XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing.
This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Example: ./XRCross -u/--url example.site <arguments>
./XRCross <arguments> example.site <arguments>
Optional Arguments:
-h /--help | show this help message and exit
-u /--url | URLs
-rc | Check HTTP response codes
--subdo | Check Subdomains
--burp | Urls Burpsuite crawling and scanning
--github | Enumerate Subdomain for github And Using Api github
--dir | Dir bruteforce
-w | Wordlist file to use for enumeration. (default wordlists/wordlists.txt)
--host | Host Live Check
--header | Host header injection check
--jst | JavaScript Status
--ssrf | Blind SSRF testing
--cors | CORS misconfiguration scanner
--takeover | Check Posible Takeover
--verbose | Verbose status code
--jsurl | Gathering all js urls
--xss | XSS testing
--lfi | LFI Check Vulnerabilty
-gf | GF parameters grep
-ssti | Check SSTI Parameters
-idor | Check IDOR Parameters
-rce | Check RCE Parameters
-lfi | Check LFI Parameters
-sqli | Check SQLI Parameters
-ssrf | Check SSRF Parameters
-xss | Check XSS Parameters
-img | Check img-traversal Parameters
-int | Interestingparams
-sw/-scrw | Scraping wayback for data
-js | Jsurls
-php | Phpurls
-asp | ASP
-html | Html
-aws | Amazon S3 bucket enumeration
-r normal | Check open redirection
-redirec | Check redirec Parameters
-o | Outfile
Check Subdomains
XRCross -u example.site (--subdo|-s)
Check Subdomains,and Burpsuite scanning
XRCross -u example.site --subdo --burp http://127.0.0.1:8080
Host Live Check
XRCross -u example.site (--host|-H)
Blind SSRF testing
XRCross -u example.site (-Ss/--ssrf)
Check Parameter XSS
XRCross -u example.site --xss
CORS misconfiguration scanner
XRCross -u example.site --cors
Check Posible Takeover
XRCross -u example.site --takeover
Verbose Status Code
XRCross -u example.com --verbose
GF parameters grep
XRCross -gf example.site "(-ssti|-idor|-rce|-lfi|-sqli)"
Scraping wayback
XRCross -sw example.site (-js|-php|-asp|-html)
Check open redirection
XRCross -r example.site "(-redirec)"
Amazon S3 bucket enumeration
XRCross -aws whatever
Outfile
XRCross <Arguments> example.site -o File_OUT/
root@kali~# git clone https://github.com/pikpikcu/xrcross.git
root@kali~# ./install.sh
root@kali~# ./XRCross -h
All the dependent libraries are compiled with go version 1.14.2. So go version 1.14.2 should be installed(strictly). Secondly, $GOPATH should be set to /root/go and it should be exported to PATH using "export PATH=$PATH:$GOROOT/bin/:$GOPATH/bin" and same should be present in profile or bash_profile or bashrc. XRCross checks for all the go dependencies under ~/go/bin.
(I love coffee and am very addicted to coffee:v)
You can contribute in following ways:
- Give suggestions to make it better
- Fix issues & submit a pull request
- get a word list elsewhere.
- dalfox By [@hahwul]
- hakcheckurl By [@hakluke]
- waybackurls By [@tomnomnom]
- lc By [@lc]
- ffuf By [@ffuf]
- subfinder By [@projectdiscovery]
- CORS-Scanner By [@Tanmay-N]
- Gf-Patterns By [@1ndianl33t]
- httpx By [@projectdiscovery]
- SubOver By [@Ice3man543]
- github-sub By [@theblackturtle]
- s3enum By [@koenrh]
- hinject By [@dwisiswant0]