lilith/tldr
1
0
Fork 0
mirror of https://github.com/tldr-pages/tldr.git synced 2025-08-04 00:15:32 +02:00
Code Activity

x8: add page (#16394)

Browse source 
* x8: add page

* Update x8.md

path/to/headers.txt

* Update x8.md

URL encode path.

* Update pages/common/x8.md

Co-authored-by: Fazle Arefin <fazlearefin@users.noreply.github.com>

* Update pages/common/x8.md

Co-authored-by: Managor <42655600+Managor@users.noreply.github.com>

---------

Co-authored-by: Fazle Arefin <fazlearefin@users.noreply.github.com>
Co-authored-by: Managor <42655600+Managor@users.noreply.github.com>
This commit is contained in:
Machiavelli 2025-05-07 05:46:46 +03:00 committed by GitHub
parent 03d6647632
commit d528ec38ae
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 36 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
pages/common/x8.md Normal file
View file

@ -0,0 +1,36 @@
# x8
> A hidden parameters discovery suite for identifying vulnerable or interesting web parameters.
> More information: <https://sh1yo.art/x8docs/>.
- Check hidden parameters in a URL query:
`x8 {{[-u|--url]}} {{https://example.com/}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}}`
- Check parameters with a custom query injection point (`%s`):
`x8 {{[-u|--url]}} {{https://example.com/?something=1%26%s}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}}`
- Send parameters via POST body with JSON format:
`x8 {{[-u|--url]}} {{https://example.com/}} {{[-X|--method]}} {{POST}} {{[-b|--body]}} {{'{"x":{%s}}'}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}}`
- Check parameters with a custom template (`%k` for key, `%v` for value):
`x8 {{[-u|--url]}} {{https://example.com/}} {{[-P|--param-template]}} {{user[%k]=%v}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}}`
- Encode parameters for special characters in queries:
`x8 {{[-u|--url]}} {{https://example.com/?path=..%2faction.php%3f%s%23}} --encode {{[-w|--wordlist]}} {{path/to/wordlist.txt}}`
- Discover hidden headers for a URL:
`x8 {{[-u|--url]}} {{https://example.com/}} --headers {{[-w|--wordlist]}} {{path/to/headers.txt}}`
- Check multiple URLs in parallel with high concurrency and verify found parameters:
`x8 {{[-u|--url]}} {{https://example.com/}} {{https://4rt.one/}} {{[-W|--workers]}} {{0}} -c {{3}} --verify`
- Save request and response data for found parameters to a directory:
`x8 {{[-u|--url]}} {{https://example.com/}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}} --save-responses {{path/to/output_dir}}`