xray扫描器简单爬取使用

Posted 2022-02-01 Hardworking666

win11在xray的安装目录打开powershell
输入.\\xr后tab补齐(.\\表示运行的意思)。
查看帮助：

...\\xray> .\\xray_windows_amd64.exe webscan -h

NAME:
    webscan - Run a webscan task

USAGE:
    webscan [command options] [arguments...]

OPTIONS:
   --list, -l                                     list plugins
   --plugins value, --plugin value, --plug value  specify the plugins to run, separated by ','
   --poc value, -p value                          specify the poc to run, separated by ','

   --listen value                                 use proxy resource collector, value is proxy addr, (example: 127.0.0.1:1111)
   --basic-crawler value, --basic value           use a basic spider to crawl the target and scan the requests
   --browser-crawler value, --browser value       use a browser spider to crawl the target and scan the requests
   --url-file value, --uf value                   read urls from a local file and scan these urls, one url per line
   --burp-file value, --bf value                  read requests from burpsuite exported file as targets
   --url value, -u value                          scan a **single** url
   --data value, -d value                         data string to be sent through POST (e.g. 'username=admin')
   --raw-request FILE, --rr FILE                  load http raw request from a FILE
   --force-ssl, --fs                              force usage of SSL/HTTPS for raw-request

   --json-output FILE, --jo FILE                  output xray results to FILE in json format
   --html-output FILE, --ho FILE                  output xray result to FILE in HTML format
   --webhook-output value, --wo value             post xray result to url in json format

按“上”键返回上一条命令，因为xray是单行输入。

我们选择basic-crawler，基本爬虫。结果放到result.html。ctrl+C暂停。

\\xray> .\\xray_windows_amd64.exe webscan --basic-crawler https://www.baidu.com/  --html-output result.html

当然，百度是没有漏洞的，爬了一会就触发百度的安全认证了。