banner
lca

lca

真正的不自由,是在自己的心中设下牢笼。
HomeArchives图文

How to scan x-rays in bulk.

#工具882
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This text provides instructions on how to perform batch scanning using the xray tool. It explains that there are two ways to achieve this: using the community version or the advanced version of xray. The community version requires setting up an upstream proxy and running xray with specific commands. The advanced version includes a built-in browser crawler feature. The text also mentions other tools that can be used for URL crawling, such as katana and cariddi. Additionally, it provides a quick start guide for xray and mentions a graphical interface tool called superxray.

xray's batch scanning can be achieved in two ways, as mentioned in the official documentation (https://github.com/chaitin/rad):

1. Community Edition#

To set up the upstream proxy and listen with xray, follow these steps:

# Run rad
rad -t http://example.com -http-proxy 127.0.0.1:7777

# xray listening
xray webscan --listen 127.0.0.1:7777 --html-output proxy.html

Once the setup is complete, scanning can be performed.

However, rad has a limitation of scanning only a single target, and the official documentation does not provide a built-in feature for batch scanning. But batch scanning can still be achieved using xargs command, provided you are using Linux or Mac.

cat 22222.txt | xargs -I {} rad -t {} -http-proxy 127.0.0.1:7777

Apart from rad, other endpoint scanning tools can also be used for URL crawling, such as katana (https://github.com/projectdiscovery/katana) and cariddi (https://github.com/edoardottt/cariddi).

  • katana

Katana is easy to use and can directly load a text file.

.\katana.exe -u .\111.txt -proxy http://127.0.0.1:7777

Scan result:

image-20230404092127362

  • cariddi

Cariddi is another tool for URL crawling. However, it cannot send traffic to xray's listening port through an HTTP proxy, so it cannot be used for scanning in conjunction with xray.

crawlergo --push-to-proxy http://127.0.0.1:7777 http://testphp.vulnweb.com/

image

xray scan result

image

Batch scanning:

cat subdomain.txt | xargs -I {} crawlergo --push-to-proxy http://127.0.0.1:7777 {}

2. Advanced Edition#

According to the official documentation of rad, the advanced edition of xray comes with a built-in browser crawler feature. To scan a single target, use the following command:

xray webscan --browser-crawler http://example.com --html-output vuln.html

3. Quick Start for xray#

To avoid entering a long command every time xray is started, you can set up a shortcut in the .bash_profile file. Modify the configuration below by specifying the path and filename of xray, and then synchronize the configuration by running source ~/.bash_profile.

#xray scan

xraym(){
cd /Users/xxx/pentesting/web-basic/p2-vuldect/xray/xray_1.9.10_darwin-pwn3rzs+cyberarsenal && ./xray_darwin_amd64 webscan --listen 127.0.0.1:7778 --html-output $(date '+%Y%m%d_%H%M%S').html
}

xrays(){
cd /Users/xxx/pentesting/web-basic/p2-vuldect/xray/xray_1.9.10_darwin-pwn3rzs+cyberarsenal && ./xray_darwin_amd64 webscan --basic-crawler $1 --html-output $(date '+%Y%m%d_%H%M%S').html
}

xraym is typically used to start the listener, and scanning can be performed by passing traffic through rad, katana, or crawlergo.
xrays is used to scan a single URL. Simply use xrays url to start the scan.

4. Other Resources#

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.