stop due to errors issues!!

[blackcodersec]

your idea is good, and the script as well. but I think this idea is very bad. because I have an API request, but this function just stops the process and makes *****.todo files. which is weird to use this script again and again. could you make the new function to force the request to complete the file scan?

[blackcodersec]

any update boss?

[xnl-h4ck3r]

Hey @blackcodersec . Sorry, I seemed to miss this one. The errors that occur can be related to the KNOXSS API, and carrying on processing could potentially be a waste of time and better to run again later.
Can you run with -v next time, and if there are specific errors that have caused it to stop, then let me know what they were? If there are errors that turn out to be target specifc rather that the API then I'll make sure they don't cause it to stop

[blackcodersec]

If 6-10 errors are found in the output knoxnl auto stops the process and creates a new file which is filename..todo.
If I run .todo file for scanning again, I see the same thing happen again. and creating a new file filename..todo.**.todo. It is too big a name file, there is no option where I can set the name value for *****.todo file.

But I want here that if the requests get the error while scanning, the scan will be full.
I hope you understand, if not, feel free to comment.

And please don't update your script version by updating some code.
I have seen that you updated the new version with little code changes.

[xnl-h4ck3r]

Hey @blackcodersec . Thanks for raising an issue. The problem with the filename getting bigger has been fixed in the latest version I released yesterday.
If I do any code changes, then I will update the version for 2 reasons: People won't know there is a later version if I keep it the same, and the code change would have been done for a reason, AND in order to upload any change to PyPi (so can intall with pip), it has to be a unique version number.
Thanks

[blackcodersec]

hey @xnl-h4ck3r,
Ok,
But I want here that if the requests get the error while scanning, the scan will be full.

Is it possible boss?

[xnl-h4ck3r]

Sorry, I don't fully understand what you are asking. Do you mean that even if there are errors with the API, that you want it to continue even though they're likely to fail?

[blackcodersec]

Yes, there is no API error, sometimes some subdomain blocks knoxss IP, so it shows some error, but if knoxnl finds more than 6-10 times error, knoxnl stops auto scan. which is bad (I think)
Because some subdomains won't accept Knoxss IP but other links will be accepted. but knoxnl did not check that urls. knoxnl makes a file which is ****.todo

[xnl-h4ck3r]

It shouldn't stop on those errors. In your example screenshot it stopped because it was failing to connect to KNOXSS itself rather than issues with the targets through the API.
Can you send me a screenshot of a new run where it stops because of a target blocking KNXOSS or something to do with the target? I'm not sure how to replicate the issue

[blackcodersec]

Check the image. knoxss IP blocking issue here,

[xnl-h4ck3r]

Ho @blackcodersec . Again the last errors that caused it to stop were the API timing out and then being unable to establick a connection to the API. If we can't contact the API, everything would fail if we carry on,
I'm unsure why there are issues connecting to the API at that time

[xnl-h4ck3r]

I'll look into this more to try anf figure out the issue

[xnl-h4ck3r]

HI @blackcodersec. So the code currently works in a way that it will stop if one of these happens:

• An error occurs when calling the API itself e.g. if your internet connection was lost, the KNOXSS API itself wouldn't allow the connection (so issues their side)
• The API responds, but provides an error of "service unavailable"
• If the API Key is invalid or missing

So it's the first 2 points are the problem here. These imply an issue with the API and maybe it is overloaded and unable to accept a new connection at that time.

I'm thinking of making a change that will pause for 30 seconds if one of these API issues happen, and then try again. Maybe have an argument for the amount of retries and seocnds to wait, and default to 3 and 30 seconds respectively. What do you think?

[blackcodersec]

I think it would be good. another thing is, I think knoxss server config is not good. most of the time url not scanned fully.

[xnl-h4ck3r]

I think it would be good. another thing is, I think knoxss server config is not good. most of the time url not scanned fully.

If there's any issues with KNOXSS API itself, you'll need to speak to them directly about that. I'm not sure what you mean by "not scanned fully" though. Are you referring to an issue with KNOXSS API, or with knoxnl?

[blackcodersec]

I am asking to Knoxss, and he told me, now Knoxss has to handle a lot of requests, so sometimes there are problems with requests.

I'm thinking of making a change that will pause for 30 seconds if one of these API issues happen, and then try again. Maybe have an argument for the amount of retries and seocnds to wait, and default to 3 and 30 seconds respectively. What do you think?

That's why, I think it would be good.

[blackcodersec]

How to avoid this type of error?
I think if you implement retries scan, when a URL will not be scanned or error will occur. It would be great update.

[xnl-h4ck3r]

How to avoid this type of error? I think if you implement retries scan, when a URL will not be scanned or error will occur. It would be great update.

Hi @blackcodersec, I think is is related with an issue with the KNOXSS API itself. It happens when there is a runtime error of failed to establish a new connection when trying to call the API. It can occur if you are running low on memory (which has happened for some people on limited VPS running lots of other things), but it is most likely an issue with the KNOXSS API. So bascially, there is nothing we are able to do with that. There are changes coming soon that will wait for a while and do a number of retries if errors like this happen.

[Nishantbhagat57]

@xnl-h4ck3r

 _           _ ___    __      _
| | ___ __   V_V\ \  / /_ __ | | 
| |/ / '_ \ / _ \\ \/ /| '_ \| | 
|   <| | | | (_) / /\ \| | | | | 
|_|\_\_| |_|\___/_/  \_\_| |_|_| 
                 by @Xnl-h4ck3r 

Current knoxnl version 4.0 (latest)

NOTE: Overriding "API_KEY" from config.yml with passed API Key xxxx-aa8d-xxxx-8a3c-xxxx

Calling KNOXSS API for 6852 targets...

[ SAFE ] - (GET)  https://stage-gr-en-origin.test.test.com/ [51/5000]
[ SAFE ] - (GET)  https://bcassets.test.com/FUZZ [52/5000]
[ ERR! ] - (GET)  https://storeship-dev.test.com/FUZZ  KNOXSS ERR: Target is blocking KNOXSS IP [52/5000]
[ SAFE ] - (GET)  https://daq.test.com.tw/ [53/5000]
The KNOXSS service is currently unavailable. Please try again later.
[ ERR! ] - (GET)  https://np-msapi.test.com/FUZZ  KNOXSS ERR:  [53/5000]
[ ERR! ] - (GET)  https://www.load-mid-management.test.com/#/.  KNOXSS ERR:  [53/5000]

API calls made so far today - 53/5000

Had to stop due to errors. All unchecked URLs have been written to /home/nishant57/BB/test.com/xsstest/urls.txt.20240415_145750.todo

The following domains seem to be blocking KNOXSS and might be worth excluding for now: storeship-dev.test.com
No successful XSS found... better luck next time! 🤘

[xnl-h4ck3r]

Hi @Nishantbhagat57. It stopped because there was an issue with the KNOXSS API. Unfortunatley there is much I can do if the API is having issues. I am working on a change to wait for a while when the API is having problems to try again a few times before stopping.