{"id":13844755,"url":"https://github.com/pikpikcu/XRCross","last_synced_at":"2025-07-12T00:31:39.256Z","repository":{"id":50192799,"uuid":"271491397","full_name":"pikpikcu/XRCross","owner":"pikpikcu","description":"XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing.  This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities","archived":false,"fork":false,"pushed_at":"2023-06-17T23:38:43.000Z","size":2988,"stargazers_count":324,"open_issues_count":1,"forks_count":71,"subscribers_count":11,"default_branch":"master","last_synced_at":"2024-08-05T17:43:02.492Z","etag":null,"topics":["bugbounty","bugbounty-tool","check-subdomains","cors","cors-scanner","lfi","rce","recon","scanners","sqli","ssrf","subdomain-enumeration","takeover-subdomain","xss-scanner","xss-vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pikpikcu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":"FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":"pikpikcu","tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2020-06-11T08:21:20.000Z","updated_at":"2024-07-23T02:22:45.000Z","dependencies_parsed_at":"2022-09-24T07:20:37.367Z","dependency_job_id":null,"html_url":"https://github.com/pikpikcu/XRCross","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pikpikcu%2FXRCross","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pikpikcu%2FXRCross/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pikpikcu%2FXRCross/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pikpikcu%2FXRCross/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pikpikcu","download_url":"https://codeload.github.com/pikpikcu/XRCross/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225772747,"owners_count":17521882,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","bugbounty-tool","check-subdomains","cors","cors-scanner","lfi","rce","recon","scanners","sqli","ssrf","subdomain-enumeration","takeover-subdomain","xss-scanner","xss-vulnerability"],"created_at":"2024-08-04T17:02:55.337Z","updated_at":"2024-11-21T17:30:46.992Z","avatar_url":"https://github.com/pikpikcu.png","language":"Shell","funding_links":["https://ko-fi.com/pikpikcu","https://www.buymeacoffee.com/pikpikcu"],"categories":["Shell (473)","Shell"],"sub_categories":[],"readme":"## XRCross (Recon)\n\n\u003ch4 align=\"center\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/pikpikcu/xrcross/master/img/logo.png\" width=\"300px\" height=\"300px\"\u003e\n\n\u003c/a\u003e\n\u003ch4 align=\"center\"\u003eDetails\u003c/h4\u003e                \n\u003cp align=\"center\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://ru.m.wikipedia.org/wiki/bash\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/language-bash-green.svg\"\u003e\n \u003c/a\u003e\n  \u003ca href=\"https://t.me/WongNdes0\"\u003e\n   \u003cimg src=\"https://img.shields.io/badge/telegram--blue.svg\"\u003e\n   \u003c/a\u003e\n  \u003ca href=\"https://github.com/pikpikcu/xrcross\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/version-V1.7.0[Beta]-green.svg\"\u003e\n \u003c/a\u003e\n   \u003ca href=\"https://github.com/pikpikcu/xrcross/blob/master/LICENSE\"\u003e\n   \u003cimg src=\"https://img.shields.io/badge/LICENSE-red.svg\"\u003e\n   \u003c/a\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\n\n### About XRCross \n\n    XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. \n    This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities \n\n#### ✔️ ***Options***:\n\u003e   \n        Example: \n                XRCross -u/--url example.site \u003carguments\u003e\n                \n        \n        Optional Arguments:\n                -h /--help          | show this help message and exit\n                -u /--url           | URLs\n                -a /--aws           | Amazon S3 bucket enumeration\n                -p /--proxy         | URL of the proxy server (default: http://127.0.0.1:8080)\n                -s /--subdo         | Check Subdomains Enumerations\n                -m /--map           | Domain Mapping with dnsdumster\n                -l /--live          | Check live the Subdomains for working HTTP and HTTPS servers\n                -hr/--header        | Host header injection \n                -sm/--smuggling     | HTTP request smuggling \n                -t /--takeover      | Check Posible Takeover\n                -cr/--cors          | CORS misconfiguration scanner\n                    --flash         | Basic cors misconfig flash\n                -d /--dir           | Dir enumeration\n                   -w /--wordlists  | Wordlist file to use for enumeration. (default wordlists/wordlists.txt)\n                -lp/--lfiparam      | Get LFI Parameters       \n                    --lfiv          | LFI Check Vulnerabilty\n                -st/--ssti          | Get parameter SSTI Vulnerabilty  \n                    --sstiv         | Test Vulnerabilty SSTI\n                -ss/--ssrf          | Get SSRF Parameters \n                    --blind         | Blind SSRF testing Vulnerabilty\n                -c /--cmd           | Get Command Injection Parameter\n                    --cmdv          | Command Injection Check Vulnerabilty\n                -r /--redirect      | Get redirec Parameters\n                    --rev           | Get Vulnerabilty Open-redirect\n                -x /--xss           | Get XSS Parameters        \n                    --xssv          | XSS Scanners Vulnerabilty\n                -j /--jstatus       | Get Status JavaScript \n                    --jsurl         | Gathering all js urls and extract endpoints from js file\n\n                -pr/--param         \n                    --idor          | Get IDOR Parameters\n                    --rce           | Get RCE Parameters\n                    --sqli          | Get SQLI Parameters\n                    --img           | Get img-traversal Parameters\n                    --int           | Interestingparams\n\n                -w /--wayback       | Scraping wayback for data\n                    --js            | Jsurls \n                    --php           | Phpurls\n                    --asp           | ASP\n                    --html          | Html\n                -v /--verbose       | verbose mode\n                -o /--outfile       | outfile    \n\n#### ✔️ ***How to install XRCross***:\n\n\u003e root@kali~# git clone https://github.com/pikpikcu/xrcross.git\n\n\u003e root@kali~# ./install.sh\n\n\u003e root@kali~# ./XRCross -h\n\n\u003e       \n   \n    Open folder config/ and edit file:\n      |-\u003e Api-github.txt \u003c(inssert github token)\n      |-\u003e ssrf.txt \u003c(inssert ssrf payload)\n      |-\u003e xss.ht \u003c(inssert your.xss.ht)\n\n#### ✔️ ***Go language dependency***:\n\n```bash\nAll the dependent libraries are compiled with go version 1.14.2. So go version 1.14.2 should be installed\n(strictly). Secondly, $GOPATH should be set to /root/go and it should be exported to PATH using \"export PATH=$PATH:$GOROOT/bin/:$GOPATH/bin\" \nand same should be present in profile or bash_profile or bashrc. XRCross checks for all the go dependencies under ~/go/bin.\n```\n\n### ✔️ ***Donate!***\n\n(I love coffee and am very addicted to coffee:v)\n\u003cbr\u003e\u003ca href=\"https://www.buymeacoffee.com/pikpikcu\"\u003e\u003cimg src=\"https://cdn.buymeacoffee.com/buttons/default-black.png\" alt=\"Buy Me A Coffee\" height=\"50px\"\u003e\u003c/a\u003e\n\n### ✔️ ***Contribution \u0026 License***\n\nYou can contribute in following ways:\n  - Give suggestions to make it better\n  - Fix issues \u0026 submit a pull request\n\n Credits Thanks:\n------------\n\n* [get a word list elsewhere.](https://github.com/bitquark/dnspop/tree/master/results)\n* [dalfox](https://github.com/hahwul/dalfox) By [@hahwul]\n* [hakcheckurl](https://github.com/hakluke/hakcheckurl) By [@hakluke]\n* [waybackurls](https://github.com/tomnomnom/waybackurls) By [@tomnomnom]\n* [lc](https://github.com/lc/gau) By [@lc]\n* [ffuf](https://github.com/ffuf/ffuf) By [@ffuf]\n* [subfinder](https://github.com/projectdiscovery/subfinder) By [@projectdiscovery]\n* [CORS-Scanner](https://github.com/Tanmay-N/CORS-Scanner) By [@Tanmay-N]\n* [Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns) By [@1ndianl33t]\n* [httpx](https://github.com/projectdiscovery/httpx) By [@projectdiscovery]\n* [SubOver](https://github.com/Ice3man543/SubOver) By [@Ice3man543]\n* [github-sub](github.com/theblackturtle/github-subs) By [@theblackturtle]\n* [s3enum](https://github.com/koenrh/s3enum) By [@koenrh]\n* [hinject](https://github.com/dwisiswant0) By [@dwisiswant0]\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpikpikcu%2FXRCross","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpikpikcu%2FXRCross","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpikpikcu%2FXRCross/lists"}