So you’ve chosen Kiterunner as your preferred tool for fuzzing APIs ? Good for you (I’ll go into more detail about Kiterunner in a later post – stay tuned).
But if you are using a virtual machine to host the linux system you use for your hacking (which I very much recommend) and installed Kiterunner on this VM, you may have issues using the routes-large.kite
wordlist, that freezes the tool’s interface and leaves you stuck in limbo.
What’s wrong with routes-large.kite?
As a reminder, Kiterunner’s scan
command uses specific wordlists in the .kite
format. Two wordlists in this format, in particular, can be downloaded from the Assetnote web site :
routes-small.kite
and routes-large.kite
The routes-small.kite
list works fine out of the box. But the routes-large.kite
list seems to have a known issue that causes an unusually high memory consumption with Kiterunner.
When running a scan with this wordlist from a system with limited memory, the tool will display the Kiterunner logo and hang as shown on the screenshot below. Your only way out will be two successive Ctrl-C.
How do you fix it?
This happened to me on a Kali system hosted on a VirtualBox VM to which I had assigned 4 GB of RAM (not very generous of me I confess, but I have a lot of VMs running side by side).
Increasing the assigned RAM to 8 GB and restarting the VM solved the problem. Now, a scan with routes-large.kite
will display the Kiterunner logo, then pause for 8 to 12 seconds, then run normally as seen below.
Having said all this, by the time you read this post things may have evolved positively, so you may want to check the issue report for an update.