Katana
Next-gen web crawling and spidering tool by ProjectDiscovery
Recon & OSINT12 commands
#crawler#spider#recon#discovery#projectdiscovery
Installation
1Install using Go
2Download from GitHub
3Verify installation
# Using Go
go install github.com/projectdiscovery/katana/cmd/katana@latest
# Verify
katana --version
# Update
go install github.com/projectdiscovery/katana/cmd/katana@latestBasic Usage
Crawl websites to discover endpoints, URLs, and JavaScript files
# Basic crawl
katana -u https://example.com
# With depth control
katana -u https://example.com -d 3
# Passive mode (no active crawling)
katana -u https://example.com -p
# Output all URLs including subdomains
katana -u https://example.com -subs
# Extract JavaScript files
katana -u https://example.com -jc
# Save to file
katana -u https://example.com -o urls.txtCommand Reference
12 commands
1Target URL
-u2Crawl depth
-d3Passive mode (no active requests)
-p4Include subdomains
-subs5Extract JavaScript files
-jc6Keep URL fragments
-kf7Maximum URLs to crawl
-m8Output file
-o9HTTP proxy
-proxy10Custom headers
-H11Request timeout
-timeout12Number of concurrent requests
-concurrencyWhen to Use
1
Comprehensive web crawling for asset discovery2
Finding hidden endpoints and JavaScript files3
Passive recon without triggering alerts4
Mapping application attack surface5
Building custom wordlists from live endpointsNotes & Tips
1
Built by ProjectDiscovery — actively maintained2
Supports both active crawling and passive parsing3
Can be combined with httpx for status filtering4
Much faster than traditional crawlers like Burp SpiderCommon Errors & Solutions
Too many URLs
Limit crawl with -m flag or reduce depth with -d
Missing JavaScript URLs
Use -jc flag to specifically extract JS files