All Projects → pikpikcu → Xrcross

pikpikcu / Xrcross

Licence: mit
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Programming Languages

shell
77523 projects

Projects that are alternatives of or similar to Xrcross

Java Sec Code
Java web common vulnerabilities and security code which is base on springboot and spring security
Stars: ✭ 1,033 (+490.29%)
Mutual labels:  cors, rce, sqli
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+406.86%)
Mutual labels:  rce, sqli, bugbounty
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+456.57%)
Mutual labels:  recon, sqli, bugbounty
Cazador unr
Hacking tools
Stars: ✭ 95 (-45.71%)
Mutual labels:  rce, sqli, bugbounty
Favfreak
Making Favicon.ico based Recon Great again !
Stars: ✭ 564 (+222.29%)
Mutual labels:  recon, bugbounty
Url Tracker
Change monitoring app that checks the content of web pages in different periods.
Stars: ✭ 171 (-2.29%)
Mutual labels:  recon, bugbounty
Awesome Oneliner Bugbounty
A collection of awesome one-liner scripts especially for bug bounty tips.
Stars: ✭ 594 (+239.43%)
Mutual labels:  recon, bugbounty
Dnsgen
Generates combination of domain names from the provided input.
Stars: ✭ 389 (+122.29%)
Mutual labels:  recon, bugbounty
Urlhunter
a recon tool that allows searching on URLs that are exposed via shortener services
Stars: ✭ 934 (+433.71%)
Mutual labels:  recon, bugbounty
Bbrecon
Python library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-3.43%)
Mutual labels:  recon, bugbounty
Uddup
Urls de-duplication tool for better recon.
Stars: ✭ 103 (-41.14%)
Mutual labels:  recon, bugbounty
Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (+209.14%)
Mutual labels:  recon, bugbounty
Hackerone Reports
Top disclosed reports from HackerOne
Stars: ✭ 458 (+161.71%)
Mutual labels:  rce, bugbounty
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+144%)
Mutual labels:  recon, bugbounty
Arl
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Stars: ✭ 1,357 (+675.43%)
Mutual labels:  recon, bugbounty
Deksterecon
Web Application recon automation
Stars: ✭ 109 (-37.71%)
Mutual labels:  recon, bugbounty
Lazyrecon
An automated approach to performing recon for bug bounty hunting and penetration testing.
Stars: ✭ 282 (+61.14%)
Mutual labels:  recon, bugbounty
Oneforall
OneForAll是一款功能强大的子域收集工具
Stars: ✭ 4,202 (+2301.14%)
Mutual labels:  recon, bugbounty
Reconness
ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (-25.14%)
Mutual labels:  recon, bugbounty
Grecon
Your Google Recon is Now Automated
Stars: ✭ 119 (-32%)
Mutual labels:  recon, bugbounty

XRCross (Recon)

Details

About XRCross

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. 
This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities 

✔️ Options:

    Example: 
            XRCross -u/--url example.site <arguments>
            
    
    Optional Arguments:
            -h /--help          | show this help message and exit
            -u /--url           | URLs
            -a /--aws           | Amazon S3 bucket enumeration
            -p /--proxy         | URL of the proxy server (default: http://127.0.0.1:8080)
            -s /--subdo         | Check Subdomains Enumerations
            -m /--map           | Domain Mapping with dnsdumster
            -l /--live          | Check live the Subdomains for working HTTP and HTTPS servers
            -hr/--header        | Host header injection 
            -sm/--smuggling     | HTTP request smuggling 
            -t /--takeover      | Check Posible Takeover
            -cr/--cors          | CORS misconfiguration scanner
                --flash         | Basic cors misconfig flash
            -d /--dir           | Dir enumeration
               -w /--wordlists  | Wordlist file to use for enumeration. (default wordlists/wordlists.txt)
            -lp/--lfiparam      | Get LFI Parameters       
                --lfiv          | LFI Check Vulnerabilty
            -st/--ssti          | Get parameter SSTI Vulnerabilty  
                --sstiv         | Test Vulnerabilty SSTI
            -ss/--ssrf          | Get SSRF Parameters 
                --blind         | Blind SSRF testing Vulnerabilty
            -c /--cmd           | Get Command Injection Parameter
                --cmdv          | Command Injection Check Vulnerabilty
            -r /--redirect      | Get redirec Parameters
                --rev           | Get Vulnerabilty Open-redirect
            -x /--xss           | Get XSS Parameters        
                --xssv          | XSS Scanners Vulnerabilty
            -j /--jstatus       | Get Status JavaScript 
                --jsurl         | Gathering all js urls and extract endpoints from js file

            -pr/--param         
                --idor          | Get IDOR Parameters
                --rce           | Get RCE Parameters
                --sqli          | Get SQLI Parameters
                --img           | Get img-traversal Parameters
                --int           | Interestingparams

            -w /--wayback       | Scraping wayback for data
                --js            | Jsurls 
                --php           | Phpurls
                --asp           | ASP
                --html          | Html
            -v /--verbose       | verbose mode
            -o /--outfile       | outfile    

✔️ How to install XRCross:

https://github.com/pikpikcu/xrcross.git

[email protected]~# ./install.sh

[email protected]~# ./XRCross -h

Open folder config/ and edit file:
  |-> Api-github.txt <(inssert github token)
  |-> ssrf.txt <(inssert ssrf payload)
  |-> xss.ht <(inssert your.xss.ht)

✔️ Go language dependency:

All the dependent libraries are compiled with go version 1.14.2. So go version 1.14.2 should be installed
(strictly). Secondly, $GOPATH should be set to /root/go and it should be exported to PATH using "export PATH=$PATH:$GOROOT/bin/:$GOPATH/bin" 
and same should be present in profile or bash_profile or bashrc. XRCross checks for all the go dependencies under ~/go/bin.

✔️ Donate!

(I love coffee and am very addicted to coffee:v)
Buy Me A Coffee

✔️ Contribution & License

You can contribute in following ways:

  • Give suggestions to make it better
  • Fix issues & submit a pull request

Credits Thanks:

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].