Hidden parameters discovery suite written in Rust.
The tool aids in identifying hidden parameters that could potentially be vulnerable or reveal interesting functionality that may be missed by other testers. Its high accuracy is achieved through line-by-line comparison of pages, comparison of response codes, and reflections.
The documentation that explains every feature can be accessed at https://sh1yo.art/x8docs/. The source of the documentation is located at /docs.md.
- Fast.
- Offers flexible request configuration through the use of templates and injection points.
- Highly scalable, capable of checking thousands of URLs per run.
- Provides higher accuracy compared to similar tools, especially in difficult cases.
- Capable of discovering parameters with non-random values, such as admin=true.
- Highly configurable with a wide range of customizable options.
- Achieves almost raw requests through external library modification.
x8 -u "https://example.com/" -w <wordlist>
With default parameters:
x8 -u "https://example.com/?something=1" -w <wordlist>
/?something=1
equals to /?something=1&%s
x8 -u "https://example.com/" -X POST -w <wordlist>
Or with a custom body:
x8 -u "https://example.com/" -X POST -b '{"x":{%s}}' -w <wordlist>
%s
will be replaced with different parameters like {"x":{"a":"b3a1a", "b":"ce03a", ...}}