khanjanny
commented
5 months ago read the documentation, you can't use both --basic-crawler, and --url arguments same time.
just use : $./xray_linux_amd64 ws --basic-crawler https://simpus.jombangkab.go.id/ --plugins sqldet,xss --html-output airp.html
[INFO] 2024-01-23 14:53:31 [default:entry.go:226] Loading config file from config.yaml
Enabled plugins: [sqldet xss]
[INFO] 2024-01-23 14:53:34 [default:dispatcher.go:444] processing GET https://simpus.jombangkab.go.id No results(vulns or subdomains) found, html report will not be generated [] All pending requests have been scanned [] scanned: 1, pending: 0, requestSent: 8, latency: 49.67ms, failedRatio: 0.00% [INFO] 2024-01-23 14:53:35 [controller:dispatcher.go:573] controller released, task done wahid@PC-Cctv:~$ ./xray_linux_amd64 ws --basic-crawler --url https://simpus.jombangkab.go.id --plugins sqldet,xss --htm l-output airp.html
_.__. ___. .. \ \/ /\ \ / \ _ | | \ / | / / /_\ \ / | | / \ | | \/ | \ _ | \/\ \ || /\| / / ____/ _/ _/ _/ \/
Version: 1.9.11/eb0c331d/COMMUNITY
[INFO] 2024-01-23 14:53:54 [default:entry.go:226] Loading config file from config.yaml [!] Warning: you should use --html-output, --webhook-output or --json-output to persist your scan result [INFO] 2024-01-23 14:53:56 [basic-crawler:basic_crawler.go:138] allowed domains: [ .] [INFO] 2024-01-23 14:53:56 [basic-crawler:basic_crawler.go:139] disallowed domains: [google github .gov.cn .edu.cn chaitin .xray.cool] [WARN] 2024-01-23 14:53:56 [default:webscan.go:287] disable these plugins as that's not an advanced version, [shiro struts thinkphp fastjson]
Enabled plugins: [redirect xss brute-force cmd-injection path-traversal sqldet xxe xstream baseline upload jsonp dirscan ssrf phantasm crlf-injection]
[INFO] 2024-01-23 14:53:57 [phantasm:phantasm.go:185] 819 pocs have been loaded (debug level will show more details) These plugins will be disabled as reverse server is not configured, check out the reference to fix this error. Ref: https://docs.xray.cool/#/configration/reverse Plugins: poc-go-apache-log4j2-rce poc-go-weblogic-cve-2023-21839 poc-yaml-apache-druid-kafka-rce poc-yaml-apache-spark-rce-cve-2022-33891 poc-yaml-dlink-cve-2019-16920-rce poc-yaml-dotnetnuke-cve-2017-0929-ssrf poc-yaml-drawio-cve-2022-1713-ssrf poc-yaml-full-read-ssrf-in-spring-cloud-netflix poc-yaml-ghostscript-cve-2018-19475-rce poc-yaml-gitlab-cve-2021-22214-ssrf poc-yaml-httpd-ssrf-cve-2021-40438 poc-yaml-jenkins-cve-2018-1000600 poc-yaml-jira-cve-2019-11581 poc-yaml-jira-ssrf-cve-2019-8451 poc-yaml-keycloak-cve-2020-10770-ssrf poc-yaml-kibana-cve-2019-7609-rce poc-yaml-landray-oa-datajson-rce poc-yaml-lg-n1a1-nas-cnnvd-201607-467-rce poc-yaml-mongo-express-cve-2019-10758 poc-yaml-oracle-ebs-cve-2018-3167-ssrf poc-yaml-pandorafms-cve-2019-20224-rce poc-yaml-php-imap-cve-2018-19518-rce poc-yaml-ruanhong-oa-xxe poc-yaml-saltstack-cve-2020-16846 poc-yaml-solr-cve-2017-12629-xxe poc-yaml-spiderflow-save-remote-command-execute poc-yaml-spring-cloud-gateway-cve-2022-22947-rce poc-yaml-supervisord-cve-2017-11610 poc-yaml-wavlink-cve-2020-13117-rce poc-yaml-weblogic-cve-2017-10271 poc-yaml-yongyou-nc-iupdateservice-xxe poc-yaml-zoho-manageengine-adaudit-plus-cve-2022-28219-xxe ssrf/ssrf/default xstream/Arbitrary-File-Deletion/CVE-2020-26259 xstream/Arbitrary-File-Deletion/CVE-2021-21343 xstream/DoS/CVE-2021-21341 xstream/DoS/CVE-2021-21348 xstream/DoS/CVE-2021-39140 xstream/RCE(LDAP)/CVE-2021-21344 xstream/RCE(LDAP)/CVE-2021-39141 xstream/RCE(LDAP)/CVE-2021-39146 xstream/RCE/CVE-2013-7285 xstream/RCE/CVE-2020-26217 xstream/RCE/CVE-2021-21345 xstream/RCE/CVE-2021-21346 xstream/RCE/CVE-2021-21347 xstream/RCE/CVE-2021-21350 xstream/RCE/CVE-2021-21351 xstream/RCE/CVE-2021-39139 xstream/RCE/CVE-2021-39144 xstream/RCE/CVE-2021-39145 xstream/RCE/CVE-2021-39147 xstream/RCE/CVE-2021-39148 xstream/RCE/CVE-2021-39149 xstream/RCE/CVE-2021-39151 xstream/RCE/CVE-2021-39153 xstream/RCE/CVE-2021-39154 xstream/SSRF/CVE-2020-26258 xstream/SSRF/CVE-2021-21342 xstream/SSRF/CVE-2021-21349 xstream/SSRF/CVE-2021-39150 xstream/SSRF/CVE-2021-39152 xxe/xxe/blind
[INFO] 2024-01-23 14:53:57 [basic-crawler:basic_crawler.go:78] crawler stopped [INFO] 2024-01-23 14:53:57 [controller:dispatcher.go:553] wait for reverse server finished [INFO] 2024-01-23 14:54:00 [controller:dispatcher.go:573] controller released, task done