SkillAgentSearch skills...

Oxtrace

Advanced Penetration Testing Framework Professional security scanner with 6 modules: Authentication, API Security, JWT Analysis, File Upload, Session Management & Cryptography Testing. Features real-time monitoring, parallel scanning, professional reports (HTML/JSON), and stealth mode. For authorized testing only. Stay ethical, stay legal.

GenerateConvertImprove

Install / Use

/learn @infocyn/Oxtrace
About this skill

Quality Score

0/100

Supported Platforms

Zed

README

🔥 OxTrace v5.0

<div align="center">

Python Security License Status

🛡️ Advanced Penetration Testing Framework & Vulnerability Scanner

</div>

⚠️ CRITICAL LEGAL DISCLAIMER

<div align="center">

🚨 THIS TOOL IS FOR EDUCATIONAL AND AUTHORIZED TESTING PURPOSES ONLY 🚨

</div>

By using OxTrace, you agree that:

  • ✅ You have explicit written permission to test target systems
  • ✅ You will NOT use this tool for illegal activities
  • ✅ You understand unauthorized access is a criminal offense
  • ✅ You accept FULL RESPONSIBILITY for your actions
  • ❌ Unauthorized access is illegal and punishable by law

🎯 Overview

OxTrace is a comprehensive penetration testing framework designed for security professionals and ethical hackers. It combines 6+ specialized security testing modules into a single, powerful tool with real-time monitoring and professional reporting.

✨ Why OxTrace?

┌─────────────────────────────────────────────────────────────┐
│  🎯 All-in-One       │  6+ specialized testing modules      │
│  📊 Real-Time        │  Live dashboard with progress        │
│  📄 Professional     │  HTML + JSON + Executive reports     │
│  ⚡ High Performance │  Parallel processing up to 100       │
│  🔒 Stealth Mode     │  Proxy & TOR support                 │
│  🎨 Modern UI        │  Beautiful terminal interface        │
└─────────────────────────────────────────────────────────────┘

🔧 Core Modules

<table> <tr> <td width="50%" valign="top">

🔐 Authentication Testing

├─ Default credentials testing
├─ SQL injection in login forms
├─ Brute force protection checks
├─ Account enumeration detection
└─ HTTPS security verification

🔌 API Security Scanner

├─ BOLA/IDOR testing
├─ Broken authentication checks
├─ Excessive data exposure
├─ Rate limiting validation
└─ API documentation exposure

🎫 JWT Token Analysis

├─ Algorithm confusion attacks
├─ Weak signing secrets
├─ Expiration validation
├─ Sensitive data exposure
└─ Signature verification
</td> <td width="50%" valign="top">

📤 File Upload Testing

├─ Dangerous file type uploads
├─ Filter bypass techniques
├─ Path traversal attacks
├─ MIME type validation
└─ Content verification

🔐 Session Management

├─ Cookie security flags
├─ Session fixation tests
├─ Timeout validation
├─ Session ID entropy
└─ Security attributes

🔒 Cryptography Testing

├─ SSL/TLS version checks
├─ Certificate validation
├─ Weak cipher detection
├─ Key size verification
└─ HSTS headers
</td> </tr> </table>

🚀 Installation & Quick Start

📦 Quick Installation

# 1️⃣ Clone the repository
git clone https://github.com/infocyn/oxtrace.git
cd oxtrace

# 2️⃣ Install dependencies
pip install -r requirements.txt

# 3️⃣ Verify installation
python oxtrace.py --help

⚡ Quick Usage

<table> <tr> <td width="50%">

🎮 Interactive Mode (Beginners)

python oxtrace.py -i

Easy interactive menu:

  • ✅ Accept legal terms
  • 🎯 Enter target URL
  • 📋 Select modules
  • 📊 Generate reports
</td> <td width="50%">

⌨️ Command Line (Advanced)

# Full scan
python oxtrace.py -t https://example.com -m full -r html

# Specific modules
python oxtrace.py -t https://example.com -m auth,api,jwt

# JSON report
python oxtrace.py -t https://example.com -m full -r json
</td> </tr> </table>

📖 Detailed Usage

Command Syntax

python oxtrace.py [OPTIONS]

Available Options

| Option | Long Form | Description | Example | |--------|-----------|-------------|---------| | -t | --target | Target URL/domain/IP (required) | -t https://example.com | | -m | --modules | Comma-separated modules | -m auth,api,jwt | | -r | --report | Report format (html/json/executive) | -r html | | -o | --output | Output directory | -o ./reports | | -i | --interactive | Interactive menu mode | -i | | -v | --verbose | Verbose debug output | -v | | | --skip-legal | Skip legal disclaimer | --skip-legal | | -h | --help | Show help message | -h |

Available Modules

| Code | Module | Description | |------|--------|-------------| | auth | Authentication | Login mechanisms and auth security | | api | API Security | REST/GraphQL API vulnerabilities | | jwt | JWT Analysis | JWT token security flaws | | upload | File Upload | File upload vulnerabilities | | session | Session Management | Session handling and cookies | | crypto | Cryptography | SSL/TLS and crypto configs | | full | Full Scan | Run ALL modules (recommended) |

💡 Usage Examples

<table> <tr> <td>

🎯 Example 1: Complete Security Audit

python oxtrace.py \
  -t https://target.com \
  -m full \
  -r html \
  -v
</td> <td>

🔌 Example 2: API Testing Only

python oxtrace.py \
  -t https://api.target.com \
  -m api,jwt \
  -r json
</td> </tr> <tr> <td>

🔐 Example 3: Authentication Scan

python oxtrace.py \
  -t https://login.target.com \
  -m auth \
  -r executive
</td> <td>

🕵️ Example 4: Stealth Mode

export OXTRACE_USE_TOR="true"
python oxtrace.py \
  -t https://target.com \
  -m full
</td> </tr> <tr> <td>

📤 Example 5: Upload Testing

python oxtrace.py \
  -t https://upload.target.com \
  -m upload \
  -v
</td> <td>

🔒 Example 6: Crypto Testing

python oxtrace.py \
  -t https://secure.target.com \
  -m crypto,session \
  -r html
</td> </tr> </table>

📊 Report Types

1️⃣ Interactive HTML Report

<div align="center"> 
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃  📊 Interactive Dashboard                   ┃
┃  ├─ 🎨 Modern dark theme design             ┃
┃  ├─ 📈 Interactive charts (Chart.js)        ┃
┃  ├─ 🔍 Quick search functionality           ┃
┃  ├─ 📱 Responsive for all devices           ┃
┃  ├─ 🖨️ Print-ready PDF export              ┃
┃  └─ 🔗 Direct CVSS & CWE links              ┃
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛
</div>

Generate:

python oxtrace.py -t https://example.com -m full -r html

Features:

  • 🎨 Professional cybersecurity aesthetic
  • 📊 Severity distribution pie chart
  • 📈 Vulnerabilities by module bar chart
  • 🔍 Searchable findings table
  • 📱 Mobile-friendly responsive design
  • 🖨️ Optimized for PDF printing
  • 🔗 Links to vulnerability databases

2️⃣ JSON Report (Machine-Readable)

Generate:

python oxtrace.py -t https://example.com -m full -r json

Use Cases:

  • ✅ CI/CD pipeline integration
  • ✅ Custom report generation
  • ✅ Data analysis and metrics
  • ✅ SIEM system integration
  • ✅ Automated vulnerability tracking

Sample Structure:

{
  "meta": {
    "tool": "OxTrace",
    "version": "5.0.0",
    "target": "https://example.com",
    "timestamp": "2024-01-15_14-30-00",
    "scan_duration": 245.67
  },
  "summary": {
    "total_vulnerabilities": 12,
    "risk_score": 78,
    "by_severity": {
      "critical": 3,
      "high": 5,
      "medium": 2,
      "low": 2
    }
  },
  "scans": [
    {
      "target": "https://example.com",
      "scan_type": "authentication_security",
      "vulnerabilities": [
        {
          "name": "Default Credentials",
          "severity": "critical",
          "cvss": 9.8,
          "cwe": "CWE-798",
          "evidence": "Login successful with admin:admin"
        }
      ]
    }
  ]
}

3️⃣ Executive Summary (Management Report)

Generate:

python oxtrace.py -t https://example.com -m full -r executive

Ideal For:

  • 👔 C-level executives
  • 📊 Board presentations
  • 📋 Compliance reports
  • 📈 Risk assessments

Sample Output:

════════════════════════════════════════════════════════════════
                    EXECUTIVE SECURITY SUMMARY
════════════════════════════════════════════════════════════════

TARGET: https://example.com
DATE: 2024-01-15 14:30:00
SCAN DURATION: 4 minutes 5 seconds

────────────────────────────────────────────────────────────────
                         RISK OVERVIEW
────────────────────────────────────────────────────────────────

Overall Risk Rating: CRITICAL

Total Vulnerabilities: 12
├─ Critical: 3
├─ High: 5
├─ Medium: 2
└─ Low: 2

Risk Score: 78/100 (HIGH RISK)

IMMEDIATE ACTION REQUIRED: 3 critical vulnerabilities

────────────────────────────────────────────────────────────────
                      TOP 5 CRITICAL FINDINGS
────────────────────────────────────────────────────────────────

1. DEFAULT CREDENTIALS ACCEPTED
   Severity: CRITICAL | CVSS: 9.8
   Location: https://example.com/login
   Impact: Unauthorized administrative access
   Recommendation: Change default credentials immediately

2. SQL INJECTION VULNERABILITY
   Severity: CRITICAL | CVSS: 9.8
   Location: https://example.com/login
   Impact: Database compromise possible
   Recommendation: Use parameterized queries

3. WEAK JWT SECRET KEY
   Severity: CRITICAL | CVSS: 9.8
   Location: Authentication tokens
   Impact: Token forgery possible
   Recommendation: Use strong secret (min 256 bits)

─────────────────────────────────────────────────────────────

infocyn

View profile

View on GitHub
GitHub Stars47
CategoryDevelopment
Updated25d ago
Forks14
infocyn/oxtrace

Languages

Python

Security Score

90/100

Audited on Mar 11, 2026

No findings