Support for filtering by query parameter count and path depth #1353
Description
I'd like to propose an enhancement related to URL filtering based on query parameter count or path segment depth.
While this can currently be partially handled using -fr (filter-regex), a more robust and user-friendly solution would greatly improve usability and clarity.
🔍 Motivation
Currently, if I want to extract URLs with 3 or more query parameters or path depth ≥ 4, I can do:
# Query params >= 3
katana -u https://target.com -fr "\?.*(&.*){2,}"
# Path depth >= 4 (e.g., /a/b/c/d)
katana -u https://target.com -fr "https?://[^ ]*/([^/]+/){3,}"However, this approach has limitations:
🧩 RegEx becomes unintuitive and error-prone, especially with complex paths or encoded URLs.
🧠 Users must deeply understand URL structure + regex to express simple logic.
🐍 Cannot be used effectively in DSL conditions (-fdc, -mdc) since those work on responses, not on the request URL structure itself.
💡 Proposal
Introduce the following optional CLI flags:
- cpd -> Count Path Depth
- cqd -> Count Query Depth
# Query params >=3
katana -u https://target.com -cqp ">=3"
# Path depth == 4
katana -u https://target.com -cpd "==4"
# Path depth 2~5
katana -u https://target.com -cpd ">=2" -cpd "<=5"
# Query params <= 2 AND path depth >= 3
katana -u https://target.com -cqp "<=2" -cpd ">=3"🙏 Final Thoughts
This would be a small but powerful addition to Katana’s filtering capabilities — one that many users in the bug bounty, recon, and appsec automation communities would benefit from.
- If there is demand for the function, it can be developed directly.
- If there is anyone who wants to develop, please let me know.