Need help with XRCross?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

pikpikcu
156 Stars 32 Forks MIT License 139 Commits 2 Opened issues

Description

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Services available

!
?

Need anything else?

Contributors list

# 187,675
Shell
Perl
JavaScr...
Bash
39 commits

XRCross (Recon)

Details

About XRCross

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. 
This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities 

✔️ Options:

    Example: 
            XRCross -u/--url example.site 
    Optional Arguments:
            -h /--help          | show this help message and exit
            -u /--url           | URLs
            -a /--aws           | Amazon S3 bucket enumeration
            -p /--proxy         | URL of the proxy server (default: http://127.0.0.1:8080)
            -s /--subdo         | Check Subdomains Enumerations
            -m /--map           | Domain Mapping with dnsdumster
            -l /--live          | Check live the Subdomains for working HTTP and HTTPS servers
            -hr/--header        | Host header injection 
            -sm/--smuggling     | HTTP request smuggling 
            -t /--takeover      | Check Posible Takeover
            -cr/--cors          | CORS misconfiguration scanner
                --flash         | Basic cors misconfig flash
            -d /--dir           | Dir enumeration
               -w /--wordlists  | Wordlist file to use for enumeration. (default wordlists/wordlists.txt)
            -lp/--lfiparam      | Get LFI Parameters       
                --lfiv          | LFI Check Vulnerabilty
            -st/--ssti          | Get parameter SSTI Vulnerabilty  
                --sstiv         | Test Vulnerabilty SSTI
            -ss/--ssrf          | Get SSRF Parameters 
                --blind         | Blind SSRF testing Vulnerabilty
            -c /--cmd           | Get Command Injection Parameter
                --cmdv          | Command Injection Check Vulnerabilty
            -r /--redirect      | Get redirec Parameters
                --rev           | Get Vulnerabilty Open-redirect
            -x /--xss           | Get XSS Parameters        
                --xssv          | XSS Scanners Vulnerabilty
            -j /--jstatus       | Get Status JavaScript 
                --jsurl         | Gathering all js urls and extract endpoints from js file

        -pr/--param         
            --idor          | Get IDOR Parameters
            --rce           | Get RCE Parameters
            --sqli          | Get SQLI Parameters
            --img           | Get img-traversal Parameters
            --int           | Interestingparams

        -w /--wayback       | Scraping wayback for data
            --js            | Jsurls 
            --php           | Phpurls
            --asp           | ASP
            --html          | Html
        -v /--verbose       | verbose mode
        -o /--outfile       | outfile    

✔️ How to install XRCross:

[email protected]~# git clone https://github.com/pikpikcu/xrcross.git

[email protected]~# ./install.sh

[email protected]~# ./XRCross -h

Open folder config/ and edit file:
  |-> Api-github.txt  ssrf.txt  xss.ht 

✔️ Go language dependency:

All the dependent libraries are compiled with go version 1.14.2. So go version 1.14.2 should be installed
(strictly). Secondly, $GOPATH should be set to /root/go and it should be exported to PATH using "export PATH=$PATH:$GOROOT/bin/:$GOPATH/bin" 
and same should be present in profile or bash_profile or bashrc. XRCross checks for all the go dependencies under ~/go/bin.

✔️ Donate!

(I love coffee and am very addicted to coffee:v)
Buy Me A Coffee

✔️ Contribution & License

You can contribute in following ways: - Give suggestions to make it better - Fix issues & submit a pull request

Credits Thanks:

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.