xray
xray is a powerful security assessment tool developed by Chaitin for detecting common web vulnerabilities. It supports scanning for issues including XSS, SQL injection, command and code injection, directory enumeration, path traversal, XXE, file upload flaws, weak passwords, and custom POC-based detection. xray can run in multiple modes: active crawling of a target site, passive scanning through an HTTP proxy that intercepts browser traffic, or one-shot scanning of a single URL. Users can enable or disable specific detection plugins per scan and export results in HTML, JSON, or plain text reports. The tool is distributed as prebuilt binaries and is not open source, though the repository hosts community-contributed POCs. A plugin repository provides additional open-source scripts in xray format. The broader xray 2.0 ecosystem includes xpoc, a fast supply chain vulnerability and emergency response tool, and xapp, a web fingerprinting utility for identifying technologies used by target sites. Before use, you mus