A powerful security assessment tool
Note: xray is not open source, you can download the built binaries directly, and the poc in the repository, which is mainly contributed by the community, will be packaged automatically for each xray release.
To address the complexity and bloat of xray 1.0 as features were added, we are introducing xray 2.0.
This new version is dedicated to improving the fluidity of feature usage, lowering the barrier to use, and helping more security industry practitioners to reap a better experience in a more efficient mode. xray 2.0 will integrate a series of new security tools to form a comprehensive security toolset.
xray 2.0 series of the first tool xpoc has been launched, welcome to experience!
Before using the tool, read and agree to the terms especially the disclaimer in the License. Otherwise, do not install or use the tool.
-
Use the base basic web crawler scan to scrape and perform vulnerability scanning on the scraped links
xray webscan --basic-crawler http://example.com --html-output vuln.html
-
Use an HTTP proxy for passive scanning
xray webscan --listen 127.0.0.1:7777 --html-output proxy.html
Set the browser http proxy to
http://127.0.0.1:7777to analyze proxy traffic and scan automatically.To scan https traffic, read the
Crawling https Trafficsection below -
Only a single url is scanned, without crawlers
xray webscan --url http://example.com/?a=b --html-output single-url.html -
Manually configure the plugins to run this time
By default, all built-in plugins are enabled. You can specify which plugins are enabled for this scan using the following command.
xray webscan --plugins cmd-injection,sqldet --url http://example.com xray webscan --plugins cmd-injection,sqldet --listen 127.0.0.1:7777
-
Specifying plugin output
You can choose targeted vulnerability and their details of this scan and export a report:
xray webscan --url http://example.com/?a=b \ --text-output result.txt --json-output result.json --html-output report.html
For other uses, read the documentation: https://docs.xray.cool
New detection modules will be added continuously
| 名称 | Key | 版本 | 说明 |
|---|---|---|---|
| XSS vulnerability detection | xss |
Community Edition | Semantic analysis is used to detect XSS vulnerabilities |
| SQL Injection Detection | sqldet |
Community Edition | It supports error injection, Boolean injection, time blind injection, etc |
| Command/Code injection detection | cmd-injection |
Community Edition | It supports shell command injection, PHP code execution, template injection, etc |
| dirscan | dirscan |
Community Edition | Detects more than 10 sensitive paths and files, including backup files, temporary files, debug pages, and configuration files |
| Path traversal detection | path-traversal |
Community Edition | Support for common platforms and encodings |
| XML Entity Injection Detection | xxe |
Community Edition | Support for echo and reverse platform detection |
| POC management | phantasm |
Community Edition | Some commonly used POCs are built in by default. Users can build and run POCs based on their needs. Document: POC |
| File upload detection | upload |
Community Edition | Support for common back-end languages |
| Weak password detection | brute-force |
Community Edition | The Community Edition supports the detection of HTTP basic authentication and weak passwords for simple forms, with a built-in dictionary of common user names and passwords |
| jsonp detection | jsonp |
Community Edition | Detects jsonp interfaces that contain sensitive information that can be read across domains |
| ssrf detection | ssrf |
Community Edition | ssrf detection module supports common bypass technology and reverse platform detection |
| Baseline detection | baseline |
Community Edition | Detects low SSL versions, missing or incorrectly added http, and so on |
| Redirection detection | redirect |
Community Edition | Support HTML meta jump, 30x jump, etc |
| CRLF injection | crlf-injection |
Community Edition | Detects HTTP header injection and supports parameters for query, body, etc |
| XStream vulnerability detection | xstream |
Community Edition | Detect XStream series vulnerabilities |
| Struts2 series vulnerability detection | struts |
Advanced Edition | Detect whether the target website has Struts2 series vulnerabilities, including s2-016, s2-032, s2-045 and other common vulnerabilities |
| Thinkphp series vulnerability detection | thinkphp |
Advanced Edition | Detect vulnerabilities in ThinkPHP websites |
| Shiro deserialization vulnerability detection | shiro |
Advanced Edition | Detect Shiro deserialization vulnerability |
| Fastjson series detection | fastjson |
Advanced Edition | Detect fastjson series vulnerabilities |
See https://docs.xray.cool/ for the following advanced uses.
- Modifying the configuration file
- Scraping https traffic
- Modifying the http packet sending configuration
- Employing reverse platforms
- ...
The progress of xray is inseparable from the support of all masters. Upholding the spirit of mutual assistance and joint construction, in order to let us make progress together, xray has also opened the channel of "PoC collection"! Here you will get:
- Contributors should submit their work using a Pull Request to the xray community repository on GitHub. For POCs, use this link: https://github.com/chaitin/xray/tree/master/pocs, and for fingerprint recognition scripts, use this one: https://github.com/chaitin/xray/tree/master/fingerprints
- In the Pull Request, fill out the POC information using the provided template
- Our team will review the Pull Request and decide whether to include it in the repository
- Keep in mind that to earn rewards for your POC, you'll need to submit it to the CT stack.
- Contributing to PoC earns generous points rewards and provides a fulfilling sense of accomplishment.
- Choose from over 50 types of peripheral gifts in our abundant gift redemption area.
- Regularly redeem JD Cards online and get one step closer to financial freedom.
- Get the opportunity to enter the core community, receive special tasks, and earn high rewards.
- Perfect PoC writing tutorials and guidance help you get started quickly and avoid detours.
- Interact face-to-face with contributors and developers to comprehensively improve various abilities.
- Get a direct interview opportunity without a written test, and turn your desired job into a reality.
If you have successfully contributed PoC but have not entered the contributor group, please add customer service WeChat:
Provide your CT stack platform registration id for verification, and you can join the group after the verification is passed!
See: https://docs.xray.cool/#/guide/contribute
The tool can assist in generating POC, and the online version supports * * poc duplicate check * *, and the local version supports direct contract verification
- Rule Lab
- The online version supports duplicate checking of poc
This tool is only a simple command line wrapper, not a direct method call. In the planning of xray, there will be a truly complete GUI version of XrayPro tool in the future. Please look forward to it.
Feedback of false positives,false negatives, please don’t hesitate to contact us. Be sure to read https://docs.xray.cool/#/guide/feedback first
If you have a question, you can ask it on GitHub or in the discussion group below
-
GitHub issue: https://github.com/chaitin/xray/issues
-
Wechat official account: Scan the following QR code on wechat and subscribe us
-
Wechat group: Please add the WeChat official account and click "联系我们" -> "加群", and then scan the QR code to join the group
-
QQ group: 717365081
