XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic.
How Does it Work?
XRay is a very simple tool, it works this way:
+ It’ll bruteforce subdomains using a wordlist and DNS requests.
+ For every subdomain/ip found, it’ll use Shodan to gather open ports and other intel.
+ For every unique ip address, and for every open port, it’ll launch specific banner grabbers and info collectors.
+ Eventually the data is presented to the user on the web ui.
Grabbers and Collectors
+ HTTP Server, X-Powered-By and Location headers.
+ HTTP and HTTPS robots.txt disallowed entries.
+ HTTPS certificates chain.
+ HTML title tag.
+ DNS version.bind. and hostname.bind. records.
+ MySQL, SMTP, FTP, SSH, POP and IRC banners.
– Go >= 1.7or higher
git clone https://github.com/evilsocket/xray && cd xray
go get github.com/evilsocket/xray