xray: A powerful security assessment tool


A powerful security assessment tool.

Detection module

We are working hard for new detection modules

  • xssXSS Vulnerabilities Scan
  • sqldetSupport error based, boolean based and time-based sql injection detection
  • cmd_injectionDetect common shell command injection, PHP code execution, and template injection, etc
  • dirscanSupport about ten kinds of the sensitive path and file type, including backup file, temp file, debug page, config file, etc
  • path_traversalSupport command platform and encoding
  • xxeSupport echo based detection and can work with reverse server
  • phantasmCommon poc inside, user can add your own poc and run it. Document: https://chaitin.github.io/xray/#/guide/poc
  • uploadSupport common backend languages
  • brute_forceThe community version can detect weak password in http basic auth and simple form, common username and password dict inside
  • jsonpDetect jsonp api with sensitive data which can be called across origins
  • ssrfSupport common bypass tech and can work with reverse server
  • baselineDetect outdated SSL version, missing or incorrect http headers, etc
  • redirectDetect arbitrary redirection from HTML meta and 30x response, etc
  • crlf_injectionDetect CRLF injection in HTTP header, support parameters from query and body, etc



  1. Use basic crawler to scan a websitexray webscan –basic-crawler http://example.com –html-output crawler.html
  2. Run as an HTTP proxy to scan passivelyxray webscan –listen –html-output proxy.htmlConfigure the browser to use http proxy, then the proxy traffic can be automatically analyzed and scanned。If need to scan https traffic,please read capture https trafic section in this document.
  3. Scan a single urlxray webscan –url http://example.com/?a=b –html-output single-url.html
  4. Specify the plugins to run manually

By default, all built-in plugins are enabled, and the following commands can be used to enable specific plugins for this scan.

xray webscan --plugins cmd_injection,sqldet --url http://example.com
xray webscan --plugins cmd_injection,sqldet --listen
  1. Specify plugin output pathYou can specify the output path of the vulnerability information:xray webscan –url http://example.com/?a=b \ –text-output result.txt –json-output result.json –html-output report.html

Source: https://github.com/chaitin/

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

SC ProDefence SRL - Cyber Security Services