【Xray Scanning Tool】Introduction, download, usage steps, command guide, import security certificate

Hits: 0

Table of contents

1. Introduction:

2. Download:

3. How to use

3.1. Use steps:

3.1.1, the first step: open Windows powershell in the folder (or cmd to enter)

3.1.2. Step 2: Use the XRAY.exe program in the terminal

3.2. Command guide:

3.2.1. Single scan

3.2.2, single scan, crawling

3.2.3. Passive scanning

3.2.4. Output file format

3.2.5. Specify the scan plugin

3.3, support module

Fourth, import the certificate:

4.1. The first step: export the certificate

4.2. Step 2: Install this certificate

4.3, the third step: import into the browser

1. Introduction:

Xray is a community version [vulnerability scanning] artifact  extracted from the core engine of Changting Cave . It supports active and passive scanning methods. It provides its own touch-typing platform and can flexibly define POC. It has rich functions and simple calls. It supports Windows / macOS / Linux A variety of operating systems can meet the needs of the majority of security practitioners for automated Web vulnerability detection.

2. Download:


Directly click to open, prompt to call it in the terminal, not directly double-click to open

3. How to use

3.1. Use steps:

3.1.1, the first step: open Windows powershell in the folder (or cmd to enter)

Right click on empty space (or hold shift and right click)


3.1.2. Step 2: Use the XRAY.exe program in the terminal

(Do not misspell the name of the exe file)

What I entered here is:

.\xray_windows_amd64.exe webscan –url 127.0.0.1

See below for more commands

3.2. Command guide:

3.2.1. Single scan

Only scan a single URL (no crawler)

xray webscan –url URL (URL)


3.2.2, single scan, crawling

Crawler, scans a specified URL

Use basic crawlers to crawl and scan the links crawled by the crawlers for vulnerabilities

xray webscan –basic-crawler URL (URL) 


3.2.3. Passive scanning

Passive scanning with HTTP proxy

xray webscan –listen 127.0.0.1:7777 –html-output proxy.html

Set the browser http proxy to http://127.0.0.1:7777 to automatically analyze and scan the proxy traffic.

(We need to import the certificate under the xray running directory ca.crtinto the browser)


3.2.4. Output file format

The form of the output file (add directly after the command)

No arguments: output to the standard output of the console

–text-output filename.text: output to a text file

–json-output filename.json: output to JSON file

–html-output filename.html: output to HTML file


3.2.5. Specify the scan plugin

Manually specify the plug-in to run this time, multiple plug-ins can be separated by commas

By default, all built-in plugins will be enabled, you can use the following command to specify which plugins are enabled for this scan.

xray webscan –plugins cmd-injection,sqldet –url http://example.com

xray webscan –plugins cmd-injection,sqldet –listen 127.0.0.1:7777

3.3, support module

  • XSS vulnerability detection (key: xss)

    Detecting XSS Vulnerabilities Using Semantic Analysis

  • SQL injection detection (key: sqldet)

    Support error injection, Boolean injection and blind time injection, etc.

  • Command/Code Injection Detection (key: cmd-injection)

    Support shell command injection, PHP code execution, template injection, etc.

  • Directory enumeration (key: dirscan)

    Detect more than 10 types of sensitive paths and files such as backup files, temporary files, debug pages, and configuration files

  • Path traversal detection (key: path-traversal)

    Supports common platforms and encodings

  • XML entity injection detection (key: xxe)

    Supports platform detection with echo and anti-connection

  • poc management (key: phantasm)

    By default, some commonly used POCs are built in, and users can build and run POCs according to their needs.

  • File upload detection (key: upload)

    Support for common backend languages

  • Weak password detection (key: brute-force)

    Community edition supports detection of HTTP basic authentication and simple form weak passwords, built-in common username and password dictionary

  • jsonp detection (key: jsonp)

    Detect jsonp interfaces containing sensitive information that can be read across domains

  • ssrf detection (key: ssrf)

    ssrf detection module, supports common bypass techniques and anti-connection platform detection

  • Baseline check (key: baseline)

    Detect low SSL versions, missing or incorrectly added http headers, etc.

  • Arbitrary jump detection (key: redirect)

    Support HTML meta jump, 30x jump, etc.

  • CRLF injection (key: crlf-injection)

    Detect HTTP header injection, support query, body and other parameters

  • Struts2 series vulnerability detection (advanced version, key: struts)

    Detect whether the target website has Struts2 series vulnerabilities, including common vulnerabilities such as s2-016, s2-032, and s2-045

  • Thinkphp series vulnerability detection (advanced version, key: thinkphp)

    Detect related vulnerabilities of websites developed by ThinkPHP

Fourth, import the certificate:

4.1. The first step: export the certificate

genca export certificate

.\xray_windows_amd64.exe genca

The exported certificate will be in the same directory as .\xray_windows_amd64.exe

4.2. Step 2: Install this certificate

Double click ca.crt

4.3, the third step: import into the browser

Search the certificate directly in the browser settings

Go to the directory to find the certificate you just exported, and select it

check trust

Then you can use XRAY to proxy the browser

Passive scanning is possible

You may also like...

Leave a Reply

Your email address will not be published.