banner
lca

lca

真正的不自由,是在自己的心中设下牢笼。
HomeArchives图文

How to scan in bulk with x-ray.

#工具334
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This text provides instructions on how to perform batch scanning using the xray tool. It explains two methods to achieve this: one using the community version and the other using the advanced version of xray. It also mentions other tools like rad, katana, cariddi, and crawlergo that can be used for URL crawling and scanning. Additionally, it provides a quick start guide for xray and mentions a graphical interface tool called superxray.

xray's batch scanning can be achieved in two ways as mentioned in the official documentation:

1. Community Edition#

To set up the upstream proxy and listen with xray, follow these steps:

# Run rad
rad -t http://example.com -http-proxy 127.0.0.1:7777

# xray listening
xray webscan --listen 127.0.0.1:7777 --html-output proxy.html

Once the setup is complete, scanning can be performed.

However, rad has a limitation of scanning only a single target, and the official documentation does not provide a built-in feature for batch scanning. But batch scanning can still be achieved using xargs command in Linux or Mac.

cat 22222.txt | xargs -I {} rad -t {} -http-proxy 127.0.0.1:7777

Apart from rad, other endpoint scanning tools can also be used for URL crawling, such as katana and cariddi.

  • katana

Katana is easy to use and can directly load a text file.

.\katana.exe -u .\111.txt -proxy http://127.0.0.1:7777

Scan result:

image-20230404092127362

  • cariddi

Cariddi is another tool for URL crawling, but it cannot send traffic to xray's listening port through an HTTP proxy, so it cannot be used for scanning in conjunction with xray.

  • crawlergo
crawlergo --push-to-proxy http://127.0.0.1:7777 http://testphp.vulnweb.com/

image

xray scan result

image

Batch scanning:

cat subdomain.txt | xargs -I {} crawlergo --push-to-proxy http://127.0.0.1:7777 {}

2. Advanced Edition#

According to the official documentation of rad, the advanced edition of xray comes with a built-in browser crawler feature. To scan a single target, use the following command:

xray webscan --browser-crawler http://example.com --html-output vuln.html

3. Quick Start for xray#

To avoid entering a long command every time xray needs to be started, a shortcut can be set up using the .bash_profile file. Modify the configuration below by specifying the path and filename of xray, and then synchronize the configuration by running source ~/.bash_profile.

#xray scan

xraym(){
cd /Users/xxx/pentesting/web-basic/p2-vuldect/xray/xray_1.9.10_darwin-pwn3rzs+cyberarsenal && ./xray_darwin_amd64 webscan --listen 127.0.0.1:7778 --html-output $(date '+%Y%m%d_%H%M%S').html
}

xrays(){
cd /Users/xxx/pentesting/web-basic/p2-vuldect/xray/xray_1.9.10_darwin-pwn3rzs+cyberarsenal && ./xray_darwin_amd64 webscan --basic-crawler $1 --html-output $(date '+%Y%m%d_%H%M%S').html
}

xraym is typically used to start the listener, and scanning can be performed by passing traffic from rad, katana, or crawlergo.
xrays is used to scan a single URL. Simply use xrays url to start the scan.

4. Other Resources#

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.