Xray is a fast command line web security scanner. This is a command line tool. Documentation is here: https://docs.xray.cool/#/ THIS IS NOT A GUI CLICK CLICK TOOL - It is meant for fast and dirty command line power-user scanning and for you to script along with things like nuclei and other similar toolcraft.
INSTRUCTIONS
From the shell, run scans like this example: ./xray ws --browser http://testphp.vulnweb.com --html-output testphp.html or, without using rad/chrome: ./xray ws --basic https://www.example.com/ --html-output example.com.html
now go edit the launch script to insert "--no-sandbox"
for me it was this file: /opt/google/chrome/google-chrome
my last line of the file looks like this:
exec -a "0""HERE/chrome" --no-sandbox "$@"
NOTES
For best results you need to actually set up the configuration file and choose which security tests you want to use, also set it up on a vps and note the IP address in the config file so xray can check all those things which need to connect back out from the site (log4j, blind xxe, struts, fastjson, etc) You should also always set an output option. Unfortunately there is no text except console output (depite that documentation on website claims there is, there is still no such option in the software) - the options are json or html and the html requires javascript. :/ There is also webhook if you are into that.
I removed the need to have a license file at all, however it doesn't hurt anything so just in case there is some obscure thing I missed, I left it in.
