This Blog is protected by DMCA.com

This Blog is protected by DMCA.com

qRbQCE31NMrtFvtKOB4Z5hNkGEPLdMi5yDIujADC

Tools: XRCROSS (Recon)


Tools: XRCROSS (Recon)

Tools: XRCROSS (Recon)
 

About XRCross

 

   XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing.This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
 

Options :

 

   Example: ./XRCross -u/--url example.site <arguments>
./XRCross <arguments> example.site <arguments>

Optional Arguments:
-h /--help | show this help message and exit
-u /--url | URLs
-rc | Check HTTP response codes
--subdo | Check Subdomains
--burp | Urls Burpsuite crawling and scanning
--github | Enumerate Subdomain for github And Using Api github
--dir | Dir bruteforce
-w | Wordlist file to use for enumeration. (default wordlists/wordlists.txt)
--host | Host Live Check
--header | Host header injection check
--jst | JavaScript Status
--ssrf | Blind SSRF testing
--cors | CORS misconfiguration scanner
--takeover | Check Posible Takeover
--verbose | Verbose status code
--jsurl | Gathering all js urls
--xss | XSS testing
--lfi | LFI Check Vulnerabilty
-gf | GF parameters grep
-ssti | Check SSTI Parameters
-idor | Check IDOR Parameters
-rce | Check RCE Parameters
-lfi | Check LFI Parameters
-sqli | Check SQLI Parameters
-ssrf | Check SSRF Parameters
-xss | Check XSS Parameters
-img | Check img-traversal Parameters
-int | Interestingparams
-sw/-scrw | Scraping wayback for data
-js | Jsurls
-php | Phpurls
-asp | ASP
-html | Html
-aws | Amazon S3 bucket enumeration
-r normal | Check open redirection
-redirec | Check redirec Parameters
-o | Outfile

 

Example :

 

1.Check Subdomains

XRCross -u example.site (--subdo|-s)

2.Check Subdomains,and Burpsuite scanning

XRCross -u example.site --subdo --burp http://127.0.0.1:8080

3.Host Live Check

XRCross -u example.site (--host|-H)

4.Blind SSRF testing

XRCross -u example.site (-Ss/--ssrf)

5.Check Parameter XSS

XRCross -u example.site --xss

6.CORS misconfiguration scanner

XRCross -u example.site --cors

7.Check Posible Takeover

XRCross -u example.site --takeover

8.Verbose Status Code

XRCross -u example.com --verbose

9.GF parameters grep

XRCross -gf example.site "(-ssti|-idor|-rce|-lfi|-sqli)"

10.Scraping wayback

XRCross -sw example.site (-js|-php|-asp|-html)

11.Check open redirection

XRCross -r example.site "(-redirec)"

12.Amazon S3 bucket enumeration

XRCross -aws whatever

13.Outfile

XRCross <Arguments> example.site -o File_OUT/


 

How to install XRCross :

 

$root@kali~# git clone https://github.com/pikpikcu/xrcross.git
$root@kali~# ./install.sh
$root@kali~# ./XRCross -h

  

Go language dependency :

 

 All the dependent libraries are compiled with go version 1.14.2. So go version 1.14.2 should be installed(strictly). Secondly, $GOPATH should be set to /root/go and it should be exported to PATH using "export PATH=$PATH:$GOROOT/bin/:$GOPATH/bin" and same should be present in profile or bash_profile or bashrc. XRCross checks for all the go dependencies under ~/go/bin.

 

Credits Thanks :

  

Referensi

  • https://github.com/pikpikcu/XRCross
Related Posts

Related Posts

Posting Komentar