Home>Programming related>Other source code
Download

Tools focused on web fingerprinting


Quick Start • Features • Use • Contribute • Download • Use Documentation

Quick to use

Before use, please be sure to read and agree to the terms in the License file, otherwise do not install and use this tool.

  1. Specify a single target for fingerprint scanning:

 xapp -r xxx.yml -t https://www.example.comecho https://www.example.com | xapp -r xxx.yml

  1. Specify fingerprint scanning for multiple targets:

 xapp -r xxx.yml -t https://www.example.com -t https://www.example2.com
xapp -r xxx.yml -i targets.txt
cat targets.txt | xapp -r xxx.yml

  1. Specify multiple fingerprints to scan:

 xapp -r xxx.yml -r yyy.yml -t https://www.example.com
xapp -r "./finger/web/*.yml" -t https://www.example.com
xapp -r "./finger/**/*.yml" -t https://www.example.com

  1. Specify group to scan:

 xapp -g web.list -t https://www.example.com

Features

  1. Supports web fingerprint recognition, which can quickly identify the technology stack of web targets and provide basic data for security testing.

  2. The rule syntax is consistent with xray PoC, simple and easy to understand, and suitable for novice developers to get started quickly.

  3. Customize fingerprint rules to implement fine logical branches and enhance the accuracy and flexibility of identification.

  4. Open co-creation: Encourage community participation to jointly build a standard fingerprint rule set on GitHub, share your own fingerprint rule set, and make it free for everyone to use.

  5. Performance optimization: Specifically optimized for scenarios where a large number of fingerprints are loaded at the same time to improve operating efficiency.

Install and use

Just download the latest version of the corresponding system in releases, and run xapp -h to view the help.

 __ / ___. /_. /_. | |/ / / | / __. / __. | /XRAY™/| | / /_/ // /_/ /
/ | / ___ |/ .___// .___/
/ /|_| / / |_/_/ /_//0.0.0/[INF] 24-06-26 22:25:33 Use the configuration file in the following location: /root/.xray/xapp/xapp- config.yaml [app.go:422]
XAPP:


Example:
Scan single target: xapp -t http://192.168.1.1:8000
└> multiple targets: xapp -t http://192.168.1.1:8000 -t http://192.168.1.1:8001
└> target file: xapp -i a.txt
Show plugin: xapp -v
└> run one plugin: xapp -t tcp://192.168.1.1:8000 -r "./finger/finger.yml" └> run plugins: xapp -t tcp://192.168.1.1:8000 -r ". /finger/*.yml" description:
web application scanner

Order:
lint performs static format verification on yaml scripts score scores yaml fingerprint scripts help, h Shows a list of commands or help for one command option:
HTTP client:
--hrps value, --host_rps value The maximum number of requests sent per second for a single Host: If it is less than or equal to 0, there is no limit on the maximum number of requests sent per second (default: 0)
--http-proxy value [ --http-proxy value ] HTTP client proxy: [http|https|socks5://][username[:password]@]host[:port] Only takes effect for http connections --retry value The number of retries for failed requests (default: 2)

Plug-in display:
-v list enabled plugins (default: false)

Log management:
--debug debugging: print debug log (default: false)
--log-level value specifies the level: debug/info (default)/warn/error/fatal/disable
--silent: do not print banner, log level is set to fatal (default: false)

Target breakdown:
-i value target file: Specify a text file containing the scan target -t value [ -t value ] Scan target: It can be a mixed input of URL/IP/domain name/Host:Port and other forms (default)

Result output:
-o value [ -o value ] Result output: Specify the file path to save the results. Set variables:
--env value [ --env value ] Set system variables connection management:
--proxy value Global proxy: socks5://[username[:password]@]host[:port] Only supports socks5, effective for all connections --timeout value Read timeout: The maximum time to read data from the connection ( default: 5s)

General:
--config value configuration file: use the specified configuration file, if the file does not exist, automatically create a default configuration file -d value, --disable value [ -d value, --disable value ] Disable: prohibit the execution of specific plug-ins, only supported Enter the plug-in name -g value, --group value [ -g value, --group value ] Plug-in group: execute the specified plug-in group file -r value, --run value [ -r value, --run value ] Execute only : Only execute the specified plug-in, supports glob/absolute path/relative path

Advanced

Please see https://docs.xray.cool/tools/xapp/QuickStart for the following advanced usage.

  • Fingerprint scoring

Fingerprint warehouse/contribution fingerprint

Visit xray-plugins for details

Discussion board

Please be sure to read https://docs.xray.cool/#/guide/feedback first when submitting requests for false positives or false negatives, etc.

If you have any questions, you can raise an issue on GitHub or in the discussion group below

  1. GitHub issue: https://github.com/chaitin/xapp/issues

  2. WeChat public account: Scan the following QR code on WeChat to follow us

  3. WeChat Group: Please add a WeChat official account and click "Contact Us" -> "Add Group", then scan the QR code to join the group

  4. QQ group: 717365081

Expand
Additional Information
Related Applications
Recommended for You
Related Information All
User Comments