sh1yo / x8 Goto Github PK

After running this tool where can i get the requests which contains the below identified parameters. Can you please help me to understand this please.

x8 version:

[INF] Current Version: 4.2.0

Current Behavior:

If the application processes parameter names using a pattern, then x8 continues iterating without defining a pattern and assigns each found parameter that matches this pattern the status of a new found parameter.

Expected Behavior:

Determine the substring to which the server responds and stop brute force of words in the wordlist that have this substring if the parameter names on the page are retrieved using a pattern.

Steps To Reproduce:

x8 -u "https://mobi.yandex.com/support/direct/strategies/priority-goals.html"

Output Found: document, forgotpassword,formParams, form_token, format, formatdistribution, formatdown, formats, formatted_date, formatup,formautosave,formbuildertestmodel,formdata,formfactor,formid,formname,formsubmit,formtoken,formtype_db,formtype_db_x,formtype_mail,formtype_mail_x,lang,query,service

Here the substring is a prefix containing the word "form"

The server generates a response on the page for the keyword form by issuing an array for js called formParams:

"formParams":{"form_token":"ttt","format":"ttt","formatdistribution":"ttt","formatdown":"ttt","formats":"ttt","formatted_date":"ttt","formatup":"ttt","formautosave":"ttt","formbuildertestmodel":"ttt","formdata":"ttt","formfactor":"ttt","formid":"ttt","formname":"ttt","formsubmit":"ttt","formtoken":"ttt","formtype_db":"ttt","formtype_db_x":"ttt","formtype_mail":"ttt","formtype_mail_x":"ttt"},"service":{"metric_counters":["21

You can find the formParams array in the response by following the link below:

https://mobi.yandex.com/support/direct/strategies/priority-goals.html?form_token=ttt&format=ttt&formatdistribution=ttt&formatdown=ttt&formats=ttt&formatted_date=ttt&formatup=ttt&formautosave=ttt&formbuildertestmodel=ttt&formdata=ttt&formfactor=ttt&formid=ttt&formname=ttt&formsubmit=ttt&formtoken=ttt&formtype_db=ttt&formtype_db_x=ttt&formtype_mail=ttt&formtype_mail_x=ttt&lann=ttt

OS: Windows 10, Ubuntu 18.04

Kali Linux 2023.2 in VMware Workstation; Full updated

┌──(kali㉿kali)-[~/tools/x8]
└─$ rustup show
Default host: x86_64-unknown-linux-gnu
rustup home: /home/kali/.rustup

stable-x86_64-unknown-linux-gnu (default)
rustc 1.70.0 (90c541806 2023-05-31)

┌──(kali㉿kali)-[~/tools/x8]
└─$ cargo build --release
Updating git repository https://github.com/raw-http/http
Updating git repository https://github.com/raw-http/reqwest
Updating git repository https://github.com/raw-http/rust-url
Updating git repository https://github.com/raw-http/serde_urlencoded
Updating git repository https://github.com/raw-http/cookie_store
Updating git repository https://github.com/raw-http/h2
Updating git repository https://github.com/raw-http/http-body
Updating git repository https://github.com/raw-http/hyper
Updating git repository https://github.com/raw-http/hyper-rustls
Updating git repository https://github.com/raw-http/hyper-tls
Downloaded tokio-macros v1.8.2
Downloaded time-core v0.1.0
Downloaded futures-core v0.3.27
Downloaded openssl-macros v0.1.0
Downloaded data-encoding v2.3.3
Downloaded pkg-config v0.3.26
Downloaded futures-sink v0.3.27
Downloaded futures-task v0.3.27
Downloaded futures-executor v0.3.27
Downloaded futures-io v0.3.27
Downloaded getrandom v0.2.8
Downloaded futures-macro v0.3.27
Downloaded proc-macro-hack v0.5.20+deprecated
Downloaded quote v1.0.26
Downloaded time-macros v0.2.8
Downloaded log v0.4.17
Downloaded console v0.15.5
Downloaded futures-channel v0.3.27
Downloaded unicode-ident v1.0.8
Downloaded once_cell v1.17.1
Downloaded openssl-sys v0.9.83
Downloaded miniz_oxide v0.6.2
Downloaded ipnet v2.7.1
Downloaded futures v0.3.27
Downloaded indicatif v0.17.3
Downloaded serde_derive v1.0.158
Downloaded proc-macro2 v1.0.53
Downloaded tracing-core v0.1.30
Downloaded base64 v0.21.0
Downloaded flate2 v1.0.25
Downloaded async-compression v0.3.15
Downloaded serde v1.0.158
Downloaded portable-atomic v0.3.19
Downloaded tokio-util v0.7.7
Downloaded time v0.3.20
Downloaded aho-corasick v0.7.20
Downloaded mio v0.8.6
Downloaded serde_json v1.0.94
Downloaded futures-util v0.3.27
Downloaded syn v2.0.10
Downloaded openssl v0.10.48
Downloaded regex v1.7.3
Downloaded rustls v0.20.8
Downloaded regex-syntax v0.6.29
Downloaded tokio v1.26.0
Downloaded libc v0.2.140
Downloaded 46 crates (4.5 MB) in 1.15s
Compiling libc v0.2.140
Compiling proc-macro2 v1.0.53
Compiling unicode-ident v1.0.8
Compiling quote v1.0.26
Compiling autocfg v1.1.0
Compiling cfg-if v1.0.0
Compiling syn v1.0.109
Compiling memchr v2.5.0
Compiling log v0.4.17
Compiling cc v1.0.79
Compiling pin-project-lite v0.2.9
Compiling futures-core v0.3.27
Compiling lock_api v0.4.9
Compiling smallvec v1.10.0
Compiling once_cell v1.17.1
Compiling parking_lot_core v0.9.7
Compiling scopeguard v1.1.0
Compiling bytes v1.4.0
Compiling tokio v1.26.0
Compiling slab v0.4.8
Compiling futures-sink v0.3.27
Compiling futures-channel v0.3.27
Compiling futures-task v0.3.27
Compiling socket2 v0.4.9
Compiling signal-hook-registry v1.4.1
Compiling mio v0.8.6
Compiling num_cpus v1.15.0
Compiling parking_lot v0.12.1
Compiling syn v2.0.10
Compiling futures-util v0.3.27
Compiling itoa v1.0.6
Compiling futures-io v0.3.27
Compiling tinyvec_macros v0.1.1
Compiling pin-utils v0.1.0
Compiling tinyvec v1.6.0
Compiling ring v0.16.20
Compiling unicode-bidi v0.3.13
Compiling pkg-config v0.3.26
Compiling spin v0.5.2
Compiling fnv v1.0.7
Compiling untrusted v0.7.1
Compiling http v0.2.8 (https://github.com/raw-http/http#399dc9e6)
Compiling tracing-core v0.1.30
Compiling openssl-sys v0.9.83
Compiling unicode-normalization v0.1.22
error: failed to run custom build command for openssl-sys v0.9.83

Caused by:
process didn't exit successfully: /home/kali/tools/x8/target/release/build/openssl-sys-c887e3d82287a627/build-script-main (exit status: 101)
--- stdout
cargo:rustc-cfg=const_fn
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR
X86_64_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR unset
cargo:rerun-if-env-changed=OPENSSL_LIB_DIR
OPENSSL_LIB_DIR unset
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_INCLUDE_DIR
X86_64_UNKNOWN_LINUX_GNU_OPENSSL_INCLUDE_DIR unset
cargo:rerun-if-env-changed=OPENSSL_INCLUDE_DIR
OPENSSL_INCLUDE_DIR unset
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR
X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR unset
cargo:rerun-if-env-changed=OPENSSL_DIR
OPENSSL_DIR unset
cargo:rerun-if-env-changed=OPENSSL_NO_PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG_x86_64-unknown-linux-gnu
cargo:rerun-if-env-changed=PKG_CONFIG_x86_64_unknown_linux_gnu
cargo:rerun-if-env-changed=HOST_PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG
cargo:rerun-if-env-changed=OPENSSL_STATIC
cargo:rerun-if-env-changed=OPENSSL_DYNAMIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_STATIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_DYNAMIC
cargo:rerun-if-env-changed=PKG_CONFIG_PATH_x86_64-unknown-linux-gnu
cargo:rerun-if-env-changed=PKG_CONFIG_PATH_x86_64_unknown_linux_gnu
cargo:rerun-if-env-changed=HOST_PKG_CONFIG_PATH
cargo:rerun-if-env-changed=PKG_CONFIG_PATH
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_x86_64-unknown-linux-gnu
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_x86_64_unknown_linux_gnu
cargo:rerun-if-env-changed=HOST_PKG_CONFIG_LIBDIR
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_x86_64-unknown-linux-gnu
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_x86_64_unknown_linux_gnu
cargo:rerun-if-env-changed=HOST_PKG_CONFIG_SYSROOT_DIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR
run pkg_config fail: PKG_CONFIG_ALLOW_SYSTEM_CFLAGS="1" "pkg-config" "--libs" "--cflags" "openssl" did not exit successfully: exit status: 1
error: could not find system library 'openssl' required by the 'openssl-sys' crate

--- stderr
Package openssl was not found in the pkg-config search path.
Perhaps you should add the directory containing `openssl.pc'
to the PKG_CONFIG_PATH environment variable
Package 'openssl', required by 'virtual:world', not found

--- stderr
thread 'main' panicked at '

Could not find directory of OpenSSL installation, and this -sys crate cannot
proceed without this knowledge. If OpenSSL is installed and this crate had
trouble finding it, you can set the OPENSSL_DIR environment variable for the
compilation process.

Make sure you also have the development packages of openssl installed.
For example, libssl-dev on Ubuntu or openssl-devel on Fedora.

If you're in a situation where you think the directory should be found
automatically, please open a bug at https://github.com/sfackler/rust-openssl
and include information about your system as well as this message.

$HOST = x86_64-unknown-linux-gnu
$TARGET = x86_64-unknown-linux-gnu
openssl-sys = 0.9.83

', /home/kali/.cargo/registry/src/index.crates.io-6f17d22bba15001f/openssl-sys-0.9.83/build/find_normal.rs:190:5
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
warning: build failed, waiting for other jobs to finish...

Привет Hope you are doing well.

For use cases where all URL query is reflected back in the response, Like in below php code which dumps all the query parameters.

<?php

  echo "Test";
  print_r($_GET);

?>

Currently this isn't getting detected. I was expecting it to show that all parameters in the wordlist are reflecting back, But the output was empty. To check for these a random unusual parameter should be sent and check if it gets reflected back (may be stop further probes in that case).

--
Regards,
@bugbaba

beside reading wordlist from file, making x8 to read it from stdin would make it easier to pipe with other tools (like when you pipe commands to create a bug-bounty automation script). we can have it by checking --wordlist flag, if filename provided after the flag, x8 would read the file and consider it as the wordlist file. otherwise it'll read words from stdin. sth like this:

$ x8 -u "https://example.com/" --wordlist <wordlist file>
$ echo 'word1\nword2\nword3' | x8 -u "https://example.com/" --wordlist

If you agree with it, I would be really happy to work on it and send a PR.

I noticed that the output is not saved to the file from time to time when using --output <file> param (but the discovered query-param is printed to STDOUT). Also this depends on URL being tested. For the provided URL, I noticed that on the second-third run the output file gets empty.

OS: Amazon Linux

Steps to reproduce:

$ ./x8 -u "https://manage.nba.com/wp-login.php" --learn-requests 1  --output temp.txt
urls:         https://manage.nba.com/wp-login.php
methods:      GET
wordlist len: 0

GET https://manage.nba.com/wp-login.php?%s (200) [45359] {0}
[~] The page is not stable (body)
reflects: redirect_to

GET https://manage.nba.com/wp-login.php % redirect_to

$ cat temp.txt 
GET https://manage.nba.com/wp-login.php % redirect_to

$ ./x8 -u "https://manage.nba.com/wp-login.php" --learn-requests 1  --output temp.txt
urls:         https://manage.nba.com/wp-login.php
methods:      GET
wordlist len: 0

GET https://manage.nba.com/wp-login.php?%s (200) [45360] {0}
[~] The page is not stable (body)
reflects: redirect_to

GET https://manage.nba.com/wp-login.php % redirect_to

$ cat temp.txt 
# empty. 

Hello Sh1Yo,

Just read the article about x8 and I'm interested to test it out. although in my first glance I saw that there are 2 needs in this tool.

• The text output is not really useful as if we want to quickly check or if we want to pipe into other tools, it would be nicer to have it as a set of parameters and chunks.

So in this case instead of something like:

GET https://redacted.com/endpoint?%s % code, email, userid

We can have:

https://redacted.com/endpoint?code=123&email=456&userid=789

Which is way easier to use in the future.

• The input file support so we can use a list of URLs as an input.

Thanks for the nice tool :)

Kind Regards,
HolyBugx

gHello, first thank you very much for your tool.

I got a lot of bountys on hackerone (https://hackerone.com/arthuraires), I would like to share a case that might be a future implementation.

X8 noticed that a parameter modified the page's response, in case the parameter was reflected in uppercase, it didn't put it as reflected only as responsible for changing the number of items on the page.

So adding an add comparison with the uppercase string can increase the detection rate.

Thanks for listening!

I use simple command :
x8 -u http://testphp.vulnweb.com/search.php -X GET -w /mnt/e/wlist/large.txt
result :
urls: http://testphp.vulnweb.com/search.php
methods: GET
wordlist len: 25890

GET http://testphp.vulnweb.com/search.php?%s (200) [5092] {0}
[info] Amount of parameters per request - 256

GET http://testphp.vulnweb.com/search.php %

wordlist:
large.txt

Hi, thanks for this great script. I'm running your script through bash script. I got this error, is this something related to x8 or my bash script?

Thanks

In rare cases, a server can return a JSON body with a new order of parameters for every request. The tool fails to properly compare such responses.

I'll add a temporary solution that sorts the json fields when necessary, but in long term the tool should traverse the full json tree and compare its fields on its own.

Great tool,

Can you add a regex filter for JSON parameters.
e.g regex-positive to look for regex if the json endpoint is available and regex-negative to exclude all those parameters if endpoint is unavailable.

hi
i'm using the following command:

x8 -u https://example.com -o output.txt -O url -w params.txt -m 25 --follow-redirects --verbose 2 --reflected-only --verify

but after finishing the scan , the output.txt file is empty and the results are not saved in the file , i'm using the latest version(4.2.2)

i'd appericate it if you can help me out!

hello am getting this issues when i run this tool against a target, please can you help ...???

thread 'main' panicked at src/network/request.rs:323:58:
called Result::unwrap() on an Err value: http::Error(InvalidUri(TooLong))
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

Hello,

danger_disable_hostname_verification() some website use old ssl cert or wrong ..etc
better use this func thank you

reqwest::Error { kind: Request, url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Ipv4(555)), port: None, path: "", query: Some(""), fragment: None }, source: hyper::Error(Connect, Custom { kind: Other, error: "invalid dnsname" }) }

I have installed but having issue to run.

Hello dear ;
When I want to install x8, I face such a problem and I also have openssl3, which I put at the end of the specification page,

➜ ~ pacman -S x8
sudo: unable to resolve host (my host provider name): Name or service not known
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package x8

and:
➜ ~ pacman -S x8
sudo: unable to resolve host (my host provider name): Name or service not known
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package x8

"OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
built on: Thu Oct 27 17:06:56 2022 UTC
platform: debian-amd64
options: bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -ffile-prefix-map=/build/openssl-WsPfAX/openssl-3.0.2=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_TLS_SECURITY_LEVEL=2 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
OPENSSLDIR: "/usr/lib/ssl"
ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-3"
MODULESDIR: "/usr/lib/x86_64-linux-gnu/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0xfffa32034f8bffff:0x9c4fbb"

Thank you.

Привет :)

Currently, the tooling only mentions the reason a potential parameter is detected in the stdout only. It would be really helpful in cases where a user has multiple output files from the past to see which parameter was detected to reflecting back vs changing in response code, etc.

Current output format

{"method":"GET", "url":"http://ffuf.me/cd/param/data", "parameters":["debug"]}

Desired output format

{
   "method": "GET",
    "url": "http://ffuf.me/cd/param/data",
    "parameters" : [
        {
            "param": "debug",
            "reason": "Different response code: 400 -> 200"
        }
    ]
}

So instead of just sending parameter names to futures_data, also send the message that was sent to writeln
https://github.com/Sh1Yo/x8/blob/main/src/logic.rs#L216

--
Regards,
@bugbaba

Some servers may cut a connection in case uri was too long. The tool currently unable to detect these cases and thinks that the server is down.

Hi

Love your tools! Could you consider adding a cache poisoning check in Search for Headers mode? It'd be a game-changer.

Thanks

Cargo version:

cargo 1.46.0

After doing git clone https://github.com/Sh1Yo/x8 (current commit: 5cd05be)
And trying to build it using cargo build --release i get following error log:

cargo build --release
    Updating crates.io index
    Updating git repository `https://github.com/raw-http/http`
    Updating git repository `https://github.com/raw-http/reqwest`
    Updating git repository `https://github.com/raw-http/rust-url`
    Updating git repository `https://github.com/raw-http/serde_urlencoded`
    Updating git repository `https://github.com/raw-http/cookie_store`
    Updating git repository `https://github.com/raw-http/h2`
    Updating git repository `https://github.com/raw-http/http-body`
    Updating git repository `https://github.com/raw-http/hyper`
error: failed to get `hyper` as a dependency of package `reqwest v0.11.11 (https://github.com/raw-http/reqwest#61fbb332)`
    ... which is depended on by `x8 v4.1.0 (/home/ffe4/x8)`

Caused by:
  failed to load source for dependency `hyper`

Caused by:
  Unable to update https://github.com/raw-http/hyper#9202aaae

Caused by:
  object not found - no match for id (9202aaae7b2a7962113837769324cf5f546872a7); class=Odb (9); code=NotFound (-3)

Hi,

i see the current argument -u which is accepting url as input.
so could it support -file for example for multiple URLs per file.

One more thing as temp workaround i'm running it via xargs loop BUT unfortunately it dose not append output it's overwrite the previous output

xargs -n1 -P 10 -I {} sh -c "x8 -u {} -O url -o out-x8.txt -c 50" < file-urls.txt

the problem with that loop it dose not append the found results to out-x8.txt

Issue Description:

It would be useful to have the ability to check both headers and parameters in one run. Currently, users have to specify either a wordlist for parameters or a wordlist for headers, but not both at the same time.

Proposal:

To solve this issue, a new option can be added that allows users to specify two separate wordlists, one for parameters and one for headers. This option can be specified like so: -w params:params.txt headers:headers.txt

With this new option, users can run a single command to check for vulnerabilities in both headers and parameters simultaneously, improving the efficiency and effectiveness of the security testing process.

Implementation:

The implementation of this feature would require modifying the existing codebase to accept the new command-line option and process the separate wordlists for headers and parameters accordingly. This would involve changes to the parsing and handling of the command-line arguments, as well as modifications to the parameter scanning logic.

Benefits:

The proposed feature would provide a significant improvement in the parameter searchhing process by allowing users to check both headers and parameters in a single run. This would save time and effort compared to running separate scans for each type of input, and would improve the accuracy of parameter detection by checking both types of input simultaneously.

Привет, Burp стоит на 11 винде\64 - скачал для винды x86-windown-x8.zip у тебя с репы - неработает из-за рязрядности винды? спс

amazing tool, really
could you add support to output the request as raw so it can be imported directly to any other tool?
example

POST /someendpoint HTTP/1.1
Host: example.com
Connection: close
Accept: */*
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103
Content-Type: application/json

{...discovered params here}

Thanks

which word list is good fir parameter discovery

Hi,
i am trying to test effective of using it to enumerate hidden params either in POST or GET request.
so i am running the following command but did not get the desired output as i am getting it from other tools.

x8 -u "http://testphp.vulnweb.com/login.php" -X GET --as-body -w ~/tools/Arjun/arjun/db/params.txt -O request -o x8-get.txt

or even POST request !!

Right now, the tool is only using one CPU thread at most, which can cause delays when working with large HTML pages.
To speed things up, consider adding the --multithreading parameter, which will distribute tasks across multiple CPU threads simultaneously.
This should help improve performance and make the tool more efficient when working with larger pages.

thanks, for your effort and for such a great tool.

it will be amazing to make it support CLI piping

on the new update adding -v 0 still shows a lot of verbosity output.

it would be great to have this

echo 'https://test.eg.com/endp'|x8 -v 0

the result shows the URL with the founded parameter.

currently, there isn't any parameter discovery tool that has this feature.

Caused by:
process didn't exit successfully: /root/tools/request_smuggler/target/release/build/openssl-sys-ce7101818d3ca5e6/build-script-main (exit status: 101)
--- stdout
cargo:rustc-cfg=const_fn
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR
X86_64_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR unset
cargo:rerun-if-env-changed=OPENSSL_LIB_DIR
OPENSSL_LIB_DIR unset
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_INCLUDE_DIR
X86_64_UNKNOWN_LINUX_GNU_OPENSSL_INCLUDE_DIR unset
cargo:rerun-if-env-changed=OPENSSL_INCLUDE_DIR
OPENSSL_INCLUDE_DIR unset
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR
X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR unset
cargo:rerun-if-env-changed=OPENSSL_DIR
OPENSSL_DIR unset
cargo:rerun-if-env-changed=OPENSSL_NO_PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG_x86_64-unknown-linux-gnu
cargo:rerun-if-env-changed=PKG_CONFIG_x86_64_unknown_linux_gnu
cargo:rerun-if-env-changed=HOST_PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG
cargo:rerun-if-env-changed=OPENSSL_STATIC
cargo:rerun-if-env-changed=OPENSSL_DYNAMIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_STATIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_DYNAMIC
cargo:rerun-if-env-changed=PKG_CONFIG_PATH_x86_64-unknown-linux-gnu
cargo:rerun-if-env-changed=PKG_CONFIG_PATH_x86_64_unknown_linux_gnu
cargo:rerun-if-env-changed=HOST_PKG_CONFIG_PATH
cargo:rerun-if-env-changed=PKG_CONFIG_PATH
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_x86_64-unknown-linux-gnu
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_x86_64_unknown_linux_gnu
cargo:rerun-if-env-changed=HOST_PKG_CONFIG_LIBDIR
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_x86_64-unknown-linux-gnu
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_x86_64_unknown_linux_gnu
cargo:rerun-if-env-changed=HOST_PKG_CONFIG_SYSROOT_DIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR
run pkg_config fail: "Could not run \"pkg-config\" \"--libs\" \"--cflags\" \"openssl\"\nThe pkg-config command could not be found.\n\nMost likely, you need to install a pkg-config package for your OS.\nTry apt install pkg-config, or yum install pkg-config,\nor pkg install pkg-config depending on your distribution.\n\nIf you've already installed it, ensure the pkg-config command is one of the\ndirectories in the PATH environment variable.\n\nIf you did not expect this build to link to a pre-installed system library,\nthen check documentation of the openssl-sys crate for an option to\nbuild the library from source, or disable features or dependencies\nthat require pkg-config."

--- stderr
thread 'main' panicked at '

Could not find directory of OpenSSL installation, and this -sys crate cannot
proceed without this knowledge. If OpenSSL is installed and this crate had
trouble finding it, you can set the OPENSSL_DIR environment variable for the
compilation process.

Make sure you also have the development packages of openssl installed.
For example, libssl-dev on Ubuntu or openssl-devel on Fedora.

If you're in a situation where you think the directory should be found
automatically, please open a bug at https://github.com/sfackler/rust-openssl
and include information about your system as well as this message.

$HOST = x86_64-unknown-linux-gnu
$TARGET = x86_64-unknown-linux-gnu
openssl-sys = 0.9.72

It looks like you're compiling on Linux and also targeting Linux. Currently this
requires the pkg-config utility to find OpenSSL but unfortunately pkg-config
could not be found. If you have OpenSSL installed you can likely fix this by
installing pkg-config.

', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-sys-0.9.72/build/find_normal.rs:180:5
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
warning: build failed, waiting for other jobs to finish...
error: build failed

thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: reqwest::Error { kind: Builder, source: Custom { kind: Other, error: "error reading DNS system conf: Error parsing resolv.conf: InvalidIp(35, AddrParseError)" } }', src/main.rs:98:33 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Parameter discovery

I save the results of the program as -o results.txt. but if there is no parameter in a url address, it writes the same url address without parameters to the output file. I don't understand why you set it this way. If no parameter is found, it doesn't make much sense to add it to the output file. If you examine both this problem and the other issue(https://github.com/Sh1Yo/x8/issues/24) I created and update the program, the program will be much better.

Would you please add a flag for filtering specific response code ( like 404, 400 etc)?

Hy, I love your tool can you add header and cookie bruteforce also? It will replace param miner and other tools also

So Request Of Burp Suite Was

GET / HTTP/2
Host: www.google.com
Cookie: ******

So When Use Burp Suite Extension "Send To" , x8 Will Parse The Request Like That

GET https://www.google.com HTTP/2
Host: www.google.com
Cookie: ******

So If You Tried Send This Request By Using Burp , You Will Get This Response

HTTP/2 400 Bad Request
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1555

So Every Request Sent By x8 Not Correct So x8 Should Send Request Like This

GET / HTTP/2
Host: www.google.com
Cookie: ******

To https://www.google.com Not

GET https://www.google.com HTTP/2
Host: www.google.com
Cookie: ******

To https://www.google.com

Hello,

I have been trying to use the --replay-proxy but without any success
Example : x8 -u 'https://www.test.com' -X GET POST -c 20 -w parameters-lowercase-all.txt --replay-proxy http://127.0.0.1:8080

wondering if there is an issue with the foonctionality or if i am using it wrong

Kr

What does changes reflections mean?
changes reflections: utm_content

Hi,I tried to run x8 and i got this:builder error: error reading DNS system conf: Error parsing resolv.conf: InvalidDirective(0)
How to fix?
System: Ubuntu

[2024-04-25T13:23:46Z ERROR rustls::conn] TLS alert received: AlertMessagePayload {
        level: Fatal,
        description: HandshakeFailure,
    }

@Sh1Yo Add --insecure option to Disable certificate verification

I've no idea what is this, any suggestions to rectify this?

I Download The Zip File but I dont know how run x8 in Kali Linux

it says command not Found

when it comes to piping commands in order to read the word list (file & stdin), doing it asynchronously would be more efficient. consider sth like CeWL which extracts words from a website and creates a word list. so instead of waiting for the whole output we can read them asynchronously as they're generated.
I guess this can be done with little effort as x8 itself has an async architecture.

Hi, i want to install x8 (i use aarch64) (cargo install x8)
but i got this error:

error: cannot find derive macro `Serialize` in this scope
  --> /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/x8-4.3.0/src/network/utils.rs:47:39
   |
47 | #[derive(Debug, Clone, PartialEq, Eq, Serialize, Copy)]
   |                                       ^^^^^^^^^
   |
note: `Serialize` is imported here, but it is only a trait, without a derive macro
  --> /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/x8-4.3.0/src/network/utils.rs:7:5
   |
7  | use serde::Serialize;
   |     ^^^^^^^^^^^^^^^^

error: cannot find derive macro `Serialize` in this scope
  --> /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/x8-4.3.0/src/runner/output.rs:15:17
   |
15 | #[derive(Debug, Serialize)]
   |                 ^^^^^^^^^
   |
note: `Serialize` is imported here, but it is only a trait, without a derive macro
  --> /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/x8-4.3.0/src/runner/output.rs:1:5
   |
1  | use serde::Serialize;
   |     ^^^^^^^^^^^^^^^^

error: cannot find attribute `serde` in this scope
  --> /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/x8-4.3.0/src/runner/output.rs:35:7
   |
35 |     #[serde(skip_serializing)]
   |       ^^^^^
   |
   = note: `serde` is in scope, but it is a crate, not an attribute

error: cannot find attribute `serde` in this scope
  --> /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/x8-4.3.0/src/runner/output.rs:39:7
   |
39 |     #[serde(skip_serializing)]
   |       ^^^^^
   |
   = note: `serde` is in scope, but it is a crate, not an attribute

error: cannot find derive macro `Serialize` in this scope
  --> /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/x8-4.3.0/src/runner/utils.rs:27:39
   |
27 | #[derive(Debug, Clone, PartialEq, Eq, Serialize)]
   |                                       ^^^^^^^^^
   |
note: `Serialize` is imported here, but it is only a trait, without a derive macro
  --> /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/x8-4.3.0/src/runner/utils.rs:8:5
   |
8  | use serde::Serialize;
   |     ^^^^^^^^^^^^^^^^

error: cannot find derive macro `Serialize` in this scope
  --> /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/x8-4.3.0/src/runner/utils.rs:35:24
   |
35 | #[derive(Debug, Clone, Serialize)]
   |                        ^^^^^^^^^
   |
note: `Serialize` is imported here, but it is only a trait, without a derive macro
  --> /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/x8-4.3.0/src/runner/utils.rs:8:5
   |
8  | use serde::Serialize;
   |     ^^^^^^^^^^^^^^^^

error[E0277]: the trait bound `RunnerOutput: Serialize` is not satisfied
    --> /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/x8-4.3.0/src/runner/output.rs:144:36
     |
144  |             serde_json::to_string(&self).unwrap()
     |             ---------------------  ^^^^ the trait `Serialize` is not implemented for `RunnerOutput`
     |             |
     |             required by a bound introduced by this call
     |
     = help: the following other types implement trait `Serialize`:
               &'a T
               &'a mut T
               ()
               (T0, T1)
               (T0, T1, T2)
               (T0, T1, T2, T3)
               (T0, T1, T2, T3, T4)
               (T0, T1, T2, T3, T4, T5)
             and 132 others
     = note: required for `Vec<RunnerOutput>` to implement `Serialize`
     = note: 1 redundant requirement hidden
     = note: required for `&Vec<RunnerOutput>` to implement `Serialize`
note: required by a bound in `serde_json::to_string`
    --> /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/serde_json-1.0.97/src/ser.rs:2145:17
     |
2145 |     T: ?Sized + Serialize,
     |                 ^^^^^^^^^ required by this bound in `to_string`

For more information about this error, try `rustc --explain E0277`.
error: could not compile `x8` (lib) due to 7 previous errors
warning: build failed, waiting for other jobs to finish...
error: failed to compile `x8 v4.3.0`, intermediate artifacts can be found at `/tmp/cargo-installZuluBu`

5/18 thread 'main' panicked at 'called Result::unwrap() on an Err value: http::Error(InvalidHeaderName)

Is possible to override this error? Or maybe a flag to clean the wordlist before bf starting?

Thank you

Hello Sir,

How to solve this issue in ARCH LINUX, Please help :-)
#####################################################################################################
$ sudo pacman -S x8
[sudo] password for cyberghazi786:
error: could not register 'multilib' database (database already registered)
error: could not register 'multilib' database (database already registered)
error: could not register 'multilib' database (database already registered)
error: could not register 'multilib' database (database already registered)
resolving dependencies...
looking for conflicting packages...

Package (1) New Version Net Change

blackarch/x8 113.5f3b3cd-1 7.59 MiB

Total Installed Size: 7.59 MiB

:: Proceed with installation? [Y/n] Y
(1/1) checking keys in keyring [--------------------------------] 100%
(1/1) checking package integrity [--------------------------------] 100%
(1/1) loading package files [--------------------------------] 100%
(1/1) checking for file conflicts [--------------------------------] 100%
:: Processing package changes...
(1/1) installing x8 [--------------------------------] 100%
:: Running post-transaction hooks...
(1/1) Arming ConditionNeedsUpdate...
[cyberghazi786@cyberghazi786-vmwarevirtualplatform bin]$ x8
x8: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

#######################################################################################################

', /home/kali/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-sys-0.9.72/build/find_normal.rs:180:5
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
warning: build failed, waiting for other jobs to finish...
error: build failed

Hi

This project looks great. I was interested in using it, but it doesn't seem like it supports scanning multiple URLs in one go. I understand you can probably just create a bash loop, but then you end up with tons of output files instead of one, without a simple way of combining them (like JSON files).

hello. thanks for this project... i have targets.txt .. I couldn't find a parameter where it can read all url addresses with file. With the -u parameter, I cannot manually type all the url addresses one by one. please reply if you know a way to read url addresses from list. If there is no such feature, can you add this feature?