All Projects → evilsocket → Xray

evilsocket / Xray

Licence: gpl-3.0
XRay is a tool for recon, mapping and OSINT gathering from public networks.

Programming Languages

go
31211 projects - #10 most used programming language
HTML
75241 projects
javascript
184084 projects - #8 most used programming language

Projects that are alternatives of or similar to Xray

Gosint
OSINT Swiss Army Knife
Stars: ✭ 401 (-75.93%)
Mutual labels:  osint, shodan
Reconspider
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
Stars: ✭ 621 (-62.73%)
Mutual labels:  osint, shodan
Sifter
Sifter aims to be a fully loaded Op Centre for Pentesters
Stars: ✭ 403 (-75.81%)
Mutual labels:  osint, network
Osint tips
OSINT
Stars: ✭ 322 (-80.67%)
Mutual labels:  osint, network
Dfw1n Osint
Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers
Stars: ✭ 63 (-96.22%)
Mutual labels:  osint, intelligence
Urlextractor
Information gathering & website reconnaissance | https://phishstats.info/
Stars: ✭ 341 (-79.53%)
Mutual labels:  osint, shodan
Silver
Mass scan IPs for vulnerable services
Stars: ✭ 588 (-64.71%)
Mutual labels:  network, shodan
mmhdan
Calculate fingerprints of a website for OSINT search
Stars: ✭ 35 (-97.9%)
Mutual labels:  shodan, osint
Infoga
Infoga - Email OSINT
Stars: ✭ 947 (-43.16%)
Mutual labels:  osint, shodan
Urlhunter
a recon tool that allows searching on URLs that are exposed via shortener services
Stars: ✭ 934 (-43.94%)
Mutual labels:  osint, intelligence
Threatpinchlookup
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (-84.57%)
Mutual labels:  osint, shodan
Osint San
Framework для сбора данных из открытых источников. В Framework используется большое количество API, их необходимо зарегистрировать самому.​
Stars: ✭ 99 (-94.06%)
Mutual labels:  osint, shodan
Vendor-Threat-Triage-Lookup
Lookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.
Stars: ✭ 17 (-98.98%)
Mutual labels:  intelligence, shodan
Shodansploit
🔎 shodansploit > v1.3.0
Stars: ✭ 342 (-79.47%)
Mutual labels:  shodan, intelligence
Scylla
The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.
Stars: ✭ 424 (-74.55%)
Mutual labels:  intelligence, osint
Fav Up
IP lookup by favicon using Shodan
Stars: ✭ 550 (-66.99%)
Mutual labels:  osint, shodan
common-osint-model
Converting data from services like Censys and Shodan to a common data model
Stars: ✭ 35 (-97.9%)
Mutual labels:  shodan, osint
TIGMINT
TIGMINT: OSINT (Open Source Intelligence) GUI software framework
Stars: ✭ 195 (-88.3%)
Mutual labels:  intelligence, osint
Sn0int
Semi-automatic OSINT framework and package manager
Stars: ✭ 814 (-51.14%)
Mutual labels:  osint, intelligence
Neural Api
CAI NEURAL API - Pascal based neural network API optimized for AVX, AVX2 and AVX512 instruction sets plus OpenCL capable devices including AMD, Intel and NVIDIA.
Stars: ✭ 94 (-94.36%)
Mutual labels:  network, intelligence

XRAY

XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic.

xray

How Does it Work?

XRay is a very simple tool, it works this way:

  1. It'll bruteforce subdomains using a wordlist and DNS requests.
  2. For every subdomain/ip found, it'll use Shodan to gather open ports and other intel.
  3. If a ViewDNS API key is provided, for every subdomain historical data will be collected.
  4. For every unique ip address, and for every open port, it'll launch specific banner grabbers and info collectors.
  5. Eventually the data is presented to the user on the web ui.

Grabbers and Collectors

  • HTTP Server, X-Powered-By and Location headers.
  • HTTP and HTTPS robots.txt disallowed entries.
  • HTTPS certificates chain ( with recursive subdomain grabbing from CN and Alt Names ).
  • HTML title tag.
  • DNS version.bind. and hostname.bind. records.
  • MySQL, SMTP, FTP, SSH, POP and IRC banners.

Notes

Shodan API Key

The shodan.io API key parameter ( -shodan-key KEY ) is optional, however if not specified, no service fingerprinting will be performed and a lot less information will be shown (basically it just gonna be DNS subdomain enumeration).

ViewDNS API Key

If a ViewDNS API key parameter ( -viewdns-key KEY ) is passed, domain historical data will also be retrieved.

Anonymity and Legal Issues

The software will rely on your main DNS resolver in order to enumerate subdomains, also, several connections might be directly established from your host to the computers of the network you're scanning in order to grab banners from open ports. Technically, you're just connecting to public addresses with open ports (and there's no port scanning involved, as such information is grabbed indirectly using Shodan API), but you know, someone might not like such behaviour.

If I were you, I'd find a way to proxify the whole process ... #justsaying

Building a Docker image

To build a Docker image with the latest version of XRay:

git clone https://github.com/evilsocket/xray.git
cd xray
docker build -t xraydocker .

Once built, XRay can be started within a Docker container using the following:

docker run --rm -it -p 8080:8080 xraydocker xray -address 0.0.0.0 -shodan-key shodan_key_here -domain example.com 

Manual Compilation

Make sure you are using Go >= 1.7, that your installation is working properly, that you have set the $GOPATH variable and you have appended $GOPATH/bin to your $PATH.

Then:

go get github.com/evilsocket/xray
cd $GOPATH/src/github.com/evilsocket/xray/
make

You'll find the executable in the build folder.

Usage

Usage: xray -shodan-key YOUR_SHODAN_API_KEY -domain TARGET_DOMAIN
Options:
  -address string
        IP address to bind the web ui server to. (default "127.0.0.1")
  -consumers int
        Number of concurrent consumers to use for subdomain enumeration. (default 16)
  -domain string
        Base domain to start enumeration from.
  -port int
        TCP port to bind the web ui server to. (default 8080)
  -preserve-domain
        Do not remove subdomain from the provided domain name.
  -session string
        Session file name. (default "<domain-name>-xray-session.json")
  -shodan-key string
        Shodan API key.
  -viewdns-key string
        ViewDNS API key.
  -wordlist string
        Wordlist file to use for enumeration. (default "wordlists/default.lst")

Example:

# xray -shodan-key yadayadayadapicaboo... -viewdns-key foobarsomethingsomething... -domain fbi.gov

____  ___
\   \/  /
 \     RAY v 1.0.0b
 /    by Simone 'evilsocket' Margaritelli
/___/\  \
      \_/

@ Saving session to fbi.gov-xray-session.json
@ Web UI running on http://127.0.0.1:8080/

License

XRay was made with by Simone Margaritelli and it's released under the GPL 3 license.

The files in the wordlists folder have been taken from various open source tools accross several weeks and I don't remember all of them. If you find the wordlist of your project here and want to be mentioned, feel free to open an issue or send a pull request.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].