xray is a powerful security assessment tool, built by a number of experienced frontline security practitioners, the main features are:

The detection speed is fast . The packet sending speed is fast; the vulnerability detection algorithm is efficient.
Wide range of support . It can support everything from OWASP Top 10 general vulnerability detection to various CMS framework POCs.
Code quality is high . The personnel who write the code are of high quality, and the reliability of the code is improved through multi-layer verification such as Code Review, unit testing, and integration testing.
Advanced customizable . Various parameters of the engine are exposed through the configuration file, and functions can be greatly customized by modifying the configuration file.
No threat to safety . xray is positioned as a security auxiliary assessment tool, not an attack tool, and all built-in payloads and pocs are harmless checks.
Currently supported vulnerability detection types include:

XSS vulnerability detection (key: xss)
SQL injection detection (key: sqldet)
Command/Code Injection Detection (key: cmd-injection)
Directory enumeration (key: dirscan)
Path traversal detection (key: path-traversal)
XML entity injection detection (key: xxe)
File upload detection (key: upload)
Weak password detection (key: brute-force)
jsonp detection (key: jsonp)
ssrf detection (key: ssrf)
Baseline check (key: baseline)
Arbitrary jump detection (key: redirect)
CRLF injection (key: crlf-injection)
Struts2 series vulnerability detection (advanced version, key: struts)
Thinkphp series vulnerability detection (advanced version, key: thinkphp)
POC framework (key: phantasm)
Among them, the POC framework has built-in POCs contributed on Github by default, and users can also build and run POCs by themselves as needed.

design concept
Send the fewest packets to do the best detection.

If a request can be confident that a vulnerability exists, make a request. If two vulnerable environments can be detected with the same payload, then don't split into two.

Allows a certain amount of false positives in exchange for increased scanning speed

Vulnerability detection tools cannot cover everything, and false positives must be selected in the selection of false negatives and false positives. If the false positives are found to be serious in use, feedback can be made.

Try not to use time blind injection and other mechanisms to detect vulnerabilities.

Time detection is affected by many and uncontrollable factors, and may affect the operation of other plugins. Therefore, unless necessary (such as sql), try to use a time-independent payload.

Try not to use touch typing platforms

If a vulnerability can be detected by echo detection, use echo detection, because the touch typing platform increases the uncertainty and complexity of the vulnerability detection process.

Time-consuming operations are handled with caution

The global use of Context for management will not cause the global to be stuck due to a certain request.

Simple Architecture
Understanding the overall architecture of xray can better understand the settings of cli and configuration files, so that everyone can use it better.

On the whole, tools such as scanners are roughly composed of three parts:

source processing
Vulnerability detection
result output
source processing
The function of this part is the entrance of the entire vulnerability detection. In xray, we define 5 entrances, which are

HTTP passive proxy
Simple crawler
a single URL
file with URL list
A single raw HTTP request file
Vulnerability detection
This part is the core function of the engine and is used to process the standardized requests generated by the previous source processing part. Users can enable plug-ins in a targeted manner, configure parameters for scanning plug-ins, configure HTTP-related parameters, and so on.

result output
Vulnerability scanning and runtime status are collectively referred to as result output, and xray defines the following output methods:

Stdout (screen output, enabled by default)
JSON file output
HTML report output
Webhook output
Just keep these three parts in mind while using xray, and all command line usage will seem straightforward. Let's hit the road.