search

xnl-h4ck3r / xnLinkFinder

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target
1.2k stars 147 forks source link

Question #2

Closed Marcio861 closed 2 years ago

Marcio861 commented 2 years ago

I possible version for owasp zap?

xnl-h4ck3r commented 2 years ago

Hi @Marcio861 That's a good idea! I haven't used Zap myself yet so I'll have a look at it in more detail and see if I can add a mode to process a Zap file aswell as a Burp file Thanks Xnl

xnl-h4ck3r commented 2 years ago

@Marcio861, would you use the Report -> Export Messages to File... option to save the traffic you wanted and then want xnLinkFinder to search those requests and responses for links? I'm not too familiar with Owasp ZAP so just trying to figure out what file format and content I'd need to deal with

Marcio861 commented 2 years ago

Format owasp zap .context

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

Default Context true Db Db.CouchDB Db.Firebird Db.HypersonicSQL Db.IBM DB2 Db.Microsoft Access Db.Microsoft SQL Server Db.MongoDB Db.MySQL Db.Oracle Db.PostgreSQL Db.SAP MaxDB Db.SQLite Db.Sybase Language Language.ASP Language.C Language.JSP/Servlet Language.Java Language.Java.Spring Language.JavaScript Language.PHP Language.Python Language.Ruby Language.XML OS OS.Linux OS.MacOS OS.Windows SCM SCM.Git SCM.SVN WS WS.Apache WS.IIS WS.Tomcat org.zaproxy.zap.model.StandardParameterParser {"kvps":"&","kvs":"=","struct":[]} org.zaproxy.zap.model.StandardParameterParser {"kvps":"&","kvs":"=","struct":[]} 0 EACH_RESP 60 REQUESTS -1 0 0
AND -1

example tool gen scope bugbounty for burp and owasp zap: https://github.com/root4loot/rescope

Marcio861 commented 2 years ago

@Marcio861, would you use the Report -> Export Messages to File... option to save the traffic you wanted and then want xnLinkFinder to search those requests and responses for links? I'm not too familiar with Owasp ZAP so just trying to figure out what file format and content I'd need to deal with

Is inverse, xnLinkFinder to owasp zap, or mixed, in owasp zap exist possible mixed tools , tools> options > application

but is possible running with anthentication cookie and header?

xnl-h4ck3r commented 2 years ago

I'm not sure if I fully understand everything you are asking for...

When you say Is inverse, xnLinkFinder to owasp zap, do you mean that when you use -i argument as a URL (or file of URLs) that you want to proxy the requests to OWASP ZAP too?

You mentioned the tools> options > application option, but that wouldn't really make sense to do because that just sends request data to an application... you would be making xnLinkFinder make every single request again to search the response. If your project has 100,000 requests and responses, you wouldn't want xnLinkFinder to then make 100,000 requests again to get the responses. You just want xnLinkFinder to search the responses you already have in the OWAPS ZAP project. To do that, you could select all of the history that you want to check, select Report -> Export Messages to File... and then use that input file as input for xnLinkFinder. I could certainly do a change to assist with that. It would work in the same way as passing a Burp XML file using -i.

Lastly, your question but is possible running with anthentication cookie and header?: yes you can use th -H argument to add headers

Marcio861 commented 2 years ago

perfect answer thank you very much