Search the Community
Showing results for tags 'xray'.
Super Xray XRAY GUI Starter (Web Vulnerability Scanner) Xray is an excellent web vulnerability scanning tool, But only the command line version, Start via config.yaml file. In many cases, it is difficult to get started, and a GUI tool is needed to help newcomers use it faster. This tool is just a simple command line wrapper, not a direct method call. In the planning of xray, there will be a truly perfect GUI version of XrayPro tool in the future. Please look forward to it. Please Note: The screenshot in this doc is Chinese, but there is a button to select English UI Must be running above JDK8 Please use a resolution of 1080P or above, and it may not be fully displayed at a resolution of 720P or below Other Note: There is JRE 8+ environment locally Must use java -jar SuperXray.jar start（Double click startup will cause permission problems in Windows） Please use the latest version of xray (this tool is not compatible with the old version of xray) Download && Source [Hidden Content]
Zero False Positives, Without Affecting Business Each loophole has undergone real experimental evidence, using refined semantic analysis + innovative detection technology to ensure that the loophole is real and effective, to avoid massive misreporting affecting the business judgment, and to save safety resources。 The Xray community is a free white hat tool platform launched by Nagaki Technology. Currently, the community has Xray loophole scanner Radium reptile The tools were created by many experienced safety developers and tens of thousands of community contributors [hide][Hidden Content]]
XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: It'll bruteforce subdomains using a wordlist and DNS requests. For every subdomain/ip found, it'll use Shodan to gather open ports and other intel. If a ViewDNS API key is provided, for every subdomain historical data will be collected. For every unique ip address, and for every open port, it'll launch specific banner grabbers and info collectors. Eventually the data is presented to the user on the web ui. Grabbers and Collectors HTTP Server, X-Powered-By and Location headers. HTTP and HTTPS robots.txt disallowed entries. HTTPS certificates chain ( with recursive subdomain grabbing from CN and Alt Names ). HTML title tag. DNS version.bind. and hostname.bind. records. MySQL, SMTP, FTP, SSH, POP and IRC banners. Notes Shodan API Key The shodan.io API key parameter ( -shodan-key KEY ) is optional, however if not specified, no service fingerprinting will be performed and a lot less information will be shown (basically it just gonna be DNS subdomain enumeration). ViewDNS API Key If a ViewDNS API key parameter ( -viewdns-key KEY ) is passed, domain historical data will also be retrieved. Anonymity and Legal Issues The software will rely on your main DNS resolver in order to enumerate subdomains, also, several connections might be directly established from your host to the computers of the network you're scanning in order to grab banners from open ports. Technically, you're just connecting to public addresses with open ports (and there's no port scanning involved, as such information is grabbed indirectly using Shodan API), but you know, someone might not like such behaviour. If I were you, I'd find a way to proxify the whole process ... #justsaying Manual Compilation Make sure you are using Go >= 1.7, that your installation is working properly, that you have set the $GOPATH variable and you have appended $GOPATH/bin to your $PATH. Then: [Hidden Content] You'll find the executable in the build folder. Usage Usage: xray -shodan-key YOUR_SHODAN_API_KEY -domain TARGET_DOMAIN Options: -address string IP address to bind the web ui server to. (default "127.0.0.1") -consumers int Number of concurrent consumers to use for subdomain enumeration. (default 16) -domain string Base domain to start enumeration from. -port int TCP port to bind the web ui server to. (default 8080) -preserve-domain Do not remove subdomain from the provided domain name. -session string Session file name. (default "<domain-name>-xray-session.json") -shodan-key string Shodan API key. -viewdns-key string ViewDNS API key. -wordlist string Wordlist file to use for enumeration. (default "wordlists/default.lst") Example: # xray -shodan-key yadayadayadapicaboo... -viewdns-key foobarsomethingsomething... -domain fbi.gov ____ ___ \ \/ / \ RAY v 1.0.0b / by Simone 'evilsocket' Margaritelli /___/\ \ \_/ @ Saving session to fbi.gov-xray-session.json @ Web UI running on [Hidden Content] Download [hide][Hidden Content]]