x8
The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss. Greater accuracy is achieved thanks to the line-by-line comparison of pages, comparison of response code and reflections.
Details
Category: Fuzzing
Publisher: trickest
Created Date: 7/22/2021
Container: quay.io/trickest/x8:ab1ba6c-patch-1
Source URL: https://github.com/Sh1Yo/x8
Parameters
max
string
Command:
--max
- Change the maximum number of parameters per request. (default is <= 256 for query, 64 for headers and 512 for body)url
string
requiredCommand:
--url
- You can add a custom injection point with %s. Multiple values are supported: https://url1 http://url2body
string
Command:
--body
- Example body: '{x:{%s}}'http
string
Command:
--http
- HTTP version. Supported versions: --http 1.1, --http 2port
string
Command:
--port
- Port to use with request filetest
boolean
Command:
--test
- Prints request and responsedelay
string
Command:
--delay
- Delay between requests in milliseconds [default: 0]force
boolean
Command:
--force
- Force searching for parameters on pages > 25MB. Remove an error in case there's 1proto
string
Command:
--proto
- Protocol to use with request file (default is https)proxy
string
Command:
--proxy
- Proxyencode
boolean
Command:
--encode
- Encodes query or body before making a request, i.e & -> %26, = -> %3Dinvert
boolean
Command:
--invert
- By default, parameters are sent within the body only in case PUT or POST methodsjoiner
string
Command:
--joiner
- How to join parameter templates. Example: --joiner '&'. Default: urlencoded - '&', json - ', ', header values - '; 'method
string
Command:
--method
- Multiple values are supported: -X GET POSTstrict
boolean
Command:
--strict
- Only report parameters that have changed the different parts of a pageverify
boolean
Command:
--verify
- Verify found parameters.headers
string
Command:
-H
- Example: 'one:one' 'two:two'request
file
Command:
--request
- The file with the raw http requesttimeout
string
Command:
--timeout
- HTTP request timeout in seconds. [default: 15]verbose
string
Command:
--verbose
- Verbose level 0/1/2 [default: 1]workers
string
Command:
--workers
- The number of concurrent url checks. [default: 1]split-by
string
Command:
--split-by
- Split the request into lines by the provided sequence. By default splits by
,
and
url-list
file
requiredCommand:
--url
- You can add a custom injection point with %s. Multiple values are supported: https://url1 http://url2wordlist
file
requiredCommand:
--wordlist
- -w, --wordlist <wordlist>data-type
string
Command:
--data-type
- -t, --data-type <data-type>concurrency
string
Command:
-c
- The number of concurrent requests per url [default: 1]replay-once
boolean
Command:
--replay-once
- If a replay proxy is specified, send all found parameters within one request.check-binary
boolean
Command:
--check-binary
- Check the body of responses with binary content typesremove-empty
boolean
Command:
--remove-empty
- Skip writing to file outputs of url:method pairs without found parametersreplay-proxy
string
Command:
--replay-proxy
- Request target with every found parameter via the replay proxy at the end.custom-values
string
Command:
--custom-values
- Values for custom parameters (default is 1 0 false off null true yes no)mimic-browser
boolean
Command:
--mimic-browser
- Add default headers that browsers usually set.output-format
string
Command:
--output-format
- standart, json, url, request [default: standart]disable-colors
boolean
Command:
--disable-colors
- Disable colorslearn-requests
string
Command:
--learn-requests
- Set the custom number of learn requests. [default: 9]param-template
string
Command:
--param-template
- %k - key, %v - value. Example: --param-template 'user[%k]=%v'. Default: urlencoded - <%k=%v>, json - <%k:%v>, headers - <%k=%v>reflected-only
boolean
Command:
--reflected-only
- Disable page comparison and search for reflected parameters only.recursion-depth
string
Command:
--recursion-depth
- Check the same list of parameters with the found parameters until there are no new parameters to be found. Conflicts with --verify for now.disable-trustdns
boolean
Command:
--disable-trustdns
- Can solve some dns related problemsfollow-redirects
boolean
Command:
--follow-redirects
- Follow redirectionsprogress-bar-len
string
Command:
--progress-bar-len
- [default: 26]custom-parameters
string
Command:
--custom-parameters
- Check these parameters with non-random values like true/false yes/no (default is admin bot captcha debug disable encryption env show sso test waf)one-worker-per-host
boolean
Command:
--one-worker-per-host
- Multiple urls with the same host will be checked one after another,disable-progress-bar
boolean
Command:
--disable-progress-bar
- Disable progress bardisable-additional-checks
boolean
Command:
--disable-additional-checks
- Disable additional checksdisable-custom-parameters
boolean
Command:
--disable-custom-parameters
- Do not automatically check parameters like admin=true