xnl-h4ck3r / knoxnl Goto Github PK

Can you create a new function like *****.todo will not create the file.
Sometimes when we do some wrong command, ****.todo file is created again and again, which is very annoying.

I know this is because of KNOXSS not knoxnl
I spoke to him and he said to me, “All you need to do is to issue another request.”

Of course, the tool does that, and with that, it's the same error

I spoke to him a while ago and told him to upgrade his server so that it is stable

This wastes the power of the tool

What is the solution
KNOXSS told me some things but i already do that

ERROR showOutput 1: 'NoneType' object has no attribute 'write'

-s not working

I think using the knife extension is better than using piper in the burp suite because there are a lot of problems and takes many machine resources during using the burp suite because that I prefer to use the knife extension instead of the piper.

Knfie Repo:
https://github.com/bit4woo/knife

Calling knoxss api showing -
Something went wrong: Invalid or expired API key.
[ ERR! ] - (GET) https://www.google.com/?q= {}

HI @xnl-h4ck3r
I'm running scans in huge number of urls, but sometimes I find myself needing to interrupt the process using Ctrl+C before it completes. I'm wondering what happens to the output in such cases. Does knoxnl save any partial results, or is all progress lost upon interruption?

Is it possible to add a resume option similar to ProjectDiscovery tools?

Hello,
im having issue installing setup.py
C:\Users\or0to\OneDrive\Desktop\kno1>python setup.py install
Traceback (most recent call last):
File "C:\Users\or0to\OneDrive\Desktop\kno1\setup.py", line 22, in
os.rename(target_directory+'/config.yml',target_directory+'/config.yml.OLD')
FileExistsError: [WinError 183] Cannot create a file when that file already exists: 'C:\Users\or0to\AppData\Roaming\knoxnl/config.yml' -> 'C:\Users\or0to\AppData\Roaming\knoxnl/config.yml.OLD'

Hi there,
Could you add a new function? like, when we are using this script with lots of URLs.
There are only 5k api request, which is very low.
Think like your input's list line 7k+.
If all api requests are finished.
Then script will be waiting for new day for new api request.

I think it would to great feature.

knoxnl is no longer saving remaining URLs in the .todo file as it used to.
knoxnl version 4.2 (latest)

knoxnl command I used:

knoxnl --input /home/nishant57/urls.txt --retries 50000 --api-key 'xxxxxx-xxxxxx-xxxxxx-xxxxx-xxxxxxx' --timeout 2500 --advanced-filter-bypass --output /home/nishant57/knoxss_result.txt

The .todo remaining URLs file is saved when I kill knoxnl using Ctrl+C but not when knoxnl is stopped in between due to errors.

Hi!

I've been testing the tool and really like how it can help in automating the knoxss to the workflow.

I've noticed, that when I'm running the tool on a file with output tag, the successful discoveries are not saved until the complete of the task. So incase I've to cancel the run mid way using Ctrl+c the output file is empty.

Hope this can be a quick implement.

Thanks

Big Fan xnl-h4ck3r,
Can you make a new script for Burpsuite? We use Burpsuite most of the time for website testing. So if there is an extension for Burpsuite, that will scan any request. I think it will be very helpful.

your idea is good, and the script as well. but I think this idea is very bad. because I have an API request, but this function just stops the process and makes *****.todo files. which is weird to use this script again and again. could you make the new function to force the request to complete the file scan?

First of all congratulations on the latest update, it has brought great features to the tool. However, yesterday I went to use the -pur parameter and realized that at a certain moment I received an error for exceeding the rate limit and it enabled the -pur option, which doesn't make sense, rate limit it would just have to wait a little longer maybe, a few seconds so as not to overload the API and then come back again, but it understood that my number of calls had exceeded.

Hi @xnl-h4ck3r,

I have a suggestion to make knoxnl Burp Piper even more user-friendly and efficient.
Currently, knoxnl Burp Piper allows us to send individual HTTP requests for analysis. However, this process can be slow and tedious when dealing with many URLs.

Could you consider adding a feature that lets us send multiple URLs at once for scanning? Here's how it could work:

• Allow users to input multiple URLs or hostnames together, instead of one by one.
• Send the host from sitemap into piper --> knoxnl

Adding this feature would save a lot of time and make knoxnl even more valuable for finding xss.

[ ERR! ] - (GET) https://brutelogic.com.br/xss.php?a=1 KNOXSS ERR: Session.request() got an unexpected keyword argument 'reties'

In recent days, I've been receiving a gigantic amount of timeouts from knoxnl. I don't know why, but even with different hosts (I've tested on more than 5), it always returns timeouts, timeouts. I no longer see requests marked as (SAFE) or (XSS), only ERR! and the reason is timeout. However, the same URL that I just received a timeout for, when I go to the graphical interface, it says that it just couldn't identify XSS, meaning it's (SAFE), it doesn't return a timeout. And the same URL, if I try directly via the API using CURL, also doesn't return any error, just that it didn't identify XSS.

Do you think there might be a problem related to knoxnl? Is anyone else having this kind of issue? Do you know how to solve it?

It's worth mentioning that I've already done various tests with many different hosts; it's not just in this specific case. Lately, the only host I've been successful with is testphp.vulnweb.com ):

With it, I don't have problems with timeouts, but with any other host, that's all I've been getting.

I think you could add a check with more certainty that the target is in fact blocking the KNOXSS IP, because not every time KNOXSS is blocked on a page will it be blocked on the others, maybe that specific page had WAF and the others didn't, and since the logic at the moment is validating only if a single API response is blocking, it ends up skipping the next ones, but I've noticed that the next ones can still continue to bring results.

Maybe put in a validation sequence of blocked requests, if the API returns about 10 or more (it could be up to the user) requests with the KNOXSS IP blocking error, then skip the next ones, otherwise continue the verification process.

import yaml

ModuleNotFoundError: No module named 'yaml'

can add 2 API key in config file ?

if no

please make this idea