x8
The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss. Greater accuracy is achieved thanks to the line-by-line comparison of pages, comparison of response code and reflections.
Details
Category: Fuzzing
Publisher: trickest
Created Date: 7/22/2021
Container: quay.io/trickest/x8:ab1ba6c-patch-1
Source URL: https://github.com/Sh1Yo/x8
Parameters
max
string
Command:
--max - Change the maximum number of parameters per request. (default is <= 256 for query, 64 for headers and 512 for body)url
string
requiredCommand:
--url - You can add a custom injection point with %s. Multiple values are supported: https://url1 http://url2body
string
Command:
--body - Example body: '{x:{%s}}'http
string
Command:
--http - HTTP version. Supported versions: --http 1.1, --http 2port
string
Command:
--port - Port to use with request filetest
boolean
Command:
--test - Prints request and responsedelay
string
Command:
--delay - Delay between requests in milliseconds [default: 0]force
boolean
Command:
--force - Force searching for parameters on pages > 25MB. Remove an error in case there's 1proto
string
Command:
--proto - Protocol to use with request file (default is https)proxy
string
Command:
--proxy - Proxyencode
boolean
Command:
--encode - Encodes query or body before making a request, i.e & -> %26, = -> %3Dinvert
boolean
Command:
--invert - By default, parameters are sent within the body only in case PUT or POST methodsjoiner
string
Command:
--joiner - How to join parameter templates. Example: --joiner '&'. Default: urlencoded - '&', json - ', ', header values - '; 'method
string
Command:
--method - Multiple values are supported: -X GET POSTstrict
boolean
Command:
--strict - Only report parameters that have changed the different parts of a pageverify
boolean
Command:
--verify - Verify found parameters.headers
string
Command:
-H - Example: 'one:one' 'two:two'request
file
Command:
--request - The file with the raw http requesttimeout
string
Command:
--timeout - HTTP request timeout in seconds. [default: 15]verbose
string
Command:
--verbose - Verbose level 0/1/2 [default: 1]workers
string
Command:
--workers - The number of concurrent url checks. [default: 1]split-by
string
Command:
--split-by - Split the request into lines by the provided sequence. By default splits by
,
and
url-list
file
requiredCommand:
--url - You can add a custom injection point with %s. Multiple values are supported: https://url1 http://url2wordlist
file
requiredCommand:
--wordlist - -w, --wordlist <wordlist>data-type
string
Command:
--data-type - -t, --data-type <data-type>concurrency
string
Command:
-c - The number of concurrent requests per url [default: 1]replay-once
boolean
Command:
--replay-once - If a replay proxy is specified, send all found parameters within one request.check-binary
boolean
Command:
--check-binary - Check the body of responses with binary content typesremove-empty
boolean
Command:
--remove-empty - Skip writing to file outputs of url:method pairs without found parametersreplay-proxy
string
Command:
--replay-proxy - Request target with every found parameter via the replay proxy at the end.custom-values
string
Command:
--custom-values - Values for custom parameters (default is 1 0 false off null true yes no)mimic-browser
boolean
Command:
--mimic-browser - Add default headers that browsers usually set.output-format
string
Command:
--output-format - standart, json, url, request [default: standart]disable-colors
boolean
Command:
--disable-colors - Disable colorslearn-requests
string
Command:
--learn-requests - Set the custom number of learn requests. [default: 9]param-template
string
Command:
--param-template - %k - key, %v - value. Example: --param-template 'user[%k]=%v'. Default: urlencoded - <%k=%v>, json - <%k:%v>, headers - <%k=%v>reflected-only
boolean
Command:
--reflected-only - Disable page comparison and search for reflected parameters only.recursion-depth
string
Command:
--recursion-depth - Check the same list of parameters with the found parameters until there are no new parameters to be found. Conflicts with --verify for now.disable-trustdns
boolean
Command:
--disable-trustdns - Can solve some dns related problemsfollow-redirects
boolean
Command:
--follow-redirects - Follow redirectionsprogress-bar-len
string
Command:
--progress-bar-len - [default: 26]custom-parameters
string
Command:
--custom-parameters - Check these parameters with non-random values like true/false yes/no (default is admin bot captcha debug disable encryption env show sso test waf)one-worker-per-host
boolean
Command:
--one-worker-per-host - Multiple urls with the same host will be checked one after another,disable-progress-bar
boolean
Command:
--disable-progress-bar - Disable progress bardisable-additional-checks
boolean
Command:
--disable-additional-checks - Disable additional checksdisable-custom-parameters
boolean
Command:
--disable-custom-parameters - Do not automatically check parameters like admin=true