Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/pikpikcu/XRCross
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
https://github.com/pikpikcu/XRCross
bugbounty bugbounty-tool check-subdomains cors cors-scanner lfi rce recon scanners sqli ssrf subdomain-enumeration takeover-subdomain xss-scanner xss-vulnerability
Last synced: 22 days ago
JSON representation
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
- Host: GitHub
- URL: https://github.com/pikpikcu/XRCross
- Owner: pikpikcu
- License: mit
- Created: 2020-06-11T08:21:20.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2023-06-17T23:38:43.000Z (over 1 year ago)
- Last Synced: 2024-08-05T17:43:02.492Z (4 months ago)
- Topics: bugbounty, bugbounty-tool, check-subdomains, cors, cors-scanner, lfi, rce, recon, scanners, sqli, ssrf, subdomain-enumeration, takeover-subdomain, xss-scanner, xss-vulnerability
- Language: Shell
- Homepage:
- Size: 2.85 MB
- Stars: 324
- Watchers: 11
- Forks: 71
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Funding: FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - pikpikcu/XRCross - XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities (Shell)
README
## XRCross (Recon)
Details
### About XRCross
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing.
This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities#### ✔️ ***Options***:
>
Example:
XRCross -u/--url example.site
Optional Arguments:
-h /--help | show this help message and exit
-u /--url | URLs
-a /--aws | Amazon S3 bucket enumeration
-p /--proxy | URL of the proxy server (default: http://127.0.0.1:8080)
-s /--subdo | Check Subdomains Enumerations
-m /--map | Domain Mapping with dnsdumster
-l /--live | Check live the Subdomains for working HTTP and HTTPS servers
-hr/--header | Host header injection
-sm/--smuggling | HTTP request smuggling
-t /--takeover | Check Posible Takeover
-cr/--cors | CORS misconfiguration scanner
--flash | Basic cors misconfig flash
-d /--dir | Dir enumeration
-w /--wordlists | Wordlist file to use for enumeration. (default wordlists/wordlists.txt)
-lp/--lfiparam | Get LFI Parameters
--lfiv | LFI Check Vulnerabilty
-st/--ssti | Get parameter SSTI Vulnerabilty
--sstiv | Test Vulnerabilty SSTI
-ss/--ssrf | Get SSRF Parameters
--blind | Blind SSRF testing Vulnerabilty
-c /--cmd | Get Command Injection Parameter
--cmdv | Command Injection Check Vulnerabilty
-r /--redirect | Get redirec Parameters
--rev | Get Vulnerabilty Open-redirect
-x /--xss | Get XSS Parameters
--xssv | XSS Scanners Vulnerabilty
-j /--jstatus | Get Status JavaScript
--jsurl | Gathering all js urls and extract endpoints from js file-pr/--param
--idor | Get IDOR Parameters
--rce | Get RCE Parameters
--sqli | Get SQLI Parameters
--img | Get img-traversal Parameters
--int | Interestingparams-w /--wayback | Scraping wayback for data
--js | Jsurls
--php | Phpurls
--asp | ASP
--html | Html
-v /--verbose | verbose mode
-o /--outfile | outfile#### ✔️ ***How to install XRCross***:
> root@kali~# git clone https://github.com/pikpikcu/xrcross.git
> root@kali~# ./install.sh
> root@kali~# ./XRCross -h
>
Open folder config/ and edit file:
|-> Api-github.txt <(inssert github token)
|-> ssrf.txt <(inssert ssrf payload)
|-> xss.ht <(inssert your.xss.ht)#### ✔️ ***Go language dependency***:
```bash
All the dependent libraries are compiled with go version 1.14.2. So go version 1.14.2 should be installed
(strictly). Secondly, $GOPATH should be set to /root/go and it should be exported to PATH using "export PATH=$PATH:$GOROOT/bin/:$GOPATH/bin"
and same should be present in profile or bash_profile or bashrc. XRCross checks for all the go dependencies under ~/go/bin.
```### ✔️ ***Donate!***
(I love coffee and am very addicted to coffee:v)
### ✔️ ***Contribution & License***
You can contribute in following ways:
- Give suggestions to make it better
- Fix issues & submit a pull requestCredits Thanks:
------------* [get a word list elsewhere.](https://github.com/bitquark/dnspop/tree/master/results)
* [dalfox](https://github.com/hahwul/dalfox) By [@hahwul]
* [hakcheckurl](https://github.com/hakluke/hakcheckurl) By [@hakluke]
* [waybackurls](https://github.com/tomnomnom/waybackurls) By [@tomnomnom]
* [lc](https://github.com/lc/gau) By [@lc]
* [ffuf](https://github.com/ffuf/ffuf) By [@ffuf]
* [subfinder](https://github.com/projectdiscovery/subfinder) By [@projectdiscovery]
* [CORS-Scanner](https://github.com/Tanmay-N/CORS-Scanner) By [@Tanmay-N]
* [Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns) By [@1ndianl33t]
* [httpx](https://github.com/projectdiscovery/httpx) By [@projectdiscovery]
* [SubOver](https://github.com/Ice3man543/SubOver) By [@Ice3man543]
* [github-sub](github.com/theblackturtle/github-subs) By [@theblackturtle]
* [s3enum](https://github.com/koenrh/s3enum) By [@koenrh]
* [hinject](https://github.com/dwisiswant0) By [@dwisiswant0]