A concise and effective bash script for mass XSS scanning utilizing the KNOXSS API by Brute Logic
curl -sSL https://raw.githubusercontent.com/0xPugal/KNOXSSer/master/knoxsser -o knoxsser && chmod +x knoxsser && sudo mv knoxsser /usr/bin/
Options:
-i, --input Input file containing URLs or single URL to scan
-o, --output Output file to save XSS results (default: xss.txt)
-A, --api API key for Knoxss
-s, --silent Print only results without displaying the banner
-n, --notify Send notifications on successful XSSes via notify
-p, --process Number of URLs to scan parallely (1-5) (default: 1)
-h, --help Display this help message and exit
-v, --version Display the version and exit
- Enables scanning of both single URLs and files containing multiple URLs
- Unscanned URLs are saved in a
<input>+date-time.todofile, providing a record of URLs not successfully scanned along with a timestamp. - URLs that encountered timeouts or errors during scanning, possibly due to issues with the KNOXSS API, are saved in a
<input>.errorsfile. - Successful XSS results are saved by default in
xss.txt, with their full JSON responses. - Prints the number of API calls made during the scanning process.
- Send notifications on successful XSSes through notify
- Parallel scans options for faster scan completion
Configure your knoxss api key in line 30 of knoxsser or pass the API key with
-Aargument. (Required)
By default XSS outputs are saved in xss.txt or you can specify the custom output file
Notify must be installed on your system, to send notifications on sucessful xss. Use
--notifyto send notifications
- Single URL scan
knoxsser -i https://brutelogic.com.br/xss.php?a=1
- Scan a list of URLs
knoxsser -i urls.txt
- Send the notification on successful xss through notify
knoxsser -i input.txt --notify
- Allow knoxsser to read input from stdin
- Add verbose option for verbose output
- An amazing KNOXSS API by Brute Logic.
- This script was inspired from the knoxnl tool created by xnl_h4ck3r.
- Notification on successful XSS via Project Discovery's Notify.
