-
-
[转帖]Xray Pro Linux 1.9.11 by zen from cyberarsenal
-
2024-3-30 08:38
1685
-
[转帖]Xray Pro Linux 1.9.11 by zen from cyberarsenal
Xray Pro Linux 1.9.11 by zen from cyberarsenal
Xray is a fast command line web security scanner.
This is a command line tool. Documentation is here: https://docs.xray.cool/#/
THIS IS NOT A GUI CLICK CLICK TOOL - It is meant for fast and dirty command line
power-user scanning and for you to script along with things like nuclei and other
similar toolcraft.
INSTRUCTIONS
From the shell, run scans like this example:
./xray ws --browser http://testphp.vulnweb.com --html-output testphp.html
or, without using rad/chrome:
./xray ws --basic https://www.example.com/ --html-output example.com.html
########################################################################
How to "fix" chrome missing in linux (for using xray+rad, for example)
###################################################################-zen#
apt update
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
apt install ./google-chrome-stable_current_amd64.deb
now go edit the launch script to insert "--no-sandbox"
for me it was this file: /opt/google/chrome/google-chrome
my last line of the file looks like this:
exec -a "0""HERE/chrome" --no-sandbox "$@"
NOTES
For best results you need to actually set up the configuration file and choose which
security tests you want to use, also set it up on a vps and note the IP address in
the config file so xray can check all those things which need to connect back out
from the site (log4j, blind xxe, struts, fastjson, etc) You should also always set
an output option. Unfortunately there is no text except console output (depite that
documentation on website claims there is, there is still no such option in the
software) - the options are json or html and the html requires javascript. :/
There is also webhook if you are into that.
I removed the need to have a license file at all, however it doesn't hurt anything so
just in case there is some obscure thing I missed, I left it in.
Enjoy!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课