x8
The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss. Greater accuracy is achieved thanks to the line-by-line comparison of pages, comparison of response code and reflections.
Name:x8
Category:Fuzzing
Publisher:trickest
Created:7/22/2021
Container:
quay.io/trickest/x8:ab1ba6c-patch-1Output Type:
License:Unknown
Source:View Source
Parameters
--maxChange the maximum number of parameters per request. (default is <= 256 for query, 64 for headers and 512 for body)--urlYou can add a custom injection point with %s. Multiple values are supported: https://url1 http://url2--bodyExample body: '{x:{%s}}'--httpHTTP version. Supported versions: --http 1.1, --http 2--portPort to use with request file--testPrints request and response--delayDelay between requests in milliseconds [default: 0]--forceForce searching for parameters on pages > 25MB. Remove an error in case there's 1--protoProtocol to use with request file (default is https)--proxyProxy--encodeEncodes query or body before making a request, i.e & -> %26, = -> %3D--invertBy default, parameters are sent within the body only in case PUT or POST methods--joinerHow to join parameter templates. Example: --joiner '&'. Default: urlencoded - '&', json - ', ', header values - '; '--methodMultiple values are supported: -X GET POST--strictOnly report parameters that have changed the different parts of a page--verifyVerify found parameters.-HExample: 'one:one' 'two:two'--requestThe file with the raw http request--timeoutHTTP request timeout in seconds. [default: 15]--verboseVerbose level 0/1/2 [default: 1]--workersThe number of concurrent url checks. [default: 1]--split-bySplit the request into lines by the provided sequence. By default splits by
,
and
--urlYou can add a custom injection point with %s. Multiple values are supported: https://url1 http://url2--wordlist-w, --wordlist <wordlist>--data-type-t, --data-type <data-type>-cThe number of concurrent requests per url [default: 1]--replay-onceIf a replay proxy is specified, send all found parameters within one request.--check-binaryCheck the body of responses with binary content types--remove-emptySkip writing to file outputs of url:method pairs without found parameters--replay-proxyRequest target with every found parameter via the replay proxy at the end.--custom-valuesValues for custom parameters (default is 1 0 false off null true yes no)--mimic-browserAdd default headers that browsers usually set.--output-formatstandart, json, url, request [default: standart]--disable-colorsDisable colors--learn-requestsSet the custom number of learn requests. [default: 9]--param-template%k - key, %v - value. Example: --param-template 'user[%k]=%v'. Default: urlencoded - <%k=%v>, json - <%k:%v>, headers - <%k=%v>--reflected-onlyDisable page comparison and search for reflected parameters only.--recursion-depthCheck the same list of parameters with the found parameters until there are no new parameters to be found. Conflicts with --verify for now.--disable-trustdnsCan solve some dns related problems--follow-redirectsFollow redirections--progress-bar-len[default: 26]--custom-parametersCheck these parameters with non-random values like true/false yes/no (default is admin bot captcha debug disable encryption env show sso test waf)--one-worker-per-hostMultiple urls with the same host will be checked one after another,--disable-progress-barDisable progress bar--disable-additional-checksDisable additional checks--disable-custom-parametersDo not automatically check parameters like admin=true