/ XNL -н4cĸ3r
@xnl-h4ck3r.bsky.social
Aspiring Bug Bounty Hunter & dev of tools: GAP, xnLinkFinder & waymore, featured in "Bug Hunter’s Methodology: Application Analysis v1" by JHaddix 🤘
RTFM🧐
RTFM🧐
Pinned
/ XNL -н4cĸ3r
@xnl-h4ck3r.bsky.social
· Nov 21
xnl-h4ck3r - Overview
Aspiring Bug Bounty Hunter and developer of tools! 🤘 - xnl-h4ck3r
github.com
My #BugBounty tools 🤘
👉waymore - get URLs & archived responses
👉GAP - Burp ext. like xnLinkFinder
👉xnLinkFinder - get links, params & target wordlist
👉 Xnl Reveal - BB Chrome/FF Ext
👉urless - de-clutter URL list
👉knoxnl - wrapper for KNOXSS API
👉 xnldorker - gather search links
github.com/xnl-h4ck3r
👉waymore - get URLs & archived responses
👉GAP - Burp ext. like xnLinkFinder
👉xnLinkFinder - get links, params & target wordlist
👉 Xnl Reveal - BB Chrome/FF Ext
👉urless - de-clutter URL list
👉knoxnl - wrapper for KNOXSS API
👉 xnldorker - gather search links
github.com/xnl-h4ck3r
v6.6 of waymore is here:
🩹 The -from and -to args will now work for all sources (excl. IntelX) when getting URLs for date range (only worked for a few sources before)
✅ Arg -lcy is now removed as -from and -to can be used for this purpose
github.com/xnl-h4ck3r/w...
#BugBounty
🤘
🩹 The -from and -to args will now work for all sources (excl. IntelX) when getting URLs for date range (only worked for a few sources before)
✅ Arg -lcy is now removed as -from and -to can be used for this purpose
github.com/xnl-h4ck3r/w...
#BugBounty
🤘
GitHub - xnl-h4ck3r/waymore: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X!
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X! - xnl-h4ck3r/waymore
github.com
November 10, 2025 at 8:45 PM
v6.6 of waymore is here:
🩹 The -from and -to args will now work for all sources (excl. IntelX) when getting URLs for date range (only worked for a few sources before)
✅ Arg -lcy is now removed as -from and -to can be used for this purpose
github.com/xnl-h4ck3r/w...
#BugBounty
🤘
🩹 The -from and -to args will now work for all sources (excl. IntelX) when getting URLs for date range (only worked for a few sources before)
✅ Arg -lcy is now removed as -from and -to can be used for this purpose
github.com/xnl-h4ck3r/w...
#BugBounty
🤘
v2.3 of xnldorker is available:
✅ You can show sources with tabs in same browser, of separate browser windows
✅ Add anti-bot measures
🩹 BUG FIXES: Lots! See CHANGELOG for more details
✅ Run "pip install --upgrade xnldorker" to update
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ You can show sources with tabs in same browser, of separate browser windows
✅ Add anti-bot measures
🩹 BUG FIXES: Lots! See CHANGELOG for more details
✅ Run "pip install --upgrade xnldorker" to update
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
GitHub - xnl-h4ck3r/xnldorker: Gather results of dorks across a number of search engines
Gather results of dorks across a number of search engines - xnl-h4ck3r/xnldorker
github.com
October 20, 2025 at 7:28 PM
v2.3 of xnldorker is available:
✅ You can show sources with tabs in same browser, of separate browser windows
✅ Add anti-bot measures
🩹 BUG FIXES: Lots! See CHANGELOG for more details
✅ Run "pip install --upgrade xnldorker" to update
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ You can show sources with tabs in same browser, of separate browser windows
✅ Add anti-bot measures
🩹 BUG FIXES: Lots! See CHANGELOG for more details
✅ Run "pip install --upgrade xnldorker" to update
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
v7.3 of xnLinkFinder is available:
✅ Improved recognising input file of domains instead of content
🩹 BUG FIX: Fixed errors occurring when passing a file as input
🩹 See CHANGELOG for more other fixes
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ Improved recognising input file of domains instead of content
🩹 BUG FIX: Fixed errors occurring when passing a file as input
🩹 See CHANGELOG for more other fixes
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target
A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder
github.com
October 17, 2025 at 2:40 PM
v7.3 of xnLinkFinder is available:
✅ Improved recognising input file of domains instead of content
🩹 BUG FIX: Fixed errors occurring when passing a file as input
🩹 See CHANGELOG for more other fixes
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ Improved recognising input file of domains instead of content
🩹 BUG FIX: Fixed errors occurring when passing a file as input
🩹 See CHANGELOG for more other fixes
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
v4.1 of Xnl Reveal browser extension is available:
✅ Add search/filter to DevTools tab
🩹 BUG FIX: White/Black list functionality wasn't working properly
✅ Added param reflection checking on SPAs
✅ See CHANGELOG for lots more
github.com/xnl-h4ck3r/X...
#BugBounty
🤘
✅ Add search/filter to DevTools tab
🩹 BUG FIX: White/Black list functionality wasn't working properly
✅ Added param reflection checking on SPAs
✅ See CHANGELOG for lots more
github.com/xnl-h4ck3r/X...
#BugBounty
🤘
GitHub - xnl-h4ck3r/XnlReveal: A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled e...
A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. - xnl-h4ck3r/XnlReveal
github.com
October 16, 2025 at 6:54 PM
v4.1 of Xnl Reveal browser extension is available:
✅ Add search/filter to DevTools tab
🩹 BUG FIX: White/Black list functionality wasn't working properly
✅ Added param reflection checking on SPAs
✅ See CHANGELOG for lots more
github.com/xnl-h4ck3r/X...
#BugBounty
🤘
✅ Add search/filter to DevTools tab
🩹 BUG FIX: White/Black list functionality wasn't working properly
✅ Added param reflection checking on SPAs
✅ See CHANGELOG for lots more
github.com/xnl-h4ck3r/X...
#BugBounty
🤘
v4.0 of XnlReveal is here:
✅ Add new DevTools tab for messages instead of writing to busy console
✅ Let you easily copy all msgs from tab
✅ Update "sus" params to include all Akamai WAF data from @ryancbarnett
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/X...
#BugBounty
🤘
✅ Add new DevTools tab for messages instead of writing to busy console
✅ Let you easily copy all msgs from tab
✅ Update "sus" params to include all Akamai WAF data from @ryancbarnett
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/X...
#BugBounty
🤘
GitHub - xnl-h4ck3r/XnlReveal: A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled e...
A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. - xnl-h4ck3r/XnlReveal
github.com
October 15, 2025 at 10:26 PM
v4.0 of XnlReveal is here:
✅ Add new DevTools tab for messages instead of writing to busy console
✅ Let you easily copy all msgs from tab
✅ Update "sus" params to include all Akamai WAF data from @ryancbarnett
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/X...
#BugBounty
🤘
✅ Add new DevTools tab for messages instead of writing to busy console
✅ Let you easily copy all msgs from tab
✅ Update "sus" params to include all Akamai WAF data from @ryancbarnett
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/X...
#BugBounty
🤘
v2.2 of xnldorker is here:
✅ Rename -proxy arg to --forward-proxy
✅ Add arg --request-proxy: can be single proxy to make requests to sources, or a file of proxies - one chosen at random
🩹 BUG FIX: Fix Yandex issues
✅ See CHANGELOG
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ Rename -proxy arg to --forward-proxy
✅ Add arg --request-proxy: can be single proxy to make requests to sources, or a file of proxies - one chosen at random
🩹 BUG FIX: Fix Yandex issues
✅ See CHANGELOG
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
GitHub - xnl-h4ck3r/xnldorker: Gather results of dorks across a number of search engines
Gather results of dorks across a number of search engines - xnl-h4ck3r/xnldorker
github.com
October 13, 2025 at 6:08 PM
v2.2 of xnldorker is here:
✅ Rename -proxy arg to --forward-proxy
✅ Add arg --request-proxy: can be single proxy to make requests to sources, or a file of proxies - one chosen at random
🩹 BUG FIX: Fix Yandex issues
✅ See CHANGELOG
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ Rename -proxy arg to --forward-proxy
✅ Add arg --request-proxy: can be single proxy to make requests to sources, or a file of proxies - one chosen at random
🩹 BUG FIX: Fix Yandex issues
✅ See CHANGELOG
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
v2.1 of xnldorker is available:
✅ Add new source Seznam (seznam .cz) - lots more links than most sources
✅ Update with "pip install --upgrade xnldorker"
⚠️ I've tried to fix Bing, but failed. Consider using this to exclude: -es bing
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ Add new source Seznam (seznam .cz) - lots more links than most sources
✅ Update with "pip install --upgrade xnldorker"
⚠️ I've tried to fix Bing, but failed. Consider using this to exclude: -es bing
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
GitHub - xnl-h4ck3r/xnldorker: Gather results of dorks across a number of search engines
Gather results of dorks across a number of search engines - xnl-h4ck3r/xnldorker
github.com
October 12, 2025 at 11:33 PM
v2.1 of xnldorker is available:
✅ Add new source Seznam (seznam .cz) - lots more links than most sources
✅ Update with "pip install --upgrade xnldorker"
⚠️ I've tried to fix Bing, but failed. Consider using this to exclude: -es bing
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ Add new source Seznam (seznam .cz) - lots more links than most sources
✅ Update with "pip install --upgrade xnldorker"
⚠️ I've tried to fix Bing, but failed. Consider using this to exclude: -es bing
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
v2.0 of xnldorker is available:
✅ Add new source: Ecosia search engine
✅ Add new source: Baidu search engine
✅ See CHANGELOG
✅ Update with "pip install --upgrade xnldorker"
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ Add new source: Ecosia search engine
✅ Add new source: Baidu search engine
✅ See CHANGELOG
✅ Update with "pip install --upgrade xnldorker"
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
GitHub - xnl-h4ck3r/xnldorker: Gather results of dorks across a number of search engines
Gather results of dorks across a number of search engines - xnl-h4ck3r/xnldorker
github.com
October 11, 2025 at 11:59 PM
v2.0 of xnldorker is available:
✅ Add new source: Ecosia search engine
✅ Add new source: Baidu search engine
✅ See CHANGELOG
✅ Update with "pip install --upgrade xnldorker"
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ Add new source: Ecosia search engine
✅ Add new source: Baidu search engine
✅ See CHANGELOG
✅ Update with "pip install --upgrade xnldorker"
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
v1.7 of xnldorker is available:
✅ Use Firefox instead of Chrome. This fixed a DuckDuckGo issue blocking for bot detection
✅ Changed Google to return all results instead of 5 pages since a change they made
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ Use Firefox instead of Chrome. This fixed a DuckDuckGo issue blocking for bot detection
✅ Changed Google to return all results instead of 5 pages since a change they made
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
GitHub - xnl-h4ck3r/xnldorker: Gather results of dorks across a number of search engines
Gather results of dorks across a number of search engines - xnl-h4ck3r/xnldorker
github.com
October 9, 2025 at 9:50 PM
v1.7 of xnldorker is available:
✅ Use Firefox instead of Chrome. This fixed a DuckDuckGo issue blocking for bot detection
✅ Changed Google to return all results instead of 5 pages since a change they made
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ Use Firefox instead of Chrome. This fixed a DuckDuckGo issue blocking for bot detection
✅ Changed Google to return all results instead of 5 pages since a change they made
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
v1.6 of xnldorker is available:
✅ Allow a file of dorks to be passed as input aswell as a single dork
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ Allow a file of dorks to be passed as input aswell as a single dork
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
GitHub - xnl-h4ck3r/xnldorker: Gather results of dorks across a number of search engines
Gather results of dorks across a number of search engines - xnl-h4ck3r/xnldorker
github.com
October 9, 2025 at 5:45 PM
v1.6 of xnldorker is available:
✅ Allow a file of dorks to be passed as input aswell as a single dork
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ Allow a file of dorks to be passed as input aswell as a single dork
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
v7.1 of xnLinkFinder is available:
✅ Add arg -r / --retries: No. of times to retry a request after timeout, connection error, etc. Defaults to 0, max retries of 5 per request.
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ Add arg -r / --retries: No. of times to retry a request after timeout, connection error, etc. Defaults to 0, max retries of 5 per request.
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target
A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder
github.com
October 8, 2025 at 8:57 PM
v7.1 of xnLinkFinder is available:
✅ Add arg -r / --retries: No. of times to retry a request after timeout, connection error, etc. Defaults to 0, max retries of 5 per request.
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ Add arg -r / --retries: No. of times to retry a request after timeout, connection error, etc. Defaults to 0, max retries of 5 per request.
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
v2.4 of urless is available:
✅ Various optimizations to improve performance, e.g. Pre-compiled Regular Expressions, Optimized Extension Filtering and Memory-Efficient File Processing.
✅ Update with "pip install --upgrade urless"
github.com/xnl-h4ck3r/u...
#BugBounty
🤘
✅ Various optimizations to improve performance, e.g. Pre-compiled Regular Expressions, Optimized Extension Filtering and Memory-Efficient File Processing.
✅ Update with "pip install --upgrade urless"
github.com/xnl-h4ck3r/u...
#BugBounty
🤘
GitHub - xnl-h4ck3r/urless: De-clutter a list of URLs
De-clutter a list of URLs. Contribute to xnl-h4ck3r/urless development by creating an account on GitHub.
github.com
October 1, 2025 at 9:33 PM
v2.4 of urless is available:
✅ Various optimizations to improve performance, e.g. Pre-compiled Regular Expressions, Optimized Extension Filtering and Memory-Efficient File Processing.
✅ Update with "pip install --upgrade urless"
github.com/xnl-h4ck3r/u...
#BugBounty
🤘
✅ Various optimizations to improve performance, e.g. Pre-compiled Regular Expressions, Optimized Extension Filtering and Memory-Efficient File Processing.
✅ Update with "pip install --upgrade urless"
github.com/xnl-h4ck3r/u...
#BugBounty
🤘
v2.3 of urless is available:
🩹 BUG FIX: Fixes the issue where urless produces no output when run in Docker, CI, or cron jobs.
✅ Update with "pip install --upgrade urless"
github.com/xnl-h4ck3r/u...
#BugBounty
🤘
🩹 BUG FIX: Fixes the issue where urless produces no output when run in Docker, CI, or cron jobs.
✅ Update with "pip install --upgrade urless"
github.com/xnl-h4ck3r/u...
#BugBounty
🤘
GitHub - xnl-h4ck3r/urless: De-clutter a list of URLs
De-clutter a list of URLs. Contribute to xnl-h4ck3r/urless development by creating an account on GitHub.
github.com
October 1, 2025 at 3:47 PM
v2.3 of urless is available:
🩹 BUG FIX: Fixes the issue where urless produces no output when run in Docker, CI, or cron jobs.
✅ Update with "pip install --upgrade urless"
github.com/xnl-h4ck3r/u...
#BugBounty
🤘
🩹 BUG FIX: Fixes the issue where urless produces no output when run in Docker, CI, or cron jobs.
✅ Update with "pip install --upgrade urless"
github.com/xnl-h4ck3r/u...
#BugBounty
🤘
v6.0 of GAP Burp Ext is here!
✅ Allow setting prefix for origin domain only for links found without a domain
✅ Pop up editor to make adding prefix links easier
✅ Add minimum word length option
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
✅ Allow setting prefix for origin domain only for links found without a domain
✅ Pop up editor to make adding prefix links easier
✅ Add minimum word length option
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
GitHub - xnl-h4ck3r/GAP-Burp-Extension: Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - xnl-h4ck3r/GAP-Burp-Extension
github.com
September 30, 2025 at 7:52 PM
v6.0 of GAP Burp Ext is here!
✅ Allow setting prefix for origin domain only for links found without a domain
✅ Pop up editor to make adding prefix links easier
✅ Add minimum word length option
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
✅ Allow setting prefix for origin domain only for links found without a domain
✅ Pop up editor to make adding prefix links easier
✅ Add minimum word length option
✅ See CHANGELOG for more
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
v7.0 of xnLinkFinder is available:
✅ - Add arg -rl / --rate-limit: max no. of requests sent per second. Can be used when a target specifies a rate limit in their bug bounty scope.
✅ - See CHANGELOG for other minor changes.
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ - Add arg -rl / --rate-limit: max no. of requests sent per second. Can be used when a target specifies a rate limit in their bug bounty scope.
✅ - See CHANGELOG for other minor changes.
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target
A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder
github.com
September 30, 2025 at 2:06 PM
v7.0 of xnLinkFinder is available:
✅ - Add arg -rl / --rate-limit: max no. of requests sent per second. Can be used when a target specifies a rate limit in their bug bounty scope.
✅ - See CHANGELOG for other minor changes.
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ - Add arg -rl / --rate-limit: max no. of requests sent per second. Can be used when a target specifies a rate limit in their bug bounty scope.
✅ - See CHANGELOG for other minor changes.
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
v6.17 of xnLinkFinder is available:
✅ - Get links that start with #/ - these are usually hash-based routing links in single-page apps
🩹 - BUG FIX: Change matching brackets logic for links to improve quality
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ - Get links that start with #/ - these are usually hash-based routing links in single-page apps
🩹 - BUG FIX: Change matching brackets logic for links to improve quality
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target
A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder
github.com
September 29, 2025 at 9:55 PM
v6.17 of xnLinkFinder is available:
✅ - Get links that start with #/ - these are usually hash-based routing links in single-page apps
🩹 - BUG FIX: Change matching brackets logic for links to improve quality
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
✅ - Get links that start with #/ - these are usually hash-based routing links in single-page apps
🩹 - BUG FIX: Change matching brackets logic for links to improve quality
github.com/xnl-h4ck3r/x...
#BugBounty
🤘
v5.10 of GAP Burp Extension is available:
✅ - Get links that start with #/ - these are usually hash-based routing links in single-page apps
🩹 - BUG FIX: Change matching brackets logic for links to improve quality
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
✅ - Get links that start with #/ - these are usually hash-based routing links in single-page apps
🩹 - BUG FIX: Change matching brackets logic for links to improve quality
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
GitHub - xnl-h4ck3r/GAP-Burp-Extension: Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - xnl-h4ck3r/GAP-Burp-Extension
github.com
September 29, 2025 at 9:39 PM
v5.10 of GAP Burp Extension is available:
✅ - Get links that start with #/ - these are usually hash-based routing links in single-page apps
🩹 - BUG FIX: Change matching brackets logic for links to improve quality
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
✅ - Get links that start with #/ - these are usually hash-based routing links in single-page apps
🩹 - BUG FIX: Change matching brackets logic for links to improve quality
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
Here's a talk I did for @Jhaddix discord channel back in March '24 about my waymore tool.
I tried to cover EVERYTHING, including useful post processing (that's why it's over 2 hours long 😬).
Hopefully it will be helpful.
🤘
www.youtube.com/watch?v=hMaY...
I tried to cover EVERYTHING, including useful post processing (that's why it's over 2 hours long 😬).
Hopefully it will be helpful.
🤘
www.youtube.com/watch?v=hMaY...
videos[2] = "waymore talk (March '24)"
YouTube video by / XNL -н4cĸ3r
www.youtube.com
September 17, 2025 at 4:49 PM
Here's a talk I did for @Jhaddix discord channel back in March '24 about my waymore tool.
I tried to cover EVERYTHING, including useful post processing (that's why it's over 2 hours long 😬).
Hopefully it will be helpful.
🤘
www.youtube.com/watch?v=hMaY...
I tried to cover EVERYTHING, including useful post processing (that's why it's over 2 hours long 😬).
Hopefully it will be helpful.
🤘
www.youtube.com/watch?v=hMaY...
v5.9 of GAP Burp Extension is available:
✅ Modified the Sus Params data to include additional data gathered from Akamai WAF threat research team intel - thanks @ryancbarnett !
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
✅ Modified the Sus Params data to include additional data gathered from Akamai WAF threat research team intel - thanks @ryancbarnett !
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
GitHub - xnl-h4ck3r/GAP-Burp-Extension: Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - xnl-h4ck3r/GAP-Burp-Extension
github.com
August 6, 2025 at 3:28 PM
v5.9 of GAP Burp Extension is available:
✅ Modified the Sus Params data to include additional data gathered from Akamai WAF threat research team intel - thanks @ryancbarnett !
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
✅ Modified the Sus Params data to include additional data gathered from Akamai WAF threat research team intel - thanks @ryancbarnett !
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
v5.8 of GAP Burp Extension is available:
✅ Improve the quality of the parameter list
✅ Find extra links from fetch and JQuery-like methods
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
✅ Improve the quality of the parameter list
✅ Find extra links from fetch and JQuery-like methods
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
GitHub - xnl-h4ck3r/GAP-Burp-Extension: Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - xnl-h4ck3r/GAP-Burp-Extension
github.com
June 12, 2025 at 11:28 PM
v5.8 of GAP Burp Extension is available:
✅ Improve the quality of the parameter list
✅ Find extra links from fetch and JQuery-like methods
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
✅ Improve the quality of the parameter list
✅ Find extra links from fetch and JQuery-like methods
github.com/xnl-h4ck3r/G...
#BugBounty
🤘
v5.3 of knoxnl is available:
🩹 BUG FIX: Show an error message informing the user to go to knoxss.pro and (re)validate their API key if the API returns a response of "Invalid or expired API key."
github.com/xnl-h4ck3r/k... #BugBounty
🤘
🩹 BUG FIX: Show an error message informing the user to go to knoxss.pro and (re)validate their API key if the API returns a response of "Invalid or expired API key."
github.com/xnl-h4ck3r/k... #BugBounty
🤘
May 26, 2025 at 4:20 PM
v5.3 of knoxnl is available:
🩹 BUG FIX: Show an error message informing the user to go to knoxss.pro and (re)validate their API key if the API returns a response of "Invalid or expired API key."
github.com/xnl-h4ck3r/k... #BugBounty
🤘
🩹 BUG FIX: Show an error message informing the user to go to knoxss.pro and (re)validate their API key if the API returns a response of "Invalid or expired API key."
github.com/xnl-h4ck3r/k... #BugBounty
🤘
v5.2 of knoxnl is available:
✅If input is a file of URLs, these will be shuffled before being processed to avoid hitting the target server sequentially so KNOXSS can fly under the radar better.
github.com/xnl-h4ck3r/k...
@KN0X55 #BugBounty
🤘
✅If input is a file of URLs, these will be shuffled before being processed to avoid hitting the target server sequentially so KNOXSS can fly under the radar better.
github.com/xnl-h4ck3r/k...
@KN0X55 #BugBounty
🤘
GitHub - xnl-h4ck3r/knoxnl: This is a python wrapper around the amazing KNOXSS API by Brute Logic
This is a python wrapper around the amazing KNOXSS API by Brute Logic - xnl-h4ck3r/knoxnl
github.com
May 23, 2025 at 8:42 AM
v5.2 of knoxnl is available:
✅If input is a file of URLs, these will be shuffled before being processed to avoid hitting the target server sequentially so KNOXSS can fly under the radar better.
github.com/xnl-h4ck3r/k...
@KN0X55 #BugBounty
🤘
✅If input is a file of URLs, these will be shuffled before being processed to avoid hitting the target server sequentially so KNOXSS can fly under the radar better.
github.com/xnl-h4ck3r/k...
@KN0X55 #BugBounty
🤘
v5.0 of knoxnl is here:
✅ Less errors and more clarity of API responses
✅ Runtime logs will now be streamed as they happen
✅ Add arg --stall-timeout
✅ Lots of changes & improvements! See CHANGELOG for details
⏫ knoxnl -up
github.com/xnl-h4ck3r/k...
#BugBounty
🤘
✅ Less errors and more clarity of API responses
✅ Runtime logs will now be streamed as they happen
✅ Add arg --stall-timeout
✅ Lots of changes & improvements! See CHANGELOG for details
⏫ knoxnl -up
github.com/xnl-h4ck3r/k...
#BugBounty
🤘
GitHub - xnl-h4ck3r/knoxnl: This is a python wrapper around the amazing KNOXSS API by Brute Logic
This is a python wrapper around the amazing KNOXSS API by Brute Logic - xnl-h4ck3r/knoxnl
github.com
May 19, 2025 at 2:32 PM
v5.0 of knoxnl is here:
✅ Less errors and more clarity of API responses
✅ Runtime logs will now be streamed as they happen
✅ Add arg --stall-timeout
✅ Lots of changes & improvements! See CHANGELOG for details
⏫ knoxnl -up
github.com/xnl-h4ck3r/k...
#BugBounty
🤘
✅ Less errors and more clarity of API responses
✅ Runtime logs will now be streamed as they happen
✅ Add arg --stall-timeout
✅ Lots of changes & improvements! See CHANGELOG for details
⏫ knoxnl -up
github.com/xnl-h4ck3r/k...
#BugBounty
🤘
v4.12 of knoxnl is available:
✅ The KNOXSS API now returns whether the target has an Open Redirect. So even if it doesn't find an XSS for a passed URL, you may get lucky and find an OR instead!
github.com/xnl-h4ck3r/k...
#BugBounty
🤘
✅ The KNOXSS API now returns whether the target has an Open Redirect. So even if it doesn't find an XSS for a passed URL, you may get lucky and find an OR instead!
github.com/xnl-h4ck3r/k...
#BugBounty
🤘
GitHub - xnl-h4ck3r/knoxnl: This is a python wrapper around the amazing KNOXSS API by Brute Logic
This is a python wrapper around the amazing KNOXSS API by Brute Logic - xnl-h4ck3r/knoxnl
github.com
May 13, 2025 at 10:08 PM
v4.12 of knoxnl is available:
✅ The KNOXSS API now returns whether the target has an Open Redirect. So even if it doesn't find an XSS for a passed URL, you may get lucky and find an OR instead!
github.com/xnl-h4ck3r/k...
#BugBounty
🤘
✅ The KNOXSS API now returns whether the target has an Open Redirect. So even if it doesn't find an XSS for a passed URL, you may get lucky and find an OR instead!
github.com/xnl-h4ck3r/k...
#BugBounty
🤘
v1.5 of xnldorker is available:
🩹 BUG FIX: Was unable to get links from Google after they made a change to the page. Links can no be retrieved again
github.com/xnl-h4ck3r/x...
#bugbounty
🤘
🩹 BUG FIX: Was unable to get links from Google after they made a change to the page. Links can no be retrieved again
github.com/xnl-h4ck3r/x...
#bugbounty
🤘
GitHub - xnl-h4ck3r/xnldorker: Gather results of dorks across a number of search engines
Gather results of dorks across a number of search engines - xnl-h4ck3r/xnldorker
github.com
April 22, 2025 at 11:02 PM
v1.5 of xnldorker is available:
🩹 BUG FIX: Was unable to get links from Google after they made a change to the page. Links can no be retrieved again
github.com/xnl-h4ck3r/x...
#bugbounty
🤘
🩹 BUG FIX: Was unable to get links from Google after they made a change to the page. Links can no be retrieved again
github.com/xnl-h4ck3r/x...
#bugbounty
🤘