recx is a crawler for finding reflected parameters!
features
- fast and efficient crawling
- real time parameter reflection detection
- special character filtering detection
- smart context validation
- multiple domain support
- zero false positives
- pipe line friendly output
installation
go install github.com/1hehaq/recx
or build from source
git clone https://github.com/1hehaq/recx
cd recx
go build -o recx main.go
sudo mv recx /usr/local/bin/
options:
-h, -help show help message
-v show version
-t scan timeout (default 120s)
-w workers (default 20)
-d max depth (default 8)
example commands
cat urls.txt | recx
subfinder -d example.com -all -recursive -silent | recx
cat urls.txt | httpx -silent | recx | nuclei -t xss.yaml -o nuclei-xss.txt
echo "example.com" | recx | grep "'<" | tee xss.txt
example output
https://example.com?param=REFLECTED (unfiltered:'<>$)
https://example.com/page?id=REFLECTED (unfiltered:<>'"})
troubleshooting
- ensure target is accessible
- check your internet connection
- verify URL format (http:// or https://)
- increase timeout for large domains (-t flag)
- adjust worker count for better performance (-w flag)
Made with <3 by @1hehaq
Follow me on 𝕏