How Does it Work?
XRay is a very simple tool, it works this way:
- It’ll bruteforce subdomains using a wordlist and DNS requests.
- For every subdomain/ip found, it’ll use Shodan to gather open ports and other intel.
- For every unique ip address, and for every open port, it’ll launch specific banner grabbers and info collectors.
- Eventually the data is presented to the user on the web ui.
Grabbers and Collectors
- HTTP Server, X-Powered-By and Location headers.
- HTTP and HTTPS robots.txt disallowed entries.
- HTTPS certificates chain.
- HTML title tag.
- DNS version.bind. and hostname.bind. records.
- MySQL, SMTP, FTP, SSH, POP and IRC banners.