explaingit

projectdiscovery/katana

Analysis updated 2026-06-24

16,687GoAudience · ops devopsComplexity · 3/5Setup · easy

TLDR

A fast web crawler in Go for security research and automation, with a headless browser mode that handles JavaScript-heavy sites.

Mindmap

mindmap
  root((katana))
    Inputs
      Target URL
      Crawl depth
      Filters
    Outputs
      Discovered URLs
      JSON results
      Endpoint list
    Use Cases
      Map a site for bug bounty
      Feed URLs to scanners
      Discover hidden endpoints
    Tech Stack
      Go
      Headless browser
    Modes
      Standard crawl
      Headless crawl
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Map every URL of a target site for a bug bounty engagement

USE CASE 2

Pipe discovered endpoints into nuclei or other security scanners

USE CASE 3

Crawl a single-page app that needs JavaScript execution to reveal links

USE CASE 4

Automate recurring endpoint discovery as part of a security pipeline

What is it built with?

GoDocker

How does it compare?

projectdiscovery/katanaargoproj/argo-workflowshyperledger/fabric
Stars16,68716,67516,641
LanguageGoGoGo
Setup difficultyeasyhardhard
Complexity3/54/55/5
Audienceops devopsops devopsdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Headless mode needs a working Chrome or Chromium install.

In plain English

Katana is a fast web crawler and spidering tool built for security researchers and automation pipelines. A web crawler is a program that automatically visits web pages and follows links to map out a website, much like how search engines index the internet. Katana goes further than basic crawlers by also handling JavaScript-heavy websites, which many older tools miss because they only look at the initial HTML without running the scripts that build the actual content. With nearly 17,000 stars on GitHub, it is a popular tool in the security and bug-bounty community. It offers two modes: standard mode for quick crawling of regular websites, and headless mode that launches a real browser under the hood to handle sites that rely heavily on JavaScript. You can control how deep it crawls, set time limits, filter which parts of a site to include or exclude, and have it automatically fill out forms to discover more of a site. Output can go to the terminal, a file, or JSON format for easy piping into other tools. It also supports proxies, custom HTTP headers, and resuming interrupted scans. Installation is via the Go package manager or Docker. It is primarily a command-line tool aimed at developers and security professionals who need to systematically map out a website or web application.

Copy-paste prompts

Prompt 1
Install katana with go install and run a depth-3 crawl against example.com that writes JSON to a file
Prompt 2
Run katana in headless mode to crawl a React single-page app and dump every URL it finds
Prompt 3
Pipe katana output into nuclei to scan the discovered endpoints for vulnerabilities
Prompt 4
Help me write a katana config that excludes logout links and stays inside one subdomain
Prompt 5
Show me how to run katana behind a Burp proxy with a custom Authorization header

Frequently asked questions

What is katana?

A fast web crawler in Go for security research and automation, with a headless browser mode that handles JavaScript-heavy sites.

What language is katana written in?

Mainly Go. The stack also includes Go, Docker.

How hard is katana to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is katana for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub projectdiscovery on gitmyhub

Verify against the repo before relying on details.