{"id":18918519,"url":"https://github.com/0xpugal/knoxsser","last_synced_at":"2025-06-22T06:04:13.656Z","repository":{"id":232722708,"uuid":"785003206","full_name":"0xPugal/knoxsser","owner":"0xPugal","description":"A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API","archived":false,"fork":false,"pushed_at":"2025-01-24T07:16:54.000Z","size":449,"stargazers_count":71,"open_issues_count":2,"forks_count":11,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-20T15:06:20.344Z","etag":null,"topics":["bugbounty","knoxss","xss"],"latest_commit_sha":null,"homepage":"https://knoxss.pro/?page_id=2729","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xPugal.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":"0xPugal","custom":["https://www.paypal.me/0xPugal"]}},"created_at":"2024-04-11T01:49:40.000Z","updated_at":"2025-04-16T22:32:21.000Z","dependencies_parsed_at":"2025-04-15T12:37:13.077Z","dependency_job_id":null,"html_url":"https://github.com/0xPugal/knoxsser","commit_stats":null,"previous_names":["0xpugal/knoxsser"],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/0xPugal/knoxsser","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xPugal%2Fknoxsser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xPugal%2Fknoxsser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xPugal%2Fknoxsser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xPugal%2Fknoxsser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xPugal","download_url":"https://codeload.github.com/0xPugal/knoxsser/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xPugal%2Fknoxsser/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261244008,"owners_count":23129639,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","knoxss","xss"],"created_at":"2024-11-08T10:32:23.727Z","updated_at":"2025-06-22T06:04:08.638Z","avatar_url":"https://github.com/0xPugal.png","language":"Shell","funding_links":["https://buymeacoffee.com/0xPugal","https://www.paypal.me/0xPugal"],"categories":[],"sub_categories":[],"readme":"# KNOXSSer v2.0\n\n**An powerful bash script for massive XSS scanning leveraging [Brute Logic's](https://brutelogic.com.br/blog/about) [KNOXSS API](https://knoxss.pro)**\n\n[![made-with-bash](https://img.shields.io/badge/Made%20with-Bash-1f425f.svg)](https://www.gnu.org/software/bash/) [![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://GitHub.com/0xPugal/KNOXSSer/graphs/commit-activity) [![MIT license](https://img.shields.io/badge/License-MIT-blue.svg)](https://lbesson.mit-license.org/) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) [![Latest release](https://badgen.net/github/release/0xPugal/KNOXSSer?sort=semver\u0026label=version)](https://github.com/0xPugal/KNOXSSer/releases) [![Open Source Love svg1](https://badges.frapsoft.com/os/v1/open-source.svg?v=103)](https://github.com/0xPugal/KNOXSSer)\n\n\n![image](https://github.com/0xPugal/knoxsser/assets/75373225/b2219d21-d8d0-4b6a-8005-e402e0148964)\n\n\n## Installation\n```\ncurl -sSL https://raw.githubusercontent.com/0xPugal/knoxsser/master/knoxsser.sh -o knoxsser.sh \u0026\u0026 chmod +x knoxsser.sh \u0026\u0026 sudo mv knoxsser.sh /usr/bin/knoxsser\n```\n\n## Prerequisites\n\u003e jq and parallel must be installed in your system to run this tool\n  + Debian based Distros - ``sudo apt install -y curl jq parallel``\n  + RedHat based Distros - ``dnf install curl jq parallel``\n  + Arch based Distros - ``pacman -S curl jq parallel``\n  + Mac OS - ``brew install jq parallel``\n\u003e Configure your knoxss api key in [line 36 of knoxsser](https://github.com/0xPugal/knoxsser/blob/master/knoxsser.sh#L36) or pass the API key with ``-A`` argument.\n\n\n\u003e [Notify](https://github.com/projectdiscovery/notify) must be installed on your system, to send notifications on sucessful xss.(optional)\n\n\n## Help\n```\nOptions:\n  -i,  --input            Input file containing URLs or single URL to scan\n  -o,  --output           Output file to save XSS results (default: xss.txt)\n  -A,  --api              API key for Knoxss\n  -s,  --silent           Print only results without displaying the banner and target count\n  -n,  --notify           Send notifications on successful XSSes via notify\n  -p,  --process          Number of URLs to scan in parallel (1-5) (default: 3)\n  -r,  --retry            Number of times to retry on target connection issues \u0026 can't finish scans (default: 1)\n  -ri, --retry-interval   Seconds to wait before retrying when having issues connecting to the KNOXSS API (default: 15)\n  -v,  --version          Display the version and exit\n  -V,  --verbose          Enable verbose output\n  -h,  --help             Display this help message and exit\n  -c,  --cookies          Cookies for authenticated GET requests\n  -pd, --postdata         POST data for POST requests\n```\n\n## Features\n   - Enables scanning of both single URLs and files containing multiple URLs\n   - Unscanned / Remaining URLs and URLs that encountered errors  are saved in a `\u003cinput\u003e+date-time.todo` file, providing a record of URLs not successfully scanned along with a timestamp.\n   - Ability to stop the scan and save the remaining URLs in a `\u003cinput\u003e+date-time.todo` file.\n   - Successful XSS results are saved by default in `xss.txt`, with their full JSON responses, and `error.log` file for further investigation for Unknown Errors.\n   - Send notifications on successful XSSes through notify\n   - Parallel scans options for faster scan completion\n   - Verbose option functionality for printing response from knoxss api in the terminal\n   - Added support for authenticated scans by passing cookies and authorization headers. and scanning URLs with POST data.\n   - Ability to retry the scan, if any error like `Connection issues` or `can't able to scan by knoxss`\n   - Prints the API calls number along with the scanning process.\n   - Added a new option (-ri or --retry-interval) to specify the interval (in seconds) between retries for failed scans.\n\n## Usage\n```\n# All in one\n  knoxsser -i input.txt -p 3 -n -V -r 2 -o knoxss.txt\n\n# Single URL scan\n  knoxsser --input https://brutelogic.com.br/xss.php?a=1\n\n# Scan a list of URLs\n  knoxsser --input urls.txt\n\n# Scan the post data request\n  knoxsser -i http://testphp.vulnweb.com/search.php -pd 'test=query\u0026post=searchFor=any%26goButton=go'\n\n# Scan the url with auth headers\n  knoxsser -i \"https://brutelogic.com.br/session/index.php?name=guest\" -c \"Cookie:PHPSESSID=9p77u90dssmkmn3kgmmgq3b5d3\"\n\n# Send the notification on successful xss through notify\n  knoxsser --input input.txt --notify\n\n# Verbose option functionality\n  knoxsser --input input.txt --verbose\n\n# Parallel scan process\n  knoxsser --input input.txt --process 3\n```\n\n## ToDo\n+ Allow knoxsser to read input from stdin\n+ Stop the scan on `Invalid or Expired API Key` and `API rate limit exceeded` and save the urls in `\u003cinput\u003e-date-time.todo` file\n\n## Credits\n+ An amazing [KNOXSS](https://knoxss.pro) API by Brute Logic.\n+ This script was inspired from the [knoxnl](https://github.com/xnl-h4ck3r/knoxnl) tool created by [xnl_h4ck3r](https://twitter.com/xnl_h4ck3r).\n\n\u003e [!CAUTION]\n\u003e ⚠️ Disclaimer: I am not responsible for any use, and especially misuse, of this tool or the KNOXSS API\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xpugal%2Fknoxsser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xpugal%2Fknoxsser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xpugal%2Fknoxsser/lists"}