View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009737Kali LinuxFeature Requestspublic2026-06-11 05:112026-06-11 05:14
Reporterkhaninkali Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0009737: OXIDE Elite Community Edition — AI-powered web exploitation & vulnerability scanner Written in Rust.
Description

Modules:

  • SQL injection (error-based, blind, time-based, stacked queries)
  • Cross-Site Scripting (reflected, stored, DOM-based, mXSS)
  • Local File Inclusion / Path Traversal
  • Command Injection (OS, NoSQL, template)
  • Server-Side Template Injection (SSTI)
  • XXE injection (in-band, out-of-band)
  • TLS/SSL misconfiguration scanning
  • CORS misconfiguration detection
  • Default credential auditing
  • Database fingerprinting
  • Session hijacking detection
  • CGI vulnerability scanning (CVE-based)
  • API fuzzing (REST, GraphQL, WebSocket)

Features:

  • AI-powered payload generation with context-aware mutation
  • Hybrid crawling (static + dynamic JS analysis + headless browser)
  • WAF/Cloudflare bypass engine with automatic technique selection
  • False positive reduction with multi-stage confirmation
  • Bandwidth control with token bucket rate limiting
  • Distributed scanning via cluster architecture
  • Proxy support (HTTP/HTTPS) with rotating user agents
  • Color-coded severity output (Critical/High/Medium/Low/Info)
  • CI/CD integration via JSON/XML/CSV/HTML export and exit codes

WHY INCLUDE IN KALI

  • Complements burpsuite and sqlmap with AI-driven payload mutation
  • Rust-based — no JVM dependency, single static binary
  • First open-source tool combining hybrid crawling + headless JS + WAF bypass
  • Fits kali-tools-web and kali-tools-exploitation categories
  • MITRE ATT&CK mapped for red team operations

KALI MENU INTEGRATION
Name : oxidev7elite
Tooltip : KhaninKali | HyperSecurity Offensive Labs — AI-powered
zero-day web exploitation & vulnerability scanner
Categories : kali-web-vulnerability-scanning;kali-initial-access;
kali-reconnaissance
Icon : SVG icons at 64x64, 128x128, 256x256, scalable
Man page : man oxide (full CLI reference with 30+ flags)
Terminal : true

PACKAGING DETAILS
Method : dpkg-deb --root-owner-group
Control : XB-Kali-Package, XB-Mitre-Tactics, XB-Mitre-Techniques
Postinst : ldconfig, mandb, update-desktop-database, gtk-update-icon-cache
Depends : libssl3, libc6, libgcc-s1, zlib1g, libzstd1
Size : 3.3 MB

MITRE ATT&CK MAPPING
TA0001 Initial Access — SQLi, XSS, LFI, CMDi, SSTI exploitation
TA0005 Defense Evasion — WAF bypass, Cloudflare evasion, IP rotation
TA0006 Credential Access — Default creds, auth bypass, session hijack
TA0007 Discovery — Web app fingerprinting, endpoint discovery
TA0043 Reconnaissance — Active scanning, crawling, tech stack detection

CHANGES FOR KALI INTEGRATION

  • MITRE ATT&CK mapping added to control file and man page
  • Kali menu .desktop entry with correct categories and tooltip
  • Man page (oxide.1.gz) with full CLI reference, examples, MITRE fields
  • SVG icons at multiple resolutions for Kali theme
  • XB-Kali-Package field for Kali infrastructure recognition
  • Debian packaging with postinst/postrm/prerm maintainer scripts

WARNING — PROPRIETARY SOFTWARE
This is proprietary software owned by KhaninKali | HyperSecurity Offensive Labs.
Copying, redistributing, reverse-engineering, or unauthorized reproduction of
the source code is strictly prohibited.

Only authorized Kali Linux developers reviewing this package for inclusion in
the official Kali Linux repositories are permitted to inspect the source code.

All rights reserved. Unauthorized reproduction will result in legal action.

Contact: https://t.me/hypersecurity_offsec

Activities

khaninkali

khaninkali

2026-06-11 05:14

reporter   ~0021766

https://hypersecurityoffensivelabs-about.is-best.net/

Issue History

Date Modified Username Field Change
2026-06-11 05:11 khaninkali New Issue
2026-06-11 05:14 khaninkali Note Added: 0021766