Xxalgorix
Sign inGet started

methodology

The 22-phase engagement.

Every Xalgorix run executes these phases in order. Findings from each phase feed the next.

01
Reconnaissance
02
Manual vulnerability discovery
03
Directory and file discovery
04
CORS and cookie analysis
05
Authentication and session testing
06
Injection testing
07
SSRF testing
08
IDOR and broken access control
09
API and GraphQL testing
10
File upload testing
11
Deserialization and RCE
12
Race conditions and business logic
13
Subdomain takeover
14
Open redirect testing
15
Email security testing
16
Cloud and infrastructure
17
WebSocket testing
18
CMS-specific testing
19
Broken link hijacking and content spoofing
20
Exploit verification
21
Zero-day discovery
22
Final report