x8 v3.0 beta1 releases: Hidden parameters discovery suite written in Rust

x8: Hidden parameters discovery suite written in Rust

The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss. Greater accuracy is achieved thanks to the line-by-line comparison of pages, comparison of response code, and reflections.

Features

• A lot of things to customize: key template, value template, encodings, and even injection points.
• Supports 6 main methods: GET, POST, PUT, PATCH, DELETE, HEAD.
• Has built-in 2 main body types: json, urlencode.
• Able to discover parameters with a not random value, like admin=true
• Compares responses line-by-line.
• Adds to every request cachebuster by default.

Changelog v3.0 beta1

• Improved –test flag
  Improved the calculating of the optimal number of parameters per request
  Some other fixes

  Now, x8 can work with headers as well!

  Discover header values:

  x8 -u https://example.com -w wordlist.txt -H "Cookie: %s"

  By default the parameter template is “%k=%v; ”

  Discover new headers:

  x8 -u https://example.com -w wordlist.txt --headers

Use

Example

Send parameters via query

With some default parameters:

/?something=1 equals to /?something=1&%s

Send parameters via body

Or with a custom body:

%s will be replaced with different parameters like {“x”:{“a”:”b3a1a”, “b”:”ce03a”, …}}

Custom template

Now every request would look like /?user[a]=hg2s4&user[b]=a34fa&…

It is even possible to imitate not included body types, for example, application/xml:

Variables

In the next example, something will take on new values for every request:

Percent encoding

Sometimes parameters should be encoded. It is also possible:

Download

Copyright (C) 2021 Sh1Yo