/ XNL -н4cĸ3r (@Xnl_h4ck3r@infosec.exchange) @xnl_h4ck3r Twitter profile | Pikagi

Pikagi

/ XNL -н4cĸ3r (@[email protected])

@xnl_h4ck3r

7,018

Followers

820

Following

167

Media

2,667

Statuses

Aspiring Bug Bounty Hunter & dev of tools: GAP, xnLinkFinder & waymore, featured in "Bug Hunter’s Methodology: Application Analysis v1" by JHaddix 🤘 RTFM🧐

Wales

https://t.co/wF3oTUbRcB

Joined August 2020

Don't wanna be here? Send us removal request.

Pinned Tweet

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

6 months

My #BugBounty tools 🤘 👉xnLinkFinder - get links, params & target wordlist 👉waymore - get URLs & archived responses 👉GAP - Burp ext. like xnLinkFinder 👉urless - de-clutter URL list 👉knoxnl - wrapper for KNOXSS API 👉 Xnl Reveal - BB Chrome Extension

Tweet card media

xnl-h4ck3r - Overview

Aspiring Bug Bounty Hunter and developer of tools! 🤘 - xnl-h4ck3r

12

58

277

Last Seen Profiles

@RevolAimar

@sun7o_

@SRI_Conference

@_CoachSWANSON

@messypack

@ViriROB

@AlfadleyA

@CoachPosateri

@MarshArcana

@LecompteAutumn2

@NazaBomaye

@oswaldomujica

@ChrisDunkerLJS

@OhhTree

@glxarkanta

@Alec_Pedaler

@gokhanbalciank

@ElsevarAkhundov

@Panda31808732

@mehdianlaroglu

@2Kazmi

@pilotag

@sebil_1

@1garyrogers

@ome_syou_ism

@ozlmozmn1

@xiaotudou7777

@MythicalMasters

@elonmusksu

@DasZuchthaus_

@Sabalero_18

@UDI_off

@talia_einhorn

@AlmightyAO

@okAakash

@PCdeChile

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

So I wrote another tool... Get even more from wayback machine, with 𝘄𝗮𝘆𝗺𝗼𝗿𝗲🤘 🗸 Get more URLs than other tools 🗸 More filtering flexibility 🗸 Download archived responses to search for even more!! Please read the README 🤘🧐

Tweet card media

GitHub - xnl-h4ck3r/waymore: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX,...

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal! - xnl-h4ck3r/waymore

14

156

448

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

6 months

A Chrome Extension that will: ✅ Show alerts for any query param reflections ✅ Show any hidden elements ✅ Enable any disabled elements Inspired by @ctbbpodcast recent tweets about bookmarks, and @renniepak comment on the pod about an extension 🤘

Tweet card media

GitHub - xnl-h4ck3r/XnlReveal: A Chrome/Firefox browser extension to show alerts for reflected...

A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. - xnl-h4ck3r/XnlReveal

5

58

282

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

10 months

As promised, here's an in depth look at the GAP Burp extension... If you like the tool, or it helps find you a nice bounty, please share it, shout about it, like it on github, or even buy me a coffee! 🙂 🤘 #bugbountytips

Tweet card media

videos[1] = "GAP Burp Extension"

An in depth look at the GAP Burp extension.GAP is a python extension that can be used in all Burp editions and is useful for bug bounter hunters or pentester...

www.youtube.com

12

77

281

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

Some hackers don't take notes. But, they'd do even better if they did! 💯 It can be hard to make yourself take notes when you're really into doing something, but do it! You won't regret it! Make it a habit. Having good notes on everything can be a super power! 🤘 #BugBounty

Tweet media one

16

35

270

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

xnLinkFinder (featured in @jhaddix "The Bug Hunter’s Methodology: Application Analysis v1") now accepts a directory as input. Search through JS files, HTTP responses, etc. for more endpoints and files. #bugbounty

Tweet card media

GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters,...

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder

9

78

260

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

My #BugBounty tools: 👉xnLinkFinder - get endpoints, params & target specific wordlist 👉waymore - get URLs & archived responses 👉GAP - Burp ext. like xnLinkFinder 👉urless - de-clutter list of URLs 👉knoxnl - wrapper for KNOXSS API Always RTFMs! 🤘🧐

Tweet card media

xnl-h4ck3r - Overview

Aspiring Bug Bounty Hunter and developer of tools! 🤘 - xnl-h4ck3r

9

69

250

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

5 months

gau and waybackurls are great tools, BUT... Below are more or less equivalent, just getting links from wayback machine, and also not filtering (so returning images, css, etc. as gau does by default)... Yes they are faster than waymore, but waymore gets... well... more! 🤘😉

Tweet media one

9

42

245

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

Btw, waymore gets URLs from the following sources: 👉Wayback Machine 👉Common Crawl 👉Alien Vault OTX 👉URLScan So it does the same as tools like Gau and waybackurls but actually get's more. Plus it also get's archived responses from wayback machine! 🤘

Tweet card media

GitHub - xnl-h4ck3r/waymore: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX,...

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal! - xnl-h4ck3r/waymore

5

83

240

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

3 months

GAP is now the @Burp_Suite BApp store 🤘 Go give it a go, give some feedback, give it a rating, and go get all those links, parameters and custom wordlists! #BugBounty

Tweet media one

6

34

226

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

My #BugBounty tools: 👉xnLinkFinder - discover endpoints & params 👉waymore - get URLs & archived responses 👉GAP - Burp ext. like xnLinkFinder 👉urless - de-clutter a list of URLs 👉knoxnl - wrapper for KNOXSS API For max benefit, READ the READMEs! 🤘🧐

Tweet card media

xnl-h4ck3r - Overview

Aspiring Bug Bounty Hunter and developer of tools! 🤘 - xnl-h4ck3r

7

66

212

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 months

If you have a huge number of URLs that you need reduce but still cover everything you need, try urless. It's not just de-deuping obviosuly, it does a lot more, so take a look at the README... #bugbountytips 🤘

Tweet card media

GitHub - xnl-h4ck3r/urless: De-clutter a list of URLs

De-clutter a list of URLs. Contribute to xnl-h4ck3r/urless development by creating an account on GitHub.

5

40

212

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

Need to upload an image of a specific size and format to a target website? Use 𝗶𝗺𝗮𝗴𝗲𝗺𝗮𝗴𝗶𝗰𝗸 and 𝗲𝘅𝗶𝗳𝘁𝗼𝗼𝗹 to generate one quickly instead of trying to randomly pick one from your machine that fits the requirements! #bugbountytips

Tweet media one

5

45

210

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

The GAP Burp extension, which then progressed to xnLinKFinder, was inspired by @zseano and his methodology which is where I started by bug bounty journey, on @BugBountyHunt3r 🤘

Tweet card media

GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters,...

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder

4

58

208

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

7 months

🔥🤘

GitHub - intrudir/BypassFuzzer: Fuzz 401/403/404 pages for bypasses

Fuzz 401/403/404 pages for bypasses. Contribute to intrudir/BypassFuzzer development by creating an account on GitHub.

0

64

200

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

If you're still using @Burp_Suite Extension 𝗚𝗔𝗣 1.𝘅, or haven't tried 𝗚𝗔𝗣 before, go get 𝗚𝗔𝗣 𝘃2.4 now and find potential parameters, links and a custom wordlist for your target 🤘 #BugBounty

Tweet media one

3

33

189

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

5 months

Here's a modified version of @TomNomNom 's amazing tool with various minor improvements... just because I love it and I could :)❤️ ✅ Auto save to file ✅ Unique and sorted by default ✅ Includes Google and Bing snippets ✅ See the README! #BugBounty 🤘

Tweet card media

GitHub - xnl-h4ck3r/webpaste: Save your dorking results to the terminal. A modified version of...

Save your dorking results to the terminal. A modified version of TomNomNom's amazing tool! - xnl-h4ck3r/webpaste

6

38

185

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

4 months

Not sure if you all know about this amazing tool from @glitchedgitz already, and I'm just late to find it, but if not, check it out! 👇🔥🤘 #BugBounty

Tweet card media

GitHub - glitchedgitz/cook: A wordlist framework to fullfill your kinks with your wordlists. For...

A wordlist framework to fullfill your kinks with your wordlists. For security researchers, bug bounty and hackers. - GitHub - glitchedgitz/cook: A wordlist framework to fullfill your kinks with yo...

3

36

181

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

A new tool that may be useful... As always, please read all the README! 🤘 #BugBounty

Tweet card media

GitHub - xnl-h4ck3r/urless: De-clutter a list of URLs

De-clutter a list of URLs. Contribute to xnl-h4ck3r/urless development by creating an account on GitHub.

2

42

168

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

3 months

GAP is now in the BApp store. Feel free to give it a few ⭐️:)

@BApp_Store

BApp Store

3 months

Added: Get All Parameters

2

7

68

8

6

165

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

10 months

You can do so much with the Burp Piper extension: Why not send a JS file straight to the new JSluice tool using Piper extension and a small bit of bash script?... 🤘 #bugbountytips

Tweet media one

Tweet media two

6

29

161

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

7 months

I watched this talk from @samwcyo for the 3rd time yesterday. It's 🔥🔥🔥 If you haven't seen it, you should. Go watch it... 🤘

Tweet card media

Attacking Secondary Contexts in Web Applications - Sam Curry

This talk explores attacking various 'secondary contexts' in web applications where data is being passed to an underlying internal HTTP server. We will explo...

www.youtube.com

3

41

162

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

Burp Scope... I've seen a number of blogs, videos, etc. that tell you to use 𝗔𝗱𝘃𝗮𝗻𝗰𝗲𝗱 and then add \.𝙩𝙖𝙧𝙜𝙚𝙩\.𝙘𝙤𝙢 for example. But that would exclude 𝗵𝘁𝘁𝗽𝘀://𝘁𝗮𝗿𝗴𝗲𝘁.𝗰𝗼𝗺 right? I always use this to make sure: (\/|\.)target\.com 🤘 #bugbountytips

8

37

151

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

5 months

I thought I’d share a picture of my setup. It’s good to have some colour in your life! 🤘 And the virtual fish are a lot easier to look after 😂

Tweet media one

13

6

147

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

6 months

Here's my bambda filter for @Burp_Suite to check for potentially interesting 302's. If a 302 response has a large body, it could have something useful in there and also potentially be bypassed by match and replacing "302 Found" with "200 OK" and removing "Location" header 🤘

Tweet media one

6

27

146

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

6 months

TIL (thanks to @GodfatherOrwa slides from @bsidesahmedabad ) that you can intercept the response to a specific request in Burp! How did I not know that?! 🤘

Tweet media one

6

14

145

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

API Penetration Testing Course by @hAPI_hacker . It's FREE! Go sign up and get learning 👇🤘

Tweet card media

API Penetration Testing Course | APIsec University

Learn about key topics to become an APIsec professional, API hacking techniques and how to uncover vulnerabilities and logic flaws in APIs.

www.apisecuniversity.com

3

30

143

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

6 months

Thanks to @xssdoctor for pointing me in the direction of this great Burp extension that will make testing graphql endpoints a lot easier, and to give clairvoyance a helping hand to generate a schema 🤘

Tweet card media

GitHub - forcesunseen/graphquail: Burp Suite extension that offers a toolkit for testing GraphQL...

Burp Suite extension that offers a toolkit for testing GraphQL endpoints. - GitHub - forcesunseen/graphquail: Burp Suite extension that offers a toolkit for testing GraphQL endpoints.

2

31

140

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

10 months

If you want to track a bug bounty target with a Mind Map " @Jhaddix style" but don't want to pay for XMind, the "Obsidian markmind" plugin for @obsdmd is a really great alternative (use the "Rich" mode)! 🤘 #BugBounty

Tweet media one

3

28

139

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

I must have opened XSSHunter a million times to cut and paste the first payload when testing blind xss 😬 Now I've just added Burp match and replace rule so it replaces 𝙭𝙣𝙡𝙭𝙨𝙨 to the payload for me. Why didn't I do that sooner?! 🤘 #bugbountytip

8

22

137

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

If you've used waymore () to download archived responses from the Wayback Machine, why not check them for secrets with @trufflesec 's TruffleHog?... #bugbountytips

Tweet media one

6

29

132

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

is so useful! I use it all the time 🤘

Tweet card media

regex101: build, test, and debug regex

Regular expression tester with syntax highlighting, explanation, cheat sheet for PHP/PCRE, Python, GO, JavaScript, Java, C#/.NET, Rust.

7

13

128

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

6 months

I just noticed waymore has 957 stars on Github! If you use waymore and find it useful, please go and ⭐️it if you haven't already because it'd be nice to get it to 1000! Thank you🤘🙂

Tweet card media

GitHub - xnl-h4ck3r/waymore: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX,...

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal! - xnl-h4ck3r/waymore

6

27

127

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 months

Well, look at that... @KNOXSS just found XSS for me and knoxnl sent me a Discord notification with the POC 🔥 ➡️ ▶️ 🤘

Tweet media one

5

11

127

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

GAP v2.0 is here: ✅ Generate target specific wordlist ✅ Provide prefix for links ✅ LOTS of improvements and bug fixes ✅ Read CHANGELOG for details ✅ Follow instructions on README for installing dependencies 🤘 #BugBounty

Tweet card media

GitHub - xnl-h4ck3r/GAP-Burp-Extension: Burp Extension to find potential endpoints, parameters, and...

Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - xnl-h4ck3r/GAP-Burp-Extension

3

33

120

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

3 months

If you want to make use of Frans Rosén's postmessage-tracker extension, but are a Firefox user, you can use this version instead 👍

Tweet card media

GitHub - ACK-J/postMessage-tracker-firefox: A Firefox Extension to track postMessage usage (url,...

A Firefox Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon - ACK-J/postMessage-tracker-firefox

1

14

119

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

If you want to find EVERYTHING for a domain from waymore, just pass the root domain. DON'T pass all sub domains, it will take a lot longer and you have a chance of missing things. 🤘 #bugbountytip #bugbountytips

Tweet card media

GitHub - xnl-h4ck3r/waymore: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX,...

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal! - xnl-h4ck3r/waymore

2

20

116

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

I really liked the idea of the AutoRepeater Burp extension, but I had problems getting it working properly. So I forked a version to get it to work for me, and also changed for Dark Mode. If you had issues and love the dark too...

Tweet card media

GitHub - xnl-h4ck3r/auto-repeater: Automated HTTP Request Repeating With Burp Suite

Automated HTTP Request Repeating With Burp Suite. Contribute to xnl-h4ck3r/auto-repeater development by creating an account on GitHub.

7

23

119

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

I've done many updates to the #BugBounty tools recently, so make sure you do have an up to date version if you use them 🤘 👉waymore - v1.9 (2 days ago) 👉urless - v0.9 (2 days ago) 👉GAP Burp ext -v2.4 (last week) 👉xnLinkFinder - v3.8 (last week) 👉knoxnl - v1.1 (3 months ago)

4

21

113

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

Thank you @Jhaddix for mentioning my 𝘄𝗮𝘆𝗺𝗼𝗿𝗲, 𝘅𝗻𝗟𝗶𝗻𝗸𝗙𝗶𝗻𝗱𝗲𝗿 and 𝗚𝗔𝗣 tools in the keynote talk for #HacktivityCon2022 : "The Bug Hunting Methodology - Application Hacking v1.5" Check it out 👇 🤘

Tweet card media

Twitch is the world's leading video platform and community for gamers.

0

23

115

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

9 months

Common Crawl (CC) is a source for archived URLs. There are currently 95 CC indexes going back to 2008. - Gau checks 1 index; the newest - Waybackurls checks 1 index; 2018-22 - Waymore check ALL 95 indexes This is why waymore takes longer. But you can limit with -lcc argument 🤘

4

14

111

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

10 months

All set up. Now all I have to do is stop making excuses to myself, stop worrying about perfection, stop worrying about all the other things that keep stopping me, and just sort it out and do it! 😬 So, some videos soon... hopefully... maybe 😂 🤘

Tweet card media

/ XNL -н4cĸ3r

Aspiring Bug Bounty Hunter and Developer of Tools 👉 xnLinkFinder - get endpoints, params & target specific wordlist 👉 waymore - get URLs & archived responses 👉 GAP - Burp extension like xnLinkFi...

www.youtube.com

19

17

112

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

I've had a loooong bounty drought, and have found it hard (mentally) getting back into it, but I finally ended my drought with a HIGH! $1000 🤘 Basically when a non admin user updated settings there was a PUT request including "is_admin":false

10

10

105

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

6 months

After seeing the tweet below from @ctbbpodcast and taking inspiration from the example from @joaxcar , here is a bookmark that will show most variations of hidden and disabled fields clearer, in a similar way to Burp. Just add this as the URL of a browser bookmark and click 🤘

Tweet media one

@ctbbpodcast

Critical Thinking - Bug Bounty Podcast

6 months

A couple of you have mentioned that Burp has a functionality that will automatically unhide hidden fields in HTML. A couple thoughts on why this may not be the best method for dealing with hidden fields: 1. You will miss dynamically generated hidden fields

1

6

51

4

17

106

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

I completed the amazing API course from @apisecu and @hAPI_hacker I'm still amazed it's a FREE course! I learnt some new tricks, and now understand why people use Postman! If you haven't already, check it out... 🤘

Tweet card media

API Penetration Testing Course | APIsec University

Learn about key topics to become an APIsec professional, API hacking techniques and how to uncover vulnerabilities and logic flaws in APIs.

www.apisecuniversity.com

1

22

104

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

I've updated the 𝗚𝗔𝗣 𝗕𝘂𝗿𝗽 𝗲𝘅𝘁𝗲𝗻𝘀𝗶𝗼𝗻 to v1.3: ✅ Updated the regex and a few other tweaks to be in line with 𝘅𝗻𝗟i𝗻𝗸𝗙𝗶𝗻𝗱𝗲𝗿 (i.e. you find more links!) ✅ Fix the Help display (sorry, I didn't realise it was broken!) 🤘

Tweet card media

GitHub - xnl-h4ck3r/GAP-Burp-Extension: Burp Extension to find potential endpoints, parameters, and...

Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - xnl-h4ck3r/GAP-Burp-Extension

5

28

102

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

v1.3 of 𝘅𝗻𝗟𝗶𝗻𝗸𝗙𝗶𝗻𝗱𝗲𝗿 is now available: ➡️ IT NOW ALSO GETS POTENTIAL PARAMETERS!🔥 ✅ Fixed an issue with v1.2 that stopped it getting output for Burp and Zap files😅 As always, read the README file (the clue's in the name!) 🤘 #BugBounty

Tweet card media

GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters,...

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder

4

30

101

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

v1.18 of waymore is available: ✅ Changes to reduce load on Common Crawls API servers, and to also try and reduce errors and maximise the number of URLs retrieved from that source 🤘 #BugBounty

Tweet card media

GitHub - xnl-h4ck3r/waymore: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX,...

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal! - xnl-h4ck3r/waymore

3

21

102

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

Full marks to my amazing wife for getting me an awesome toy for Xmas! 🎄🐬

Tweet media one

3

2

98

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

3 months

TIL that @pdiscoveryio 's katana has a -jsl / -jsluice flag to enable jsluice parsing in javascript files. Thanks @TomNomNom ! 🤘

2

9

101

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

3 months

Want to learn Go from fundamentals up?! Yeah, me too! Go 🤘👇

Tweet card media

GitHub - jub0bs/go-course-beginner

Contribute to jub0bs/go-course-beginner development by creating an account on GitHub.

2

18

98

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

Thanks to @Jhaddix for looking at my tools and mentioning them in the #NahamCon2022 keynote talk, "The Bug Hunter’s Methodology: Application Analysis v1"!! 🤘 I'll work on further improvements soon, but anyone feel free to throw ideas at me! :) #BugBounty

Tweet card media

xnl-h4ck3r - Overview

Aspiring Bug Bounty Hunter and developer of tools! 🤘 - xnl-h4ck3r

0

23

94

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

9 months

v4.0 of GAP is here: ✅ Identify "sus" params, and raise Issues (or write to ext output for Burp Community) - from research from @Jhaddix and @G0LDEN_infosec ✅ LOTS of bug fixes and changes. See CHANGELOG for more 🤘 #BugBounty

Tweet card media

GitHub - xnl-h4ck3r/GAP-Burp-Extension: Burp Extension to find potential endpoints, parameters, and...

Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - xnl-h4ck3r/GAP-Burp-Extension

2

18

89

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

v1.1 of 𝘄𝗮𝘆𝗺𝗼𝗿𝗲 is now available: ✅You can now pass a file of domain/URLs as input if required #BugBounty

Tweet card media

GitHub - xnl-h4ck3r/waymore: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX,...

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal! - xnl-h4ck3r/waymore

2

25

93

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

3 months

Despite gau & waybackurls being amazng, if you're still using them instead of waymore to get archived urls, you're potentially missing out on valuable data & won't have as much control over the data you get. If you have any waymore issues, give me a shout (after reading README!)

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

5 months

gau and waybackurls are great tools, BUT... Below are more or less equivalent, just getting links from wayback machine, and also not filtering (so returning images, css, etc. as gau does by default)... Yes they are faster than waymore, but waymore gets... well... more! 🤘😉

Tweet media one

9

42

245

3

10

93

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

3 years

One month ago today I submitted my first bug on @BugBountyHunt3r BARKER platform. I'm now #15 and Level 3. I had never expected to increase my skills (and confidence) as quickly as I have in that short time, but it's thanks to @zseano , BBH and it's awesome community ❤️

3

5

88

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

Black Friday offer... use GAP and find all those potential parameters and links in your Burp projects for FREE!! 🤘😂 All feedback welcome 😉

3

31

91

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

3 months

I've just noticed that xnLinkFinder has reached 1k ⭐️'s on github 🙂 Thanks for all who use it and took the time to star it. I hope it helps your hunting 🪲 #bugbounty 🤘

Tweet media one

4

2

92

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

I find creating the UI for Burp extensions is a painful experience :/ Sorry if it's not pretty or all visible for some people. Check out GAP v2.0 though...

Tweet media one

11

7

90

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

4 months

v2.0 of waymore is here: ✅ Added new source of URLs: VirusTotal. Get your FREE Api key and add it to the config.yml file to get even more URLs! ✅ IMPORTANT: Have a very Merry Christmas! Festive wishes to you all 🎅🫶 #BugBounty 🤘

Tweet card media

GitHub - xnl-h4ck3r/waymore: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX,...

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal! - xnl-h4ck3r/waymore

2

8

90

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

6 months

v1.0 of XnlReveal is here: ✅ Now available for Chrome AND Firefox 👋 Feel free to raise a Github issue for any suggestions or problems you have ☕️ And if you like it, consider buying me a coffee! - thank you 😃 #BugBounty 🤘

Tweet card media

GitHub - xnl-h4ck3r/XnlReveal: A Chrome/Firefox browser extension to show alerts for reflected...

A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. - xnl-h4ck3r/XnlReveal

3

14

89

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

Massive thanks to @IAmMandatory for making XSS Hunter Express, and for making it so easy to set up and use 🤘

Tweet card media

GitHub - mandatoryprogrammer/xsshunter-express: An easy-to-setup version of XSS Hunter. Sets up in...

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance! - mandatoryprogrammer/xsshunter-express

1

23

91

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

If you need to start a quick server, there are a few options. Here's what I've used before:

Tweet media one

3

23

88

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

3 months

I've only just discovered the joys of IIS hacking and shortname scanning today after watching great talks by @infosec_au and @irsdl and using the great shortscan tool from @bitquark 🤘

2

4

90

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 months

My VPS was starting to run low on disk space. I was trying to work out what I could get rid of, and found out about: ➡️go clean -modcache Freed up 20G ! 😶

6

14

88

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

‼️ IMPORTANT GAP UPDATE If you got v1.8, I'm sorry I broke it completely! 😬 Please get v1.9 and all should be well again 🤘 Sorry! #BugBounty

Tweet card media

GitHub - xnl-h4ck3r/GAP-Burp-Extension: Burp Extension to find potential endpoints, parameters, and...

Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - xnl-h4ck3r/GAP-Burp-Extension

0

26

85

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

v0.2 of waymore is available: - Gets more URLs from (the same as gau now, but faster) - Don't forget to try downloading archived responses where you can fine even more links using xnLinkFinder for example 🤘

Tweet card media

GitHub - xnl-h4ck3r/waymore: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX,...

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal! - xnl-h4ck3r/waymore

4

26

84

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

I've been getting a number of DM's from people starting their Bug Bounty journey, asking for help where to start. My journey started here: Read it. Apply it. Do it 🤘 Thanks to @zseano and @BugBountyHunt3r ! #bugbountytip

2

11

83

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

10 months

I haven't tried it out yet, but from the blog and demo video, this extension from @forcesunseen looks great when working with GraphQL

Tweet card media

GitHub - forcesunseen/graphquail: Burp Suite extension that offers a toolkit for testing GraphQL...

Burp Suite extension that offers a toolkit for testing GraphQL endpoints. - GitHub - forcesunseen/graphquail: Burp Suite extension that offers a toolkit for testing GraphQL endpoints.

3

22

86

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

3 years

This is a great and comprehensive article from @0xPrial for anyone looking to get started in Bug Bounties

Tweet card media

How to Get Into Bug Bounties – Part 01 - 0xPrial

A common question nowadays is "How to get started in Bug Bounties?" and I keep on getting this message on a day to day basis. It’s not possible for me to respond to each and every message, so I...

1

28

84

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

My first python command line utility... an improvement on the classic LinkFinder, and based on the link finding capabilities of my Burp extension GAP. Give it a try and let me know how I can make it even better... 🤘

Tweet card media

GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters,...

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder

2

21

78

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

v0.4 of urless (a tool used to de-clutter a list of URLs) is available: ✅ Various bug fixes 🤘 #BugBounty

Tweet card media

GitHub - xnl-h4ck3r/urless: De-clutter a list of URLs

De-clutter a list of URLs. Contribute to xnl-h4ck3r/urless development by creating an account on GitHub.

1

29

82

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

v3.7 of xnLinkFinder is available: ✅ The link prefix value was previously prefixed to links found that didn't start with "http". This has been changed to not prefix if the link starts with any kind of schema already 🤘 #BugBounty

Tweet card media

GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters,...

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder

3

25

76

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

v3.0 of xnLinKFinder is available: ✅ Lots of bug fixes and some small improvements, mainly around the new wordlist option. 👉 Don't forget to generate your target specific wordlist, e.g. "-owl wordlist.txt" ✅ Read the CHANGELOG for details #BugBounty

Tweet card media

GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters,...

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder

2

25

75

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

For anyone starting in #bugbounty I would definitely recommend @_zwink youtube channel: 🤘

0

11

77

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

6 months

v4.3 of GAP Burp Ext is available: ✅ Add a category of Mass Assignment variables to the Sus parameter identification. #BugBounty 🤘

Tweet card media

GitHub - xnl-h4ck3r/GAP-Burp-Extension: Burp Extension to find potential endpoints, parameters, and...

Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - xnl-h4ck3r/GAP-Burp-Extension

5

11

76

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

9 months

@hakluke Or better still, check out the brand new sus_params research by @Jhaddix and @G0LDEN_infosec that they presented at defcon 🤘

Tweet card media

GitHub - g0ldencybersec/sus_params

Contribute to g0ldencybersec/sus_params development by creating an account on GitHub.

3

13

75

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

5 months

If you haven't seen this awesome site from @kleoz_ already, then check it out now🔥

Tweet card media

The Bug Bounty Radar - The Latest Public Bug Bounty Programs

Discover the Latest Public Bug Bounty Programs from various platforms. The Programs are always updated ever 5 mins.

3

9

77

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

6 months

v0.2 of XnlReveal is here: ✅ Include new setting to write Wayback Archive endpoints to the browser console for each page visited (only once for each, unless local storage cleared) ✅ A new option to only write Wayback JS endpoints if required 🤘

Tweet card media

GitHub - xnl-h4ck3r/XnlReveal: A Chrome/Firefox browser extension to show alerts for reflected...

A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. - xnl-h4ck3r/XnlReveal

2

10

77

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

3 months

v2.4 of waymore is available: 🩹 Fix issue where waymore freezes if Common Crawl return certain errors. ✅ Add new default keywords for when -ko / --keywords-only is used. #bugbounty 🤘

Tweet card media

GitHub - xnl-h4ck3r/waymore: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX,...

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal! - xnl-h4ck3r/waymore

2

14

75

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

Although xnLinkFinder is often mentioned in regards to getting links from JS files, it does a lot more than that. It can find links from any response, from inline JS, comments, JSON, etc. so don't just pass it a file of JS endpoints if you want to get the most out of it 🤘

2

14

74

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

6 months

v1.1 of XnlReveal is here: ✅ Improved UI ✅ Replace Wayback JS checkbox with Wayback RegEx textbox. Leave blank to get everything, or add your own RegEx to filter what's written to the console. ✅ Remove Run Now buttons, as you can use context menu. 🤘

Tweet card media

GitHub - xnl-h4ck3r/XnlReveal: A Chrome/Firefox browser extension to show alerts for reflected...

A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. - xnl-h4ck3r/XnlReveal

0

8

75

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

v2.7 of xnLinkFinder is available: ✅ Use --output-wordlist to get your target specific wordlist for fuzzing! 🤘 ✅ Many other new arguments to tailor the creation of the wordlist. See v2.7 CHANGELOG for more details. 🤘

Tweet card media

GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters,...

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder

2

21

70

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

4 months

v4.6 of GAP is available: 🩹 Resolve issue of new Burp footer covering some of GAP controls ✅ Include new MIME types to exclude ✅ See CHANGELOG #BugBounty 🤘

Tweet card media

GitHub - xnl-h4ck3r/GAP-Burp-Extension: Burp Extension to find potential endpoints, parameters, and...

Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - xnl-h4ck3r/GAP-Burp-Extension

0

12

75

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

3 years

Just over 9 weeks ago, I submitted my first bug on @BugBountyHunt3r 's BARKER, and I didn't really know my XSS from my elbow! Thanks to @zseano and the amazing community on BBH discord, I have learnt LOTS and I've reached Level 4 and rank #5 . Time to hack everything!

Tweet media one

11

5

71

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

Great advice from @G0LDEN_infosec 🤘👇

Tweet card media

Supercharge your hacking: Mindset, workflow, productivity and checklist - Labs Detectify

In this article, Gunnar Andrews writes how hacking is a challenge, but can be made easier with the right environment, workflows and mindset.

labs.detectify.com

1

16

72

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

v1.2 of 𝘅𝗻𝗟𝗶𝗻𝗸𝗙𝗶𝗻𝗱𝗲𝗿 is now available: ✅ If you search a Directory, all files in sub directories will also be searched. ✅ You can pass -𝙢𝙛𝙨 with a value of 0 to process all files, regardless of the size. 🤘 #BugBounty

Tweet card media

GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters,...

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder

3

28

72

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

I really like the Highlight and Extractor Burp extension, but there's a few things I wanted to change. So I forked the repo and did some changes I needed for myself. Feel free to make use of it too though! 🤘

Tweet card media

GitHub - xnl-h4ck3r/HandE-Burp-Extension: H&E- Burp Highlighter and Extractor

H&E- Burp Highlighter and Extractor. Contribute to xnl-h4ck3r/HandE-Burp-Extension development by creating an account on GitHub.

3

7

70

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

Although I understand taking a period away from hacking/coding is a good thing when you're feeling burnt out or something, but getting my brain back into things is sooooooooo hard! 😰

7

2

71

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

5 months

⚠️IMPORTANT: PLEASE UPDATE WAYMORE ⚠️ v1.33 of waymore is available: 🩹BUG FIX: Not all links were returned from Wayback archive if the target only has one page of links from their API. Huge apologies for the issue!! #BugBounty 🤘

Tweet card media

GitHub - xnl-h4ck3r/waymore: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX,...

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal! - xnl-h4ck3r/waymore

2

19

71

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

4 months

v1.37 of waymore is here: ✅ Add arg -co / --check-only: You can add this arg to check before you run waymore, to see how many requests you're actually making, and (very) roughly how long that could take. Some targets are NEED restricting! #BugBounty 🤘

Tweet media one

2

6

72

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

v1.0 of waymore is now here: 👉 The big difference between this and other tools: it can download archived responses for URLs on wayback so you can search these for even more links, extra params, etc. ✅Now uses all same sources as gau ✅See change log...

Tweet card media

GitHub - xnl-h4ck3r/waymore: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX,...

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal! - xnl-h4ck3r/waymore

2

16

68

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

1 year

v3.10 of xnLinkFinder is available: ✅ Find even more parameters in responses ✅ Only get parameters from responses that don't have content types or file types in the specified exclusions (not sure why it wasn't already doing that!) 🤘 #BugBounty

Tweet card media

GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters,...

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder

0

14

70

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

6 months

Here's ScriptView: ✅ A simple Burp ext. that adds a new tab to any Response (if it has any script tags) and only shows those tags. If there are responses with many scripts, especially inline, it makes checking through the code a bit easier #BugBounty 🤘

Tweet card media

GitHub - xnl-h4ck3r/ScriptView-Burp-Extension: A Burp Extension that makes it easier to view all...

A Burp Extension that makes it easier to view all script code on a Response. - xnl-h4ck3r/ScriptView-Burp-Extension

0

12

69

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 months

I've just noticed that GAP has just reached 1k ⭐️'s on Github. Thanks to all who use it, and have taken the time to star it :) 🤘

Tweet media one

1

2

69

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

27 days

v4.0 of waymore is here: ✅ Add arg -oijs / --output-inline-js: get files with all inline JS & also file of external JS src ✅ Install with "pip install waymore" ✅ Exclude some custom 404 pages if filtered #BugBounty 🤘

Tweet card media

GitHub - xnl-h4ck3r/waymore: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX,...

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal! - xnl-h4ck3r/waymore

3

14

69

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

6 months

I use the screen command on my VPS so that commands will not stop running when I log off. I've always had the problem that when I go into the screen session, I can't scroll up. I can't believe it's taken me this long to work out that you can fix that problem with this file! 👇🤘

Tweet media one

7

6

68

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

I created a python wrapper around the amazing @KN0X55 API by @brutelogic to make life a little easier (and more colourful!) 🤘 Don't have an API key? Go to and sign up! Thanks to the XSS genius @rodoassis :) #BugBounty

4

22

64

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 months

The webpaste browser extension comes with default javascript snippets that let you grab URLs from these search engines straight to your console (and write to file with the -o argument): ▶️ Google ▶️ Bing ▶️ DuckDuckGo ▶️ Yahoo ▶️ StartPage #bugbounty 🤘

Tweet card media

GitHub - xnl-h4ck3r/webpaste: Save your dorking results to the terminal. A modified version of...

Save your dorking results to the terminal. A modified version of TomNomNom's amazing tool! - xnl-h4ck3r/webpaste

2

6

66

@xnl_h4ck3r

/ XNL -н4cĸ3r (@[email protected])

2 years

v2.0 of xnLinkFinder is here! ✅It's finally OS agnostic, so anyone not on Linux, please try it out again and hopefully no more issues! ✅That was the last of the official TODO's so I set it to v2.0 🥳 ✅As always... RTFM 🙃 #BugBounty 🤘

Tweet card media

GitHub - xnl-h4ck3r/xnLinkFinder: A python tool used to discover endpoints, potential parameters,...

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target - xnl-h4ck3r/xnLinkFinder

2

21

66