Master Vulnerability Scanning: Xray, X‑Scan, AppScan & Nessus Quick‑Start Guide

What is vulnerability scanning?

Vulnerability scanning is the process of detecting security weaknesses in remote or local computer systems by comparing against a vulnerability database.

Xray – a popular penetration testing scanner

Xray supports Windows, macOS and Linux. It is not open‑source; download the binary from its GitHub releases. The tool bundles community‑contributed PoCs and automatically packages new releases.

Download: Releases · chaitin/xray · GitHub

Quick usage

Before using, read and accept the license.

1. Scan a site with a basic crawler:

xray webscan --basic-crawler http://example.com --html-output vuln.html

2. Passive scan via HTTP proxy:

xray webscan --listen 127.0.0.1:7777 --html-output proxy.html

Set your browser proxy to http://127.0.0.1:7777 to let Xray analyze traffic.

3. Scan a single URL without crawling:

xray webscan --url http://example.com/?a=b --html-output single-url.html

4. Specify plugins for a run (default enables all built‑in plugins):

xray webscan --plugins cmd-injection,sqldet --url http://example.com

5. Export results:

xray webscan --url http://example.com/?a=b --text-output result.txt --json-output result.json --html-output report.html

X‑Scan

X‑Scan is a free, portable web scanner that offers both GUI and CLI and supports Chinese and English interfaces.

Project: https://github.com/XTeam-Wing/X-Scan

AppScan

IBM AppScan is a web security scanner that uses a crawler to test sites and provides reports and remediation suggestions.

Nessus

Nessus is a widely used system vulnerability scanner. Obtain an activation code from the official website, download the appropriate package, install Nessus Essentials, enter the activation code, set a username and password, then add scan targets and run scans.