LinuxCommandLibrary

x8

Hidden web parameter discovery tool

TLDR

Find hidden parameters

$ x8 -u [https://example.com/page] -w [params.txt]
copy
With custom headers
$ x8 -u [url] -w [wordlist] -H "[Cookie: value]"
copy
Output to file
$ x8 -u [url] -w [wordlist] -o [output.txt]
copy
Multiple URLs
$ x8 -l [urls.txt] -w [params.txt]
copy

SYNOPSIS

x8 [-u url] [-w wordlist] [-H header] [options]

DESCRIPTION

x8 is a hidden parameter discovery tool for web applications used in authorized security testing and bug bounty research. It sends requests with candidate parameter names from a wordlist and analyzes responses to identify parameters that the application accepts but does not publicly document.
The tool supports discovery through multiple HTTP methods including GET query parameters, POST body data, and HTTP headers. Concurrent request handling enables fast scanning, and multiple URLs can be processed from a file for batch testing.

PARAMETERS

-u URL

Target URL.
-l FILE
URL list.
-w FILE
Parameter wordlist.
-H HEADER
Custom header.
-o FILE
Output file.

CAVEATS

Authorized use only. May be detected. Rust implementation.

HISTORY

x8 was created for hidden parameter discovery in web applications during security testing.

SEE ALSO

arjun(1), paramspider(1), ffuf(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community