xpoc is a lightweight command-line scanner created for fast emergency response in supply chain vulnerability scanning. It is designed to help security teams test single targets, multiple targets, and target lists through direct input, files, or pipes. The tool can retrieve proof-of-concept plugins from the cloud, list available plugins, synchronize new plugins, and update itself from the command line. It uses the xray YAML POC format and supports plugin writing and loading for TCP and UDP checks. It can also be extended with custom Go plugins for more advanced detection logic, crawling, screenshots, and additional scanner behavior. It is most useful for authorized vulnerability validation, rapid triage, and security teams that already work with the xray ecosystem.
Features
- Supply chain vulnerability scanning
- Cloud-based POC plugin retrieval
- Single-target and batch scanning
- xray YAML POC format support
- TCP and UDP plugin support
- Custom Go plugin extensibility