/ XNL -н4cĸ3r

GitHub - xnl-h4ck3r/xnldorker: Gather results of dorks across a number of search engines Gather results of dorks across a number of search engines - xnl-h4ck3r/xnldorker

v2.3 of xnldorker is available:

✅ You can show sources with tabs in same browser, of separate browser windows
✅ Add anti-bot measures
🩹 BUG FIXES: Lots! See CHANGELOG for more details
✅ Run "pip install --upgrade xnldorker" to update

github.com/xnl-h4ck3r/x...
#BugBounty
🤘

GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder

v7.3 of xnLinkFinder is available:

✅ Improved recognising input file of domains instead of content
🩹 BUG FIX: Fixed errors occurring when passing a file as input
🩹 See CHANGELOG for more other fixes

github.com/xnl-h4ck3r/x...
#BugBounty
🤘

GitHub - xnl-h4ck3r/XnlReveal: A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled e... A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. - xnl-h4ck3r/XnlReveal

v4.1 of Xnl Reveal browser extension is available:

✅ Add search/filter to DevTools tab
🩹 BUG FIX: White/Black list functionality wasn't working properly
✅ Added param reflection checking on SPAs
✅ See CHANGELOG for lots more

github.com/xnl-h4ck3r/X...
#BugBounty
🤘

GitHub - xnl-h4ck3r/XnlReveal: A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled e... A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. - xnl-h4ck3r/XnlReveal

v4.0 of XnlReveal is here:

✅ Add new DevTools tab for messages instead of writing to busy console
✅ Let you easily copy all msgs from tab
✅ Update "sus" params to include all Akamai WAF data from @ryancbarnett
✅ See CHANGELOG for more

github.com/xnl-h4ck3r/X...
#BugBounty
🤘

v2.2 of xnldorker is here:

✅ Rename -proxy arg to --forward-proxy
✅ Add arg --request-proxy: can be single proxy to make requests to sources, or a file of proxies - one chosen at random
🩹 BUG FIX: Fix Yandex issues
✅ See CHANGELOG

github.com/xnl-h4ck3r/x...
#BugBounty
🤘

GitHub - xnl-h4ck3r/xnldorker: Gather results of dorks across a number of search engines Gather results of dorks across a number of search engines - xnl-h4ck3r/xnldorker

v2.1 of xnldorker is available:

✅ Add new source Seznam (seznam .cz) - lots more links than most sources
✅ Update with "pip install --upgrade xnldorker"
⚠️ I've tried to fix Bing, but failed. Consider using this to exclude: -es bing

github.com/xnl-h4ck3r/x...
#BugBounty
🤘

GitHub - xnl-h4ck3r/xnldorker: Gather results of dorks across a number of search engines Gather results of dorks across a number of search engines - xnl-h4ck3r/xnldorker

v2.0 of xnldorker is available:

✅ Add new source: Ecosia search engine
✅ Add new source: Baidu search engine
✅ See CHANGELOG
✅ Update with "pip install --upgrade xnldorker"

github.com/xnl-h4ck3r/x...
#BugBounty
🤘

GitHub - xnl-h4ck3r/xnldorker: Gather results of dorks across a number of search engines Gather results of dorks across a number of search engines - xnl-h4ck3r/xnldorker

v1.7 of xnldorker is available:

✅ Use Firefox instead of Chrome. This fixed a DuckDuckGo issue blocking for bot detection
✅ Changed Google to return all results instead of 5 pages since a change they made
✅ See CHANGELOG for more

github.com/xnl-h4ck3r/x...
#BugBounty
🤘

GitHub - xnl-h4ck3r/xnldorker: Gather results of dorks across a number of search engines Gather results of dorks across a number of search engines - xnl-h4ck3r/xnldorker

v1.6 of xnldorker is available:

✅ Allow a file of dorks to be passed as input aswell as a single dork

github.com/xnl-h4ck3r/x...
#BugBounty
🤘

GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder

v7.1 of xnLinkFinder is available:

✅ Add arg -r / --retries: No. of times to retry a request after timeout, connection error, etc. Defaults to 0, max retries of 5 per request.
✅ See CHANGELOG for more

github.com/xnl-h4ck3r/x...
#BugBounty
🤘

GitHub - xnl-h4ck3r/urless: De-clutter a list of URLs De-clutter a list of URLs. Contribute to xnl-h4ck3r/urless development by creating an account on GitHub.

v2.4 of urless is available:

✅ Various optimizations to improve performance, e.g. Pre-compiled Regular Expressions, Optimized Extension Filtering and Memory-Efficient File Processing.
✅ Update with "pip install --upgrade urless"

github.com/xnl-h4ck3r/u...
#BugBounty
🤘

GitHub - xnl-h4ck3r/urless: De-clutter a list of URLs De-clutter a list of URLs. Contribute to xnl-h4ck3r/urless development by creating an account on GitHub.

v2.3 of urless is available:

🩹 BUG FIX: Fixes the issue where urless produces no output when run in Docker, CI, or cron jobs.
✅ Update with "pip install --upgrade urless"

github.com/xnl-h4ck3r/u...
#BugBounty
🤘

GitHub - xnl-h4ck3r/GAP-Burp-Extension: Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - xnl-h4ck3r/GAP-Burp-Extension

v6.0 of GAP Burp Ext is here!

✅ Allow setting prefix for origin domain only for links found without a domain
✅ Pop up editor to make adding prefix links easier
✅ Add minimum word length option
✅ See CHANGELOG for more

github.com/xnl-h4ck3r/G...
#BugBounty
🤘

GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder

v7.0 of xnLinkFinder is available:

✅ - Add arg -rl / --rate-limit: max no. of requests sent per second. Can be used when a target specifies a rate limit in their bug bounty scope.
✅ - See CHANGELOG for other minor changes.

github.com/xnl-h4ck3r/x...
#BugBounty
🤘

GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder

v6.17 of xnLinkFinder is available:

✅ - Get links that start with #/ - these are usually hash-based routing links in single-page apps
🩹 - BUG FIX: Change matching brackets logic for links to improve quality

github.com/xnl-h4ck3r/x...
#BugBounty
🤘

GitHub - xnl-h4ck3r/GAP-Burp-Extension: Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - xnl-h4ck3r/GAP-Burp-Extension

v5.10 of GAP Burp Extension is available:

✅ - Get links that start with #/ - these are usually hash-based routing links in single-page apps
🩹 - BUG FIX: Change matching brackets logic for links to improve quality

github.com/xnl-h4ck3r/G...
#BugBounty
🤘

YouTube video by / XNL -н4cĸ3r videos[2] = "waymore talk (March '24)"

Here's a talk I did for @Jhaddix discord channel back in March '24 about my waymore tool.
I tried to cover EVERYTHING, including useful post processing (that's why it's over 2 hours long 😬).
Hopefully it will be helpful.
🤘
www.youtube.com/watch?v=hMaY...

v5.9 of GAP Burp Extension is available:

✅ Modified the Sus Params data to include additional data gathered from Akamai WAF threat research team intel - thanks @ryancbarnett !

github.com/xnl-h4ck3r/G...
#BugBounty
🤘

GitHub - xnl-h4ck3r/GAP-Burp-Extension: Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - xnl-h4ck3r/GAP-Burp-Extension

v5.8 of GAP Burp Extension is available:

✅ Improve the quality of the parameter list
✅ Find extra links from fetch and JQuery-like methods

github.com/xnl-h4ck3r/G...
#BugBounty
🤘

v5.3 of knoxnl is available:

🩹 BUG FIX: Show an error message informing the user to go to knoxss.pro and (re)validate their API key if the API returns a response of "Invalid or expired API key."

github.com/xnl-h4ck3r/k... #BugBounty
🤘

v5.2 of knoxnl is available:

✅If input is a file of URLs, these will be shuffled before being processed to avoid hitting the target server sequentially so KNOXSS can fly under the radar better.

github.com/xnl-h4ck3r/k...
@KN0X55 #BugBounty
🤘

GitHub - xnl-h4ck3r/knoxnl: This is a python wrapper around the amazing KNOXSS API by Brute Logic This is a python wrapper around the amazing KNOXSS API by Brute Logic - xnl-h4ck3r/knoxnl

v5.0 of knoxnl is here:

✅ Less errors and more clarity of API responses
✅ Runtime logs will now be streamed as they happen
✅ Add arg --stall-timeout
✅ Lots of changes & improvements! See CHANGELOG for details
⏫ knoxnl -up

github.com/xnl-h4ck3r/k...
#BugBounty
🤘

GitHub - xnl-h4ck3r/knoxnl: This is a python wrapper around the amazing KNOXSS API by Brute Logic This is a python wrapper around the amazing KNOXSS API by Brute Logic - xnl-h4ck3r/knoxnl

v4.12 of knoxnl is available:

✅ The KNOXSS API now returns whether the target has an Open Redirect. So even if it doesn't find an XSS for a passed URL, you may get lucky and find an OR instead!

github.com/xnl-h4ck3r/k...
#BugBounty
🤘

GitHub - xnl-h4ck3r/xnldorker: Gather results of dorks across a number of search engines Gather results of dorks across a number of search engines - xnl-h4ck3r/xnldorker

v1.5 of xnldorker is available:

🩹 BUG FIX: Was unable to get links from Google after they made a change to the page. Links can no be retrieved again

github.com/xnl-h4ck3r/x...
#bugbounty
🤘

GitHub - xnl-h4ck3r/xnldorker: Gather results of dorks across a number of search engines Gather results of dorks across a number of search engines - xnl-h4ck3r/xnldorker

v1.4 of xnldorker is available:

🩹 BUG FIX: Was unable to get links from Bing after they made a change to the page. Links can no be retrieved again

github.com/xnl-h4ck3r/x...
#bugbounty
🤘

v6.15 of xnLinKFinder is available:

✅ Get links from S3 within <Key> tags
🩹 BUG FIX: Ensure all links checked against scope correctly (not all new one's with tldextract were)
🩹 BUG FIX: File names weren't always returned in links output

github.com/xnl-h4ck3r/x...
#bugbounty
🤘

GitHub - xnl-h4ck3r/GAP-Burp-Extension: Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - xnl-h4ck3r/GAP-Burp-Extension

v5.7 of GAP Burp Extension is available:

✅ Get links from S3 within <Key> tags
🩹 BUG FIX: Ensure all links are checked against scope correctly (not all new one's with tldextract were)

github.com/xnl-h4ck3r/G...
#bugbounty
🤘

GitHub - xnl-h4ck3r/knoxnl: This is a python wrapper around the amazing KNOXSS API by Brute Logic This is a python wrapper around the amazing KNOXSS API by Brute Logic - xnl-h4ck3r/knoxnl

v4.11 of knoxnl is available:

🩹 BUG FIX: Discord notifications weren't always sent when complete.
✅ Make discord notifications prettier.
✅ Update with: pip install --upgrade knoxnl

github.com/xnl-h4ck3r/k...
#BugBounty
🤘

GitHub - xnl-h4ck3r/XnlReveal: A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled e... A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. - xnl-h4ck3r/XnlReveal

v3.10 of XnlReveal is available:

🩹 BUG FIX: Once a URL is tested, it shouldn't be tested again if everything is the same apart from parameter values. This wasn't always working, so is now fixed.

github.com/xnl-h4ck3r/X...
#BugBounty
🤘

GitHub - xnl-h4ck3r/waymore: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X! Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X! - xnl-h4ck3r/waymore

v6.1 of waymore is here:

✅ Get archived responses from URLScan too
🩹 BUG FIX: -from and -to weren't working with URLScan
🩹 BUG FIX: -from and -to args weren't validated
ℹ️ index.txt is now waymore_index.txt
✅ See CHANGLOG for more

github.com/xnl-h4ck3r/w...
#BugBounty
🤘