Never Ending Security

It starts all here

Kunai – A Tool For Pwning And Info Gathering via User Browser

Kunai 0.2

Sometimes there is a need to obtain ip address of specific person or perform client-side attacks via user browser. This is what you need in such situations.

Kunai is a simple script which collects many informations about a visitor and saves output to file; furthermore, you may try to perform attacks on user browser, using beef or metasploit.

In order to grab as many informations as possible, script detects whenever javascript is enabled to obtain more details about a visitor. For example, you can include this script in iframe, or perform redirects, to avoid detection of suspicious activities. Script can notify you via email about user that visit your script. Whenever someone will visit your hook (kunai), output fille will be updated.


  • Stores informations about users in elegant output
  • Website spoofing
  • Redirects
  • BeEF & Metasploit compatibility
  • Email notification
  • Diffrent reaction for javascript disabled browser
  • One file composition

Example configs

  • Website spoofing (more stable & better for autopwn & beef):
  • Redirect (better for quick ip catching): -> evilhost/x.php ->
  • Cross Site Scripting (inclusion)


More information can be found on:

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s