XRCross (Recon)

Details

About XRCross

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. 
This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities 

✔️ Options:

    Example: 
            XRCross -u/--url example.site <arguments>
            
    
    Optional Arguments:
            -h /--help          | show this help message and exit
            -u /--url           | URLs
            -a /--aws           | Amazon S3 bucket enumeration
            -p /--proxy         | URL of the proxy server (default: http://127.0.0.1:8080)
            -s /--subdo         | Check Subdomains Enumerations
            -m /--map           | Domain Mapping with dnsdumster
            -l /--live          | Check live the Subdomains for working HTTP and HTTPS servers
            -hr/--header        | Host header injection 
            -sm/--smuggling     | HTTP request smuggling 
            -t /--takeover      | Check Posible Takeover
            -cr/--cors          | CORS misconfiguration scanner
                --flash         | Basic cors misconfig flash
            -d /--dir           | Dir enumeration
               -w /--wordlists  | Wordlist file to use for enumeration. (default wordlists/wordlists.txt)
            -lp/--lfiparam      | Get LFI Parameters       
                --lfiv          | LFI Check Vulnerabilty
            -st/--ssti          | Get parameter SSTI Vulnerabilty  
                --sstiv         | Test Vulnerabilty SSTI
            -ss/--ssrf          | Get SSRF Parameters 
                --blind         | Blind SSRF testing Vulnerabilty
            -c /--cmd           | Get Command Injection Parameter
                --cmdv          | Command Injection Check Vulnerabilty
            -r /--redirect      | Get redirec Parameters
                --rev           | Get Vulnerabilty Open-redirect
            -x /--xss           | Get XSS Parameters        
                --xssv          | XSS Scanners Vulnerabilty
            -j /--jstatus       | Get Status JavaScript 
                --jsurl         | Gathering all js urls and extract endpoints from js file

            -pr/--param         
                --idor          | Get IDOR Parameters
                --rce           | Get RCE Parameters
                --sqli          | Get SQLI Parameters
                --img           | Get img-traversal Parameters
                --int           | Interestingparams

            -w /--wayback       | Scraping wayback for data
                --js            | Jsurls 
                --php           | Phpurls
                --asp           | ASP
                --html          | Html
            -v /--verbose       | verbose mode
            -o /--outfile       | outfile    

✔️ How to install XRCross:

root@kali~# git clone https://github.com/pikpikcu/xrcross.git

root@kali~# ./install.sh

root@kali~# ./XRCross -h

Open folder config/ and edit file:
  |-> Api-github.txt <(inssert github token)
  |-> ssrf.txt <(inssert ssrf payload)
  |-> xss.ht <(inssert your.xss.ht)

✔️ Go language dependency:

All the dependent libraries are compiled with go version 1.14.2. So go version 1.14.2 should be installed
(strictly). Secondly, $GOPATH should be set to /root/go and it should be exported to PATH using "export PATH=$PATH:$GOROOT/bin/:$GOPATH/bin" 
and same should be present in profile or bash_profile or bashrc. XRCross checks for all the go dependencies under ~/go/bin.

✔️ Donate!

(I love coffee and am very addicted to coffee:v)

✔️ Contribution & License

You can contribute in following ways:

• Give suggestions to make it better
• Fix issues & submit a pull request

Credits Thanks:

• get a word list elsewhere.
• dalfox By [@hahwul]
• hakcheckurl By [@hakluke]
• waybackurls By [@tomnomnom]
• lc By [@lc]
• ffuf By [@ffuf]
• subfinder By [@projectdiscovery]
• CORS-Scanner By [@Tanmay-N]
• Gf-Patterns By [@1ndianl33t]
• httpx By [@projectdiscovery]
• SubOver By [@Ice3man543]
• github-sub By [@theblackturtle]
• s3enum By [@koenrh]
• hinject By [@dwisiswant0]