Using xray tool in MAC environment

Mobile 2023-10-03 11:45:19 views: null

I won’t introduce too much here. The link below explains it very clearly. I will record the pitfalls encountered below.

https://docs.xray.cool/#/tutorial/webscan_basic_crawler

 Select the corresponding tool in the Mac environment

 After downloading, put it in your own directory and open the terminal to view the version information.

./xray_darwin_amd64 version 

 

The next step is to configure and generate the ca certificate. For specific steps, please refer to the above link.

Run  ./xray_darwin_amd64 genca to generate the ca certificate and save it as  ca.crt two  ca.key files. 

 After starting xray for the first time,  config.yml a file will be generated in the current directory. Select the file editor to open it and modify it according to the instructions below.

To start, just enter the command directly

./xray_darwin_amd64

====

Let’s focus on the issue of proxy settings.

If you have proxy software like Clash, you can configure this. Secondly, if you want to scan through the proxy, you need to configure the global proxy and select the corresponding server before you can scan through the proxy software. I discovered this after testing it many times.

proxy: "http://127.0.0.1:7890" Enter the proxy address of clash here, usually 7890

http:
  proxy: "http://127.0.0.1:8080"                             # 漏洞扫描时使用的代理,如: http://127.0.0.1:8080。 如需设置多个代理,请使用 proxy_rule 或自行创建上层代理
  proxy_rule: []                        # 漏洞扫描使用多个代理的配置规则, 具体请参照文档
  dial_timeout: 5                       # 建立 tcp 连接的超时时间
  read_timeout: 10                      # 读取 http 响应的超时时间,不可太小,否则会影响到 sql 时间盲注的判断
  max_conns_per_host: 50                # 同一 host 最大允许的连接数,可以根据目标主机性能适当增大
  enable_http2: false                   # 是否启用 http2, 开启可以提升部分网站的速度,但目前不稳定有崩溃的风险
  fail_retries: 0                       # 请求失败的重试次数,0 则不重试
  max_redirect: 5                       # 单个请求最大允许的跳转数
  max_resp_body_size: 2097152           # 最大允许的响应大小, 默认 2M
  max_qps: 500                          # 每秒最大请求数
  allow_methods:                        # 允许的请求方法
  - HEAD
  - GET
  - POST
  - PUT
  - PATCH
  - DELETE
  - OPTIONS
  - CONNECT
  - TRACE
  - MOVE
  - PROPFIND
  headers:
    User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
    # Cookie: key=value

 After the configuration is completed, exit xray and reopen it.

Scan the test address in the link to see if it can be scanned successfully

 ./xray_darwin_amd64 webscan --basic-crawler http://testphp.vulnweb.com/  --html-output 123.html

Guess you like

Origin blog.csdn.net/y995zq/article/details/130871443
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com