xnlinkfinder

Command: --depth - The level of depth to search. For example, if a value of 2 is passed, then all links initially found will then be searched for more links (default: 1). This option is ignored for Burp files because they can be huge and consume lots of memory. It is also advisable to use the -sp (--scope-prefix) argument to ensure a request to links found without a domain can be attempted.

Command: - Input a URL or domain.

Command: --config - Path to the YML config file. If not passed, a default 'config.yml' is used which has some excludes some words/extensions and defines some stopwords.

Command: --origin - Whether you want the origin of the link to be in the output. Displayed as LINK-URL [ORIGIN-URL] in the output (default: false)

Command: --cookies - Add cookies to pass with HTTP requests. Pass in the format 'name1=value1; name2=value2;'

Command: --exclude - Link exclusions in a comma separated list, e.g. careers,forum

Command: --headers - Add custom headers to pass with HTTP requests. Pass in the format 'Header1: value1; Header2: value2;'

Command: --include - Include input links in the output (default: false)

Command: --timeout - How many seconds to wait for the server to send data before giving up (default: 10 seconds)

Command: --verbose - Verbose output

Command: -insecure - Whether TLS certificate checks should be made disabled making requests (default: false)

Command: --no-banner - Hides the tool banner.

Command: --processes - Basic multithreading is done when getting requests for a URL, or file of URLs (not a Burp file). This argument determines the number of processes (threads) used (default: 25)

Command: -ascii-only - Whether links and parameters will only be added if they only contain ASCII characters (default: False). This can be useful when you know the target is likely to use ASCII characters and you also get a number of false positives from binary files for some reason.

Command: --user-agent - What User Agents to get links for, e.g. 'desktop mobile'

Command: --regex-after - RegEx for filtering purposes against found endpoints before output (e.g. /api/v[0-9].[0-9]* ). If it matches, the link is output.

Command: -s403 - Stop when > 95 percent of responses return 403 Forbidden (default: false)

Command: -s429 - Stop when > 95 percent of responses return 429 Too Many Requests (default: false)

Command: -replay-proxy - For active link finding with URL (or file of URLs), replay the requests through this proxy.

Command: --scope-filter - Will filter output links to only include it if the domain of the link is in the scope specified.

Command: --scope-prefix - Any links found starting with / will be prefixed with scope domain in the output instead of the original link.

Command: --vverbose - Increased verbose output

Command: --max-file-size - The maximum file size (in bytes) of a file to be checked if -i is a directory. If the file size os over, it will be ignored (default: 500 MB). Setting to 0 means no files will be ignored, regardless of size.

Command: --max-time-limit - The maximum time limit (in minutes) to run before stopping (default: 0). If 0 is passed, there is no limit.

Command: --stopwords-file - A file of additional Stop Words (in addition to stopWords in the YML Config file) used to exclude words from the target specific wordlist. Stop Words are used in Natural Language Processing and different lists can be found in different libraries. You may want to add words in different languages, depending on your target.

Command: -sTO - Stop when > 95 percent of requests time out (default: false)

Command: --wordlist-maxlen - The maximum length of words to add to the target specific wordlist (excluding plurals).

Command: --memory-threshold - The memory threshold percentage. If the machines memory goes above the threshold, the program will be stopped and ended gracefully before running out of memory (default: 95)

Command: --scope-filter - Will filter output links to only include them if the domain of the link is in the scope specified.

Command: --scope-prefix - Any links found starting with / will be prefixed with scope domains in the output instead of the original link.

Command: --no-wordlist-digits - Exclude any words from the target specific wordlist with numerical digits in.

Command: --no-wordlist-imgalt - By default, any image 'alt' attributes will be processed for the target specific wordlist. If this argument is used, they will not be processed.

Command: --no-wordlist-plurals - When words are found for a target specific wordlist, by default new words are added if there is a singular word from a plural, and vice versa. If this argument is used, this process is not done.

Command: --no-wordlist-comments - By default, any comments in pages will be processed for the target specific wordlist. If this argument is used, they will not be processed.

Command: --no-wordlist-pathwords - By default, any path words found in the links will be processed for the target specific wordlist. If this argument is used, they will not be processed.

Command: --scope-prefix-original - If a scope-prefix is passed, then this determines whether the original link starting with / is also included in the output (default: false).

Command: --no-wordlist-parameters - By default, any parameters found in the links will be processed for the target specific wordlist. If this argument is used, they will not be processed.

Command: -sCE - Stop when > 95 percent of requests have connection errors (default: false)