Tools

xray: A powerful security assessment tool

xray

A powerful security assessment tool.

Detection module

We are working hard for new detection modules

  • xssXSS Vulnerabilities Scan
  • sqldetSupport error based, boolean based and time-based sql injection detection
  • cmd_injectionDetect common shell command injection, PHP code execution, and template injection, etc
  • dirscanSupport about ten kinds of the sensitive path and file type, including backup file, temp file, debug page, config file, etc
  • path_traversalSupport command platform and encoding
  • xxeSupport echo based detection and can work with reverse server
  • phantasmCommon poc inside, user can add your own poc and run it. Document: https://chaitin.github.io/xray/#/guide/poc
  • uploadSupport common backend languages
  • brute_forceThe community version can detect weak password in http basic auth and simple form, common username and password dict inside
  • jsonpDetect jsonp api with sensitive data which can be called across origins
  • ssrfSupport common bypass tech and can work with reverse server
  • baselineDetect outdated SSL version, missing or incorrect http headers, etc
  • redirectDetect arbitrary redirection from HTML meta and 30x response, etc
  • crlf_injectionDetect CRLF injection in HTTP header, support parameters from query and body, etc

Download

Use

  1. Use basic crawler to scan a websitexray webscan –basic-crawler http://example.com –html-output crawler.html
  2. Run as an HTTP proxy to scan passivelyxray webscan –listen 127.0.0.1:7777 –html-output proxy.htmlConfigure the browser to use http proxy http://127.0.0.1:7777, then the proxy traffic can be automatically analyzed and scanned。If need to scan https traffic,please read capture https trafic section in this document.
  3. Scan a single urlxray webscan –url http://example.com/?a=b –html-output single-url.html
  4. Specify the plugins to run manually

By default, all built-in plugins are enabled, and the following commands can be used to enable specific plugins for this scan.

xray webscan --plugins cmd_injection,sqldet --url http://example.com
xray webscan --plugins cmd_injection,sqldet --listen 127.0.0.1:7777
  1. Specify plugin output pathYou can specify the output path of the vulnerability information:xray webscan –url http://example.com/?a=b \ –text-output result.txt –json-output result.json –html-output report.html

Source: https://github.com/chaitin/

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering