¶ Xray
LICENSE
XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic.
¶ Flag:
_run/entrypoint__output_via_file.sh, python3, entrypoint.py
¶ Used facts:
ActiveMQ Improper Input Validation (CVE-2016-3088)
Adobe ColdFusion directory traversal attack (CVE-2010-2861)
Buffer Overflow (CVE-2017-7679)
Buffer Overflow (CVE-2019-11036)
Buffer Overflow (CVE-2019-11040)
Buffer Overflow (CVE-2019-6977)
Buffer Overflow (CVE-2019-9638)
Buffer Overflow (CVE-2019-9639)
Buffer Overflow (CVE-2019-9640)
Buffer Overflow (CVE-2019-9641)
Buffer Overflow attack (CVE-2010-4652)
Cause DoS via kex packet (CVE-2011-4130)
Cause DoS via kex packet (CVE-2019-0220)
Command Injection (CVE-2019-15107)
Content-Type header is missing
Cookie without secure flag set
Cross-Site Scripting (CVE-2018-10547)
Cross-Site Scripting (CVE-2018-17082)
Detect Information Disclosure
Detect Information Disclosure (CVE-2015-8399)
Detect SSRF vulnerability (CVE-2019-8451)
Detected CVE-2015-3337
Detected CVE-2019-16759
Detected CVE-2019-2725
Detected Directory traversal (Path Traversal) (CVE-2019-3396)
Detected Improper Input Validation (CVE-2019-6340)
Detected Out-of-bounds Read (CVE-2018-10549)
Detected Out-of-bounds Read (CVE-2018-14851)
Detected Out-of-bounds Read (CVE-2019-11039)
Detected Out-of-bounds Read (CVE-2019-9020)
Detected Out-of-bounds Read (CVE-2019-9021)
Detected Out-of-bounds Read (CVE-2019-9022)
Detected Out-of-bounds Read (CVE-2019-9023)
Detected Out-of-bounds Read (CVE-2019-9024)
Detected Out-of-bounds Write (CVE-2017-15710)
Detected robots.txt
Device is vulnerable to CVE-2018-9995
Directory traversal (CVE-2010-3867)
Directory traversal (CVE-2017-1000028)
Directory traversal (CVE-2018-11759)
Directory Traversal (Path Traversal)
Directory traversal (Path Traversal) (CVE-2018-7490)
Drupal core SQL-injection (CVE-2014-3704)
Found information about domain
Found sensitive files
Geo location detected
Improper Access Control (CVE-2014-3120)
Improper Access Control (CVE-2015-1427)
Improper Authentication (CVE-2010-4478)
Improper Authentication (CVE-2017-3167)
Improper Authentication (CVE-2018-12613)
Improper Authentication (CVE-2018-1312)
Improper Authentication (CVE-2019-0193)
Improper Authentication (CVE-2019-0197)
Improper Authentication (CVE-2019-17506)
Improper Input Validation (CVE-2010-1871)
Improper Input Validation (CVE-2012-1823)
Improper Input Validation (CVE-2017-15715)
Improper Input Validation (CVE-2017-7668)
Improper Input Validation (CVE-2018-11763)
Improper Input Validation (CVE-2018-1283)
Improper Input Validation (CVE-2019-11038)
Improper Privilege Management (CVE-2017-12635)
Improper Privilege Management (CVE-2017-15906)
Information Disclosure (CVE-2008-5161)
Information Disclosure (CVE-2017-5521)
Information Disclosure (CVE-2017-9788)
Information Disclosure (CVE-2018-1000600)
Information Disclosure (CVE-2018-10545)
Information Disclosure (CVE-2018-15132)
Information Disclosure (CVE-2018-3760)
Information Disclosure (CVE-2018-6910)
Information Disclosure (CVE-2018-7662)
Information Disclosure (CVE-2018-8770)
Insufficiently Protected Credentials (CVE-2019-16313)
Integer Overflow or Wraparound (CVE-2018-14883)
Interesting info detected
IP address detected
JAVA deserialization vulnerability in the Oracle WebLogic Server (CVE-2019-2729)
Loop with Unreachable Exit Condition (CVE-2018-10546)
NULL Pointer Dereference (CVE-2016-10708)
NULL Pointer Dereference (CVE-2017-3169)
NULL Pointer Dereference (CVE-2017-7659)
NULL Pointer Dereference (CVE-2018-19935)
Open port(s) identified
Open Redirect
OS Command Injection (CVE-2014-6271)
OS Command Injection (CVE-2018-19518)
OS Command Injection (CVE-2019-16663)
OS Command Injection (CVE-2019-20224)
OS Command Injection (CVE-2019-5127)
OS Command Injection (CVE-2019-5128)
OS Command Injection (CVE-2019-5129)
OS Command Injection (CVE-2020-7980)
Path Traversal (CVE-2017-16877)
Path Traversal (CVE-2019-16278)
Path Traversal (CVE-2019-19781)
Path Traversal (CVE-2019-3799)
Path Traversal (CVE-2020-5405)
Privilege Escalation (CVE-2019-0211)
ProFTPd bypass with SQL injection (CVE-2009-0543)
ProFTPd CPU consumption (CVE-2008-7265)
ProFTPd CPU consumption (CVE-2010-4755)
ProFTPd integer overflow (CVE-2011-1137)
ProFTPd restriction bypass (CVE-2009-3639)
Race Condition (CVE-2012-6095)
Remote Code Execution (CVE-2016-4977)
Remote Code Execution (CVE-2017-11610)
Remote code execution (CVE-2017-12629)
Remote Code Execution (CVE-2017-9841)
Remote Code Execution (CVE-2018-1000861)
Remote Code Execution (CVE-2018-19127)
Remote Code Execution (CVE-2019-10758)
Remote Code Execution (CVE-2019-11581)
Remote Code Execution (CVE-2019-16920)
Remote Code Execution (CVE-2019-7609)
Remote Code Execution (RCE)
Remote File Inclusion (RFI)
Session Fixation (CVE-2018-17199)
SQL Injection vulnerability detected(CVE-2017-8917)
SQL-injection
SQL-injection (CVE-2015-7297)
SQL-injection (CVE-2016-10134)
SQL-injection (CVE-2018-10735)
SQL-injection (CVE-2018-10736)
SQL-injection (CVE-2018-10737)
SQL-injection (CVE-2018-10738)
SQL-injection (CVE-2018-6605)
SQL-injection (CVE-2019-16996)
SQL-injection (CVE-2019-16997)
SQL-injection (CVE-2019-17418)
Strict-Transport-Security header is missing
Target ISP detected
Unauthorized Access
Unauthorized Access (CVE-2019-11510)
Unauthorized Access (CVE-2019-7238)
Unauthorized Access (CVE-2019-9637)
Unauthorized Access (CVE-2020-11710)
Uncontrolled Resource Consumption (CVE-2015-9253)
Uncontrolled Resource Consumption (CVE-2018-1333)
Unrestricted File Upload (CVE-2017-12615)
Use After Free (CVE-2017-9798)
Use After Free (CVE-2018-12882)
Use After Free (CVE-2019-0196)
Used server detected
Vulnerability in the Oracle WebLogic Server (CVE-2017-10271)
X-Content-Type-Options header is missing
X-Frame-Options header is missing
X-XSS-Protection header is missing
XML External Entity (CVE-2019-9670)
¶ Facts screenshot:
¶ Screenshots of results:
¶ Category:
In Development/PoC
¶ Audit Tags:
Aggressive, Enumerate, Exploit, Bruteforce, Vulnerability identification, Time consuming
¶ DISCLAIMER:
This program is used for educational and ethical purposes only. I take no responsibility for any damages caused from using this program. By downloading and using this software, you agree that you take full responsibility for any damages and liability.