Awesome Open Source
Awesome Open Source

XRCross (Recon)


About XRCross

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. 
This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities 


            XRCross -u/--url <arguments>
    Optional Arguments:
            -h /--help          | show this help message and exit
            -u /--url           | URLs
            -a /--aws           | Amazon S3 bucket enumeration
            -p /--proxy         | URL of the proxy server (default:
            -s /--subdo         | Check Subdomains Enumerations
            -m /--map           | Domain Mapping with dnsdumster
            -l /--live          | Check live the Subdomains for working HTTP and HTTPS servers
            -hr/--header        | Host header injection 
            -sm/--smuggling     | HTTP request smuggling 
            -t /--takeover      | Check Posible Takeover
            -cr/--cors          | CORS misconfiguration scanner
                --flash         | Basic cors misconfig flash
            -d /--dir           | Dir enumeration
               -w /--wordlists  | Wordlist file to use for enumeration. (default wordlists/wordlists.txt)
            -lp/--lfiparam      | Get LFI Parameters       
                --lfiv          | LFI Check Vulnerabilty
            -st/--ssti          | Get parameter SSTI Vulnerabilty  
                --sstiv         | Test Vulnerabilty SSTI
            -ss/--ssrf          | Get SSRF Parameters 
                --blind         | Blind SSRF testing Vulnerabilty
            -c /--cmd           | Get Command Injection Parameter
                --cmdv          | Command Injection Check Vulnerabilty
            -r /--redirect      | Get redirec Parameters
                --rev           | Get Vulnerabilty Open-redirect
            -x /--xss           | Get XSS Parameters        
                --xssv          | XSS Scanners Vulnerabilty
            -j /--jstatus       | Get Status JavaScript 
                --jsurl         | Gathering all js urls and extract endpoints from js file

                --idor          | Get IDOR Parameters
                --rce           | Get RCE Parameters
                --sqli          | Get SQLI Parameters
                --img           | Get img-traversal Parameters
                --int           | Interestingparams

            -w /--wayback       | Scraping wayback for data
                --js            | Jsurls 
                --php           | Phpurls
                --asp           | ASP
                --html          | Html
            -v /--verbose       | verbose mode
            -o /--outfile       | outfile    

How to install XRCross:

[email protected]~# git clone

[email protected]~# ./

[email protected]~# ./XRCross -h

Open folder config/ and edit file:
  |-> Api-github.txt <(inssert github token)
  |-> ssrf.txt <(inssert ssrf payload)
  |-> <(inssert

Go language dependency:

All the dependent libraries are compiled with go version 1.14.2. So go version 1.14.2 should be installed
(strictly). Secondly, $GOPATH should be set to /root/go and it should be exported to PATH using "export PATH=$PATH:$GOROOT/bin/:$GOPATH/bin" 
and same should be present in profile or bash_profile or bashrc. XRCross checks for all the go dependencies under ~/go/bin.


(I love coffee and am very addicted to coffee:v)
Buy Me A Coffee

Contribution & License

You can contribute in following ways:

  • Give suggestions to make it better
  • Fix issues & submit a pull request

Credits Thanks:

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Bugbounty (765
Cors (563
Recon (303
Rce (168
Related Projects