1. Introduction
xray (https://github.com/chaitin/xray) is a community version of vulnerability scanning artifact extracted from the core engine of Changting Dongjian. It supports active and passive scanning methods, provides a blind typing platform, and can flexibly define POC , With rich functions, simple to call, and supports Windows / macOS / Linux multiple operating systems, which can meet the needs of automated Web vulnerability detection of the majority of security practitioners.
Xray is often used to perform passive scanning in conjunction with burp, which can greatly improve the penetration efficiency when performing intranet web penetration.
2. How to use
1. bp configuration
On the basis of conventional packet capture, burp is configuring a downstream agent. Send the traffic capture to xray for scanning. Make the following configuration on the basis that bp can catch the website data packet. Here bp captures the traffic to port 7777 of the machine
2. Open xray
Enter cmd in the directory of the xray exe program and execute the following commands. xx.html is the saved file of the scanned vulnerability
xray_windows_amd64.exe webscan --listen 127.0.0.1:7777 --html-output xx.html