Hello,

danger_disable_hostname_verification() some website use old ssl cert or wrong ..etc better use this func thank you

reqwest::Error { kind: Request, url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Ipv4(555)), port: None, path: "", query: Some(""), fragment: None }, source: hyper::Error(Connect, Custom { kind: Other, error: "invalid dnsname" }) }

So Request Of Burp Suite Was

GET / HTTP/2
Host: www.google.com
Cookie: ******

So When Use Burp Suite Extension "Send To" , x8 Will Parse The Request Like That

GET https://www.google.com HTTP/2
Host: www.google.com
Cookie: ******

So If You Tried Send This Request By Using Burp , You Will Get This Response

HTTP/2 400 Bad Request
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1555

So Every Request Sent By x8 Not Correct So x8 Should Send Request Like This

GET / HTTP/2
Host: www.google.com
Cookie: ******

To https://www.google.com Not

GET https://www.google.com HTTP/2
Host: www.google.com
Cookie: ******

To https://www.google.com

Hi,

i see the current argument -u which is accepting url as input. so could it support -file for example for multiple URLs per file.

One more thing as temp workaround i'm running it via xargs loop BUT unfortunately it dose not append output it's overwrite the previous output

xargs -n1 -P 10 -I {} sh -c "x8 -u {} -O url -o out-x8.txt -c 50" < file-urls.txt

the problem with that loop it dose not append the found results to out-x8.txt

Hi

This project looks great. I was interested in using it, but it doesn't seem like it supports scanning multiple URLs in one go. I understand you can probably just create a bash loop, but then you end up with tons of output files instead of one, without a simple way of combining them (like JSON files).

amazing tool, really could you add support to output the request as raw so it can be imported directly to any other tool? example

POST /someendpoint HTTP/1.1
Host: example.com
Connection: close
Accept: */*
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103
Content-Type: application/json

{...discovered params here}

Thanks

Hello Sir,

How to solve this issue in ARCH LINUX, Please help :-) ##################################################################################################### $ sudo pacman -S x8 [sudo] password for cyberghazi786: error: could not register 'multilib' database (database already registered) error: could not register 'multilib' database (database already registered) error: could not register 'multilib' database (database already registered) error: could not register 'multilib' database (database already registered) resolving dependencies... looking for conflicting packages...

Package (1) New Version Net Change

blackarch/x8 113.5f3b3cd-1 7.59 MiB

Total Installed Size: 7.59 MiB

:: Proceed with installation? [Y/n] Y (1/1) checking keys in keyring [--------------------------------] 100% (1/1) checking package integrity [--------------------------------] 100% (1/1) loading package files [--------------------------------] 100% (1/1) checking for file conflicts [--------------------------------] 100% :: Processing package changes... (1/1) installing x8 [--------------------------------] 100% :: Running post-transaction hooks... (1/1) Arming ConditionNeedsUpdate... [cyberghazi786@cyberghazi786-vmwarevirtualplatform bin]$ x8 x8: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

#######################################################################################################

I save the results of the program as -o results.txt. but if there is no parameter in a url address, it writes the same url address without parameters to the output file. I don't understand why you set it this way. If no parameter is found, it doesn't make much sense to add it to the output file. If you examine both this problem and the other issue(https://github.com/Sh1Yo/x8/issues/24) I created and update the program, the program will be much better.

beside reading wordlist from file, making x8 to read it from stdin would make it easier to pipe with other tools (like when you pipe commands to create a bug-bounty automation script). we can have it by checking --wordlist flag, if filename provided after the flag, x8 would read the file and consider it as the wordlist file. otherwise it'll read words from stdin. sth like this:

$ x8 -u "https://example.com/" --wordlist <wordlist file>
$ echo 'word1\nword2\nword3' | x8 -u "https://example.com/" --wordlist

If you agree with it, I would be really happy to work on it and send a PR.

', /home/kali/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-sys-0.9.72/build/find_normal.rs:180:5 note: run with RUST_BACKTRACE=1 environment variable to display a backtrace warning: build failed, waiting for other jobs to finish... error: build failed

gHello, first thank you very much for your tool.

I got a lot of bountys on hackerone (https://hackerone.com/arthuraires), I would like to share a case that might be a future implementation.

X8 noticed that a parameter modified the page's response, in case the parameter was reflected in uppercase, it didn't put it as reflected only as responsible for changing the number of items on the page.

So adding an add comparison with the uppercase string can increase the detection rate.

Thanks for listening!

Привет :)

Currently, the tooling only mentions the reason a potential parameter is detected in the stdout only. It would be really helpful in cases where a user has multiple output files from the past to see which parameter was detected to reflecting back vs changing in response code, etc.

Current output format

{"method":"GET", "url":"http://ffuf.me/cd/param/data", "parameters":["debug"]}

Desired output format

{
   "method": "GET",
    "url": "http://ffuf.me/cd/param/data",
    "parameters" : [
        {
            "param": "debug",
            "reason": "Different response code: 400 -> 200"
        }
    ]
}

So instead of just sending parameter names to futures_data, also send the message that was sent to writeln https://github.com/Sh1Yo/x8/blob/main/src/logic.rs#L216

-- Regards, @bugbaba

can be simply used like this:

$ ls
input.txt

$ docker run -it -v $PWD:/app x8 -u https://4rt.one/level1 -w /app/input.txt

or

$ cat input.txt | docker run -i x8 -u https://4rt.one/level1 -w

I noticed that the output is not saved to the file from time to time when using --output <file> param (but the discovered query-param is printed to STDOUT). Also this depends on URL being tested. For the provided URL, I noticed that on the second-third run the output file gets empty.

OS: Amazon Linux

Steps to reproduce:

$ ./x8 -u "https://manage.nba.com/wp-login.php" --learn-requests 1  --output temp.txt
urls:         https://manage.nba.com/wp-login.php
methods:      GET
wordlist len: 0

GET https://manage.nba.com/wp-login.php?%s (200) [45359] {0}
[~] The page is not stable (body)
reflects: redirect_to

GET https://manage.nba.com/wp-login.php % redirect_to

$ cat temp.txt 
GET https://manage.nba.com/wp-login.php % redirect_to

$ ./x8 -u "https://manage.nba.com/wp-login.php" --learn-requests 1  --output temp.txt
urls:         https://manage.nba.com/wp-login.php
methods:      GET
wordlist len: 0

GET https://manage.nba.com/wp-login.php?%s (200) [45360] {0}
[~] The page is not stable (body)
reflects: redirect_to

GET https://manage.nba.com/wp-login.php % redirect_to

$ cat temp.txt 
# empty. 

when it comes to piping commands in order to read the word list (file & stdin), doing it asynchronously would be more efficient. consider sth like CeWL which extracts words from a website and creates a word list. so instead of waiting for the whole output we can read them asynchronously as they're generated. I guess this can be done with little effort as x8 itself has an async architecture.