From d528ec38ae88d898f1fc0ad4d802573da4cf20b6 Mon Sep 17 00:00:00 2001 From: Machiavelli <145562237+MachiavelliII@users.noreply.github.com> Date: Wed, 7 May 2025 05:46:46 +0300 Subject: [PATCH] x8: add page (#16394) * x8: add page * Update x8.md path/to/headers.txt * Update x8.md URL encode path. * Update pages/common/x8.md Co-authored-by: Fazle Arefin * Update pages/common/x8.md Co-authored-by: Managor <42655600+Managor@users.noreply.github.com> --------- Co-authored-by: Fazle Arefin Co-authored-by: Managor <42655600+Managor@users.noreply.github.com> --- pages/common/x8.md | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 pages/common/x8.md diff --git a/pages/common/x8.md b/pages/common/x8.md new file mode 100644 index 0000000000..8577eff46b --- /dev/null +++ b/pages/common/x8.md @@ -0,0 +1,36 @@ +# x8 + +> A hidden parameters discovery suite for identifying vulnerable or interesting web parameters. +> More information: . + +- Check hidden parameters in a URL query: + +`x8 {{[-u|--url]}} {{https://example.com/}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}}` + +- Check parameters with a custom query injection point (`%s`): + +`x8 {{[-u|--url]}} {{https://example.com/?something=1%26%s}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}}` + +- Send parameters via POST body with JSON format: + +`x8 {{[-u|--url]}} {{https://example.com/}} {{[-X|--method]}} {{POST}} {{[-b|--body]}} {{'{"x":{%s}}'}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}}` + +- Check parameters with a custom template (`%k` for key, `%v` for value): + +`x8 {{[-u|--url]}} {{https://example.com/}} {{[-P|--param-template]}} {{user[%k]=%v}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}}` + +- Encode parameters for special characters in queries: + +`x8 {{[-u|--url]}} {{https://example.com/?path=..%2faction.php%3f%s%23}} --encode {{[-w|--wordlist]}} {{path/to/wordlist.txt}}` + +- Discover hidden headers for a URL: + +`x8 {{[-u|--url]}} {{https://example.com/}} --headers {{[-w|--wordlist]}} {{path/to/headers.txt}}` + +- Check multiple URLs in parallel with high concurrency and verify found parameters: + +`x8 {{[-u|--url]}} {{https://example.com/}} {{https://4rt.one/}} {{[-W|--workers]}} {{0}} -c {{3}} --verify` + +- Save request and response data for found parameters to a directory: + +`x8 {{[-u|--url]}} {{https://example.com/}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}} --save-responses {{path/to/output_dir}}`