| Description | Hey Kali team,
I built Oxide because I got tired of running nikto, sqlmap, nuclei, and custom scripts all at the same time just to get a decent web assessment. Oxide does all of that in one Rust binary with async Tokio underneath, so it's fast and doesn't need Python or Go installed.
What makes it different from what's already in Kali:
- ML zero-day detection — It trains KNN/Random Forest/Isolation Forest classifiers on 38-dimensional feature vectors from live HTTP responses. Finds vulns with no known signature. No other Kali scanner does unsupervised anomaly detection during a scan.
- AI payload mutation — Generates 10+ variants per base payload using encoding, case randomization, comment injection, white space tricks. Learns from confirmed findings to find similar issues elsewhere. Builds multi-step exploit chains automatically.
- Encrypted payload database — AES-256-GCM encrypted SQLite. Payloads loaded from cipher DB at runtime. Defenders can't extract or reuse the payload list.
- Web Socket fuzzer — Full RFC 6455 handshake with masked frames. Tests SQLi, XSS, CMDi, path traversal, prototype pollution, DoS, format strings, binary/text opcode confusion at frame level. Nothing else in Kali does this.
- REST API + GraphQL fuzzer — All HTTP verbs x content types x auth methods. GraphQL schema introspection, type enumeration, batch queries, named operation extraction. Auth bypass via header injection.
- Headless Chrome crawler — Chromium renders JS before fuzzing. Extracts fetch/XHR endpoints, React/Vue/Angular router paths, dynamic imports, WebSocket URLs, Apollo Client gql templates. SPA-aware crawling.
- Distributed cluster scanning — TCP master-agent architecture. One CLI distributes tasks to multiple machines with heartbeat monitoring and automatic failover.
- 12-layer WAF evasion — CloudFlare, Mod Security, AWS-WAF, Imperva profiles with known bypasses. Adapts evasion strategy based on detected WAF.
Also has: CORS 10-test assessment, 40+ default credential apps, raw TLS DER/ASN.1 cert parser with Heartbleed/CRIME probes, session hijacking module, 8-agent concurrent scanning with live braille TUI, 6-layer CGI precision validator that kills nikto false positives.
Single ~9MB Rust binary. No dependencies at runtime. Already has .deb package, Linux zip, Windows zip. GPL-3.0, actively maintained.
I think this fills the gap between nikto (old, single-threaded, no ML) and nuclei (template-based, no adaptive AI). Would be good to have a next-gen option in the repos.
Thanks,
khaninkali
Here is my repo
Repo: https://github.com/HyperSecurityLabs/oxide-communityedition-v8.6.9
Releases: https://github.com/HyperSecurityLabs/oxide-communityedition-v8.6.9/releases/
License: GPL-3.0, Author: khaninkali (HyperSecurityOffensiveLabs) |
|---|