Skip to main content
Name:xnlinkfinder
Category:Discovery
Publisher:trickest-mhmdiaa
Created:2/3/2023
Container:quay.io/trickest/xnlinkfinder:v6.16-patch-5
Output Type:
License:Unknown

Parameters

depth
string
--depthThe level of depth to search. For example, if a value of 2 is passed, then all links initially found will then be searched for more links (default: 1). This option is ignored for Burp files because they can be huge and consume lots of memory. It is also advisable to use the -sp (--scope-prefix) argument to ensure a request to links found without a domain can be attempted.
input
string
required
--inputInput a URL or domain.
config
file
--configPath to the YML config file. If not passed, a default 'config.yml' is used which has some excludes some words/extensions and defines some stopwords.
origin
boolean
--originWhether you want the origin of the link to be in the output. Displayed as LINK-URL [ORIGIN-URL] in the output (default: false)
cookies
string
--cookiesAdd cookies to pass with HTTP requests. Pass in the format 'name1=value1; name2=value2;'
exclude
string
--excludeLink exclusions in a comma separated list, e.g. careers,forum
headers
string
--headersAdd custom headers to pass with HTTP requests. Pass in the format 'Header1: value1; Header2: value2;'
include
boolean
--includeInclude input links in the output (default: false)
timeout
string
--timeoutHow many seconds to wait for the server to send data before giving up (default: 10 seconds)
verbose
boolean
--verboseVerbose output
all-tlds
boolean
--all-tldsAll links found will be returned, even if the TLD is not common. This can result in a number of false positives where variable names, etc. may also be a possible genuine domain. By default, only links that have a TLD in the common TLDs (commonTLDs in config.yml) will be returned.
insecure
boolean
-insecureWhether TLS certificate checks should be made disabled making requests (default: false)
prefixed
boolean
--prefixedWhether you want to see which links were prefixed in the output. Displays (PREFIXED) after link and origin in the output (default: false)
no-banner
boolean
--no-bannerHides the tool banner.
processes
string
--processesBasic multithreading is done when getting requests for a URL, or file of URLs (not a Burp file). This argument determines the number of processes (threads) used (default: 25)
ascii-only
boolean
-ascii-onlyWhether links and parameters will only be added if they only contain ASCII characters (default: False). This can be useful when you know the target is likely to use ASCII characters and you also get a number of false positives from binary files for some reason.
input-file
file
required
--inputInput a text file of URLs, a Burp XML output file, a ZAP output file, or a Caido CSV, or a single file to search contents.
user-agent
string
--user-agentWhat User Agents to get links for, e.g. 'desktop mobile'
regex-after
string
--regex-afterRegEx for filtering purposes against found endpoints before output (e.g. /api/v[0-9].[0-9]* ). If it matches, the link is output.
stop-on-403
boolean
-s403Stop when > 95 percent of responses return 403 Forbidden (default: false)
stop-on-429
boolean
-s429Stop when > 95 percent of responses return 429 Too Many Requests (default: false)
input-folder
folder
required
--inputInput a directory of files to search
replay-proxy
string
-replay-proxyFor active link finding with URL (or file of URLs), replay the requests through this proxy.
scope-filter
string
required
--scope-filterWill filter output links to only include it if the domain of the link is in the scope specified.
scope-prefix
string
--scope-prefixAny links found starting with / will be prefixed with scope domain in the output instead of the original link.
very-verbose
boolean
--vverboseIncreased verbose output
max-file-size
string
--max-file-sizeThe maximum file size (in bytes) of a file to be checked if -i is a directory. If the file size os over, it will be ignored (default: 500 MB). Setting to 0 means no files will be ignored, regardless of size.
content-length
boolean
--content-lengthShow the Content-Length of the response when crawling.
max-time-limit
string
--max-time-limitThe maximum time limit (in minutes) to run before stopping (default: 0). If 0 is passed, there is no limit.
stopwords-file
string
--stopwords-fileA file of additional Stop Words (in addition to stopWords in the YML Config file) used to exclude words from the target specific wordlist. Stop Words are used in Natural Language Processing and different lists can be found in different libraries. You may want to add words in different languages, depending on your target.
stop-on-timeout
boolean
-sTOStop when > 95 percent of requests time out (default: false)
wordlist-maxlen
string
--wordlist-maxlenThe maximum length of words to add to the target specific wordlist (excluding plurals).
memory-threshold
string
--memory-thresholdThe memory threshold percentage. If the machines memory goes above the threshold, the program will be stopped and ended gracefully before running out of memory (default: 95)
scope-filter-file
file
--scope-filterWill filter output links to only include them if the domain of the link is in the scope specified.
scope-prefix-file
file
--scope-prefixAny links found starting with / will be prefixed with scope domains in the output instead of the original link.
user-agent-custom
string
--user-agent-customA custom User Agent string to use for all requests. This will override the -u/--user-agent argument. This can be used when a program requires a specific User Agent header to identify you for example.
no-wordlist-digits
boolean
--no-wordlist-digitsExclude any words from the target specific wordlist with numerical digits in.
no-wordlist-imgalt
boolean
--no-wordlist-imgaltBy default, any image 'alt' attributes will be processed for the target specific wordlist. If this argument is used, they will not be processed.
no-wordlist-plurals
boolean
--no-wordlist-pluralsWhen words are found for a target specific wordlist, by default new words are added if there is a singular word from a plural, and vice versa. If this argument is used, this process is not done.
burpfile-remove-tags
string
--burpfile-remove-tagsWhether to remove tags if a Burp file is passed as input. This is asked interactively if the flag is not passed. Pass as True or False.
no-wordlist-comments
boolean
--no-wordlist-commentsBy default, any comments in pages will be processed for the target specific wordlist. If this argument is used, they will not be processed.
no-wordlist-lowercase
boolean
--no-wordlist-lowercaseBy default, any word added with any uppercase characters in will also add the word in lowercase. If this argument is used, the lowercase words will not be added.
no-wordlist-pathwords
boolean
--no-wordlist-pathwordsBy default, any path words found in the links will be processed for the target specific wordlist. If this argument is used, they will not be processed.
scope-prefix-original
boolean
--scope-prefix-originalIf a scope-prefix is passed, then this determines whether the original link starting with / is also included in the output (default: false).
exclude-relative-links
boolean
-xrelBy default, if any links in the results start with `./` or `../`, they will be included. If this argument is used, these relative links will not be added.
no-wordlist-parameters
boolean
--no-wordlist-parametersBy default, any parameters found in the links will be processed for the target specific wordlist. If this argument is used, they will not be processed.
scope-prefix-keep-failed
boolean
--scope-prefix-keep-failedIf argument -spkf is passed, then this determines whether a prefixed link will be kept in the output if it was a 404 or a RequestException occurred (default: false).
stop-on-connection-errors
boolean
-sCEStop when > 95 percent of requests have connection errors (default: false)