A powerful security assessment tool.
Features:
- xssXSS Vulnerabilities Scan
- sqldetSupport error based, boolean based and time-based sql injection detection
- cmd_injectionDetect common shell command injection, PHP code execution, and template injection, etc
- dirscanSupport about ten kinds of the sensitive path and file type, including backup file, temp file, debug page, config file, etc
- path_traversalSupport command platform and encoding
- xxeSupport echo based detection and can work with reverse server
- phantasmCommon poc inside, user can add your own poc and run it. Document: https://chaitin.github.io/xray/#/guide/poc
- uploadSupport common backend languages
- brute_forceThe community version can detect weak password in http basic auth and simple form, common username and password dict inside
- jsonpDetect jsonp api with sensitive data which can be called across origins
- ssrfSupport common bypass tech and can work with reverse server
- baselineDetect outdated SSL version, missing or incorrect http headers, etc
- redirectDetect arbitrary redirection from HTML meta and 30x response, etc
- crlf_injectionDetect CRLF injection in HTTP header, support parameters from query and body, etc
What do you think?
It is nice to know your opinion. Leave a comment.