x8

all

A hidden parameters discovery suite for identifying vulnerable or interesting web parameters.

Options (6)

-u, --urlboolean

Check hidden parameters in a URL query

Example: x8 {{[-u|--url]}} {{https://example.com/}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}}

-w, --wordlistboolean

Check hidden parameters in a URL query

Example: x8 {{[-u|--url]}} {{https://example.com/}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}}

-X, --methodboolean

Send parameters via POST body with JSON format

Example:

x8 {{[-u|--url]}} {{https://example.com/}} {{[-X|--method]}} {{POST}} {{[-b|--body]}} '{{{"x":{%s\}\}}}' {{[-w|--wordlist]}} {{path/to/wordlist.txt}}

-b, --bodyboolean

Send parameters via POST body with JSON format

Example:

x8 {{[-u|--url]}} {{https://example.com/}} {{[-X|--method]}} {{POST}} {{[-b|--body]}} '{{{"x":{%s\}\}}}' {{[-w|--wordlist]}} {{path/to/wordlist.txt}}

-P, --param-templateboolean

Check parameters with a custom template (`%k` for key, `%v` for value)

Example:

x8 {{[-u|--url]}} {{https://example.com/}} {{[-P|--param-template]}} {{user[%k]=%v}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}}

-W, --workersboolean

Check multiple URLs in parallel with high concurrency and verify found parameters

Example: x8 {{[-u|--url]}} {{https://example.com/}} {{https://4rt.one/}} {{[-W|--workers]}} {{0}} -c {{3}} --verify

Check hidden parameters in a URL query

x8 [-u|--url] https://example.com/ [-w|--wordlist] path/to/wordlist.txt

Check parameters with a custom query injection point (`%s`)

x8 [-u|--url] https://example.com/?something=1%26%s [-w|--wordlist] path/to/wordlist.txt

Send parameters via POST body with JSON format

x8 [-u|--url] https://example.com/ [-X|--method] POST [-b|--body] '{{{"x":{%s\}\}}}' [-w|--wordlist] path/to/wordlist.txt

Check parameters with a custom template (`%k` for key, `%v` for value)

x8 [-u|--url] https://example.com/ [-P|--param-template] user[%k]=%v [-w|--wordlist] path/to/wordlist.txt

Encode parameters for special characters in queries

x8 [-u|--url] https://example.com/?path=..%2faction.php%3f%s%23 --encode [-w|--wordlist] path/to/wordlist.txt

Discover hidden headers for a URL

x8 [-u|--url] https://example.com/ --headers [-w|--wordlist] path/to/headers.txt

Check multiple URLs in parallel with high concurrency and verify found parameters

x8 [-u|--url] https://example.com/ https://4rt.one/ [-W|--workers] 0 -c 3 --verify

Save request and response data for found parameters to a directory

x8 [-u|--url] https://example.com/ [-w|--wordlist] path/to/wordlist.txt --save-responses path/to/output_directory