Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/pikpikcu/XRCross

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
https://github.com/pikpikcu/XRCross

bugbounty bugbounty-tool check-subdomains cors cors-scanner lfi rce recon scanners sqli ssrf subdomain-enumeration takeover-subdomain xss-scanner xss-vulnerability

Last synced: 22 days ago
JSON representation

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Awesome Lists containing this project

README

        

## XRCross (Recon)


Details

















### About XRCross

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing.
This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

#### ✔️ ***Options***:
>
Example:
XRCross -u/--url example.site


Optional Arguments:
-h /--help | show this help message and exit
-u /--url | URLs
-a /--aws | Amazon S3 bucket enumeration
-p /--proxy | URL of the proxy server (default: http://127.0.0.1:8080)
-s /--subdo | Check Subdomains Enumerations
-m /--map | Domain Mapping with dnsdumster
-l /--live | Check live the Subdomains for working HTTP and HTTPS servers
-hr/--header | Host header injection
-sm/--smuggling | HTTP request smuggling
-t /--takeover | Check Posible Takeover
-cr/--cors | CORS misconfiguration scanner
--flash | Basic cors misconfig flash
-d /--dir | Dir enumeration
-w /--wordlists | Wordlist file to use for enumeration. (default wordlists/wordlists.txt)
-lp/--lfiparam | Get LFI Parameters
--lfiv | LFI Check Vulnerabilty
-st/--ssti | Get parameter SSTI Vulnerabilty
--sstiv | Test Vulnerabilty SSTI
-ss/--ssrf | Get SSRF Parameters
--blind | Blind SSRF testing Vulnerabilty
-c /--cmd | Get Command Injection Parameter
--cmdv | Command Injection Check Vulnerabilty
-r /--redirect | Get redirec Parameters
--rev | Get Vulnerabilty Open-redirect
-x /--xss | Get XSS Parameters
--xssv | XSS Scanners Vulnerabilty
-j /--jstatus | Get Status JavaScript
--jsurl | Gathering all js urls and extract endpoints from js file

-pr/--param
--idor | Get IDOR Parameters
--rce | Get RCE Parameters
--sqli | Get SQLI Parameters
--img | Get img-traversal Parameters
--int | Interestingparams

-w /--wayback | Scraping wayback for data
--js | Jsurls
--php | Phpurls
--asp | ASP
--html | Html
-v /--verbose | verbose mode
-o /--outfile | outfile

#### ✔️ ***How to install XRCross***:

> root@kali~# git clone https://github.com/pikpikcu/xrcross.git

> root@kali~# ./install.sh

> root@kali~# ./XRCross -h

>

Open folder config/ and edit file:
|-> Api-github.txt <(inssert github token)
|-> ssrf.txt <(inssert ssrf payload)
|-> xss.ht <(inssert your.xss.ht)

#### ✔️ ***Go language dependency***:

```bash
All the dependent libraries are compiled with go version 1.14.2. So go version 1.14.2 should be installed
(strictly). Secondly, $GOPATH should be set to /root/go and it should be exported to PATH using "export PATH=$PATH:$GOROOT/bin/:$GOPATH/bin"
and same should be present in profile or bash_profile or bashrc. XRCross checks for all the go dependencies under ~/go/bin.
```

### ✔️ ***Donate!***

(I love coffee and am very addicted to coffee:v)

Buy Me A Coffee

### ✔️ ***Contribution & License***

You can contribute in following ways:
- Give suggestions to make it better
- Fix issues & submit a pull request

Credits Thanks:
------------

* [get a word list elsewhere.](https://github.com/bitquark/dnspop/tree/master/results)
* [dalfox](https://github.com/hahwul/dalfox) By [@hahwul]
* [hakcheckurl](https://github.com/hakluke/hakcheckurl) By [@hakluke]
* [waybackurls](https://github.com/tomnomnom/waybackurls) By [@tomnomnom]
* [lc](https://github.com/lc/gau) By [@lc]
* [ffuf](https://github.com/ffuf/ffuf) By [@ffuf]
* [subfinder](https://github.com/projectdiscovery/subfinder) By [@projectdiscovery]
* [CORS-Scanner](https://github.com/Tanmay-N/CORS-Scanner) By [@Tanmay-N]
* [Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns) By [@1ndianl33t]
* [httpx](https://github.com/projectdiscovery/httpx) By [@projectdiscovery]
* [SubOver](https://github.com/Ice3man543/SubOver) By [@Ice3man543]
* [github-sub](github.com/theblackturtle/github-subs) By [@theblackturtle]
* [s3enum](https://github.com/koenrh/s3enum) By [@koenrh]
* [hinject](https://github.com/dwisiswant0) By [@dwisiswant0]