and prioritize their remediation.
  3. Easy to use: Katana has a user-friendly interface that makes it easy to set up and use. Users can easily configure the scanner to meet their specific requirements.
  4. Extensibility: The tool is extensible, allowing users to create custom plugins to add new functionality or integrate with other tools.
  5. API support: Katana has a REST API that enables users to integrate it with other security tools or automate tasks.

Users can configure the scanner to crawl a specific URL or a list of URLs, set the scan depth, and specify which vulnerabilities to test for. Once the scan is complete, Katana will generate a report detailing any vulnerabilities found.

Here’s a cheat sheet for Katana that summarizes some of the key commands and options:

Starting a scan with default options:

katana scan -u target.com

This command starts a new scan with the default options and sets the target URL to “target.com”.

Setting the scan depth:

katana scan -u target.com --depth 3

This command sets the maximum depth of the crawler to 3.

Specifying the scan scope:

katana scan -u target.com -s crawl

This command sets the scan scope to “crawl”, which means that only the pages linked to from the target URL will be scanned.

Configuring the output format:

katana scan -u target.com -o json

This command sets the output format for the scan report to JSON.

Configuring authentication:

katana scan -u target.com --auth username:password

This command sets the authentication credentials for the scan.

Configuring proxy settings:

katana scan -u target.com --proxy http://proxyserver:8080

This command sets the proxy server to use for the scan.

Configuring the user agent:

katana scan -u target.com --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"

This command sets the user agent string to use for the scan.

Specifying custom headers:

katana scan -u target.com --header "X-Requested-With: XMLHttpRequest" --header "Accept-Language: en-US,en;q=0.9"

This command sets two custom HTTP headers to include in the scan requests.

Running a scan with specific plugins:

katana scan -u target.com -p xss,sql

This command runs a scan with the “xss” and “sql” plugins only.

Getting help:

katana --help

This command displays the help menu with all available options and commands.

Note: This cheat sheet is not comprehensive and only includes some of the most commonly used commands and options. Please refer to the official documentation for a complete list of commands and options.


Katana is a powerful web application security scanner that can help security professionals identify vulnerabilities in web applications quickly and efficiently. Its range of features, ease of use, and extensibility make it a popular choice among security professionals and developers alike.

However, it is important to note that no tool can replace human expertise in vulnerability assessment and penetration testing. Katana should be used as part of a broader security program that includes manual testing and ongoing vulnerability management.

For more information, visit this github | Article source.