This Blog is protected by

This Blog is protected by


Tools: XRCROSS (Recon)

Tools: XRCROSS (Recon)

Tools: XRCROSS (Recon)

About XRCross


   XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing.This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Options :


   Example: ./XRCross -u/--url <arguments>
./XRCross <arguments> <arguments>

Optional Arguments:
-h /--help | show this help message and exit
-u /--url | URLs
-rc | Check HTTP response codes
--subdo | Check Subdomains
--burp | Urls Burpsuite crawling and scanning
--github | Enumerate Subdomain for github And Using Api github
--dir | Dir bruteforce
-w | Wordlist file to use for enumeration. (default wordlists/wordlists.txt)
--host | Host Live Check
--header | Host header injection check
--jst | JavaScript Status
--ssrf | Blind SSRF testing
--cors | CORS misconfiguration scanner
--takeover | Check Posible Takeover
--verbose | Verbose status code
--jsurl | Gathering all js urls
--xss | XSS testing
--lfi | LFI Check Vulnerabilty
-gf | GF parameters grep
-ssti | Check SSTI Parameters
-idor | Check IDOR Parameters
-rce | Check RCE Parameters
-lfi | Check LFI Parameters
-sqli | Check SQLI Parameters
-ssrf | Check SSRF Parameters
-xss | Check XSS Parameters
-img | Check img-traversal Parameters
-int | Interestingparams
-sw/-scrw | Scraping wayback for data
-js | Jsurls
-php | Phpurls
-asp | ASP
-html | Html
-aws | Amazon S3 bucket enumeration
-r normal | Check open redirection
-redirec | Check redirec Parameters
-o | Outfile


Example :


1.Check Subdomains

XRCross -u (--subdo|-s)

2.Check Subdomains,and Burpsuite scanning

XRCross -u --subdo --burp

3.Host Live Check

XRCross -u (--host|-H)

4.Blind SSRF testing

XRCross -u (-Ss/--ssrf)

5.Check Parameter XSS

XRCross -u --xss

6.CORS misconfiguration scanner

XRCross -u --cors

7.Check Posible Takeover

XRCross -u --takeover

8.Verbose Status Code

XRCross -u --verbose

9.GF parameters grep

XRCross -gf "(-ssti|-idor|-rce|-lfi|-sqli)"

10.Scraping wayback

XRCross -sw (-js|-php|-asp|-html)

11.Check open redirection

XRCross -r "(-redirec)"

12.Amazon S3 bucket enumeration

XRCross -aws whatever


XRCross <Arguments> -o File_OUT/


How to install XRCross :


$root@kali~# git clone
$root@kali~# ./
$root@kali~# ./XRCross -h


Go language dependency :


 All the dependent libraries are compiled with go version 1.14.2. So go version 1.14.2 should be installed(strictly). Secondly, $GOPATH should be set to /root/go and it should be exported to PATH using "export PATH=$PATH:$GOROOT/bin/:$GOPATH/bin" and same should be present in profile or bash_profile or bashrc. XRCross checks for all the go dependencies under ~/go/bin.


Credits Thanks :



Related Posts

Related Posts

Posting Komentar