An powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API
curl -sSL https://raw.githubusercontent.com/0xPugal/knoxsser/master/knoxsser.sh -o knoxsser.sh && chmod +x knoxsser.sh && sudo mv knoxsser.sh /usr/bin/knoxsser
jq and parallel must be installed in your system to run this tool
- Debian based Distros -
sudo apt install -y curl jq parallel - RedHat based Distros -
dnf install curl jq parallel - Arch based Distros -
pacman -S curl jq parallel - Mac OS -
brew install jq parallel
Configure your knoxss api key in line 36 of knoxsser or pass the API key with
-Aargument.
Notify must be installed on your system, to send notifications on sucessful xss.(optional)
Options:
-i, --input Input file containing URLs or single URL to scan
-o, --output Output file to save XSS results (default: xss.txt)
-A, --api API key for Knoxss
-s, --silent Print only results without displaying the banner and target count
-n, --notify Send notifications on successful XSSes via notify
-p, --process Number of URLs to scan parallely(1-5) (default: 3)
-r, --retry Number of times to retry on target connection issues and can't finish scans"
-v, --version Display the version and exit
-V, --verbose Enable verbose output
-h, --help Display this help message and exit
- Enables scanning of both single URLs and files containing multiple URLs
- Unscanned / Remaining URLs and URLs that encountered errors are saved in a
<input>+date-time.todofile, providing a record of URLs not successfully scanned along with a timestamp. - Ability to stop the scan and save the remaining URLs in a
<input>+date-time.todofile. - Successful XSS results are saved by default in
xss.txt, with their full JSON responses, anderror.logfile for further investigation for Unknown Errors. - Ability to retry the scan, if any error like
Connection issuesorcan't able to scan by knoxss - Prints the API calls number along with the scanning process.
- Send notifications on successful XSSes through notify
- Parallel scans options for faster scan completion
- Verbose option functionality for printing response from knoxss api in the terminal
# All in one
knoxsser -i input.txt -p 3 -n -V -r 2 -o knoxss.txt
# Single URL scan
knoxsser --input https://brutelogic.com.br/xss.php?a=1
# Scan a list of URLs
knoxsser --input urls.txt
# Send the notification on successful xss through notify
knoxsser --input input.txt --notify
# Verbose option functionality
knoxsser --input input.txt --verbose
# Parallel scan process
knoxsser --input input.txt --process 3
- Allow knoxsser to read input from stdin
- Stop the scan on
Invalid or Expired API KeyandAPI rate limit exceededand save the urls in<input>-date-time.todofile
- An amazing KNOXSS API by Brute Logic.
- This script was inspired from the knoxnl tool created by xnl_h4ck3r.
Caution
