XSpear is a powerful Ruby-based XSS scanning and parameter analysis tool designed to detect and analyze cross-site scripting vulnerabilities with both static and dynamic techniques.
🔱 Powerfull XSS Scanning and Parameter analysis tool&gem
Security professionals and web application testers use XSpear to identify reflected and blind XSS vulnerabilities by scanning URL parameters, HTTP requests, and responses. It is especially useful for automating XSS detection and bypass testing in web security assessments using both CLI and Ruby library integration.
XSpear requires Ruby environment and several dependencies including Selenium WebDriver for dynamic browser-based testing. Users should ensure proper installation of dependencies and may need to configure custom payloads or callbacks for advanced testing scenarios. Verbose logging levels help in debugging and understanding scan results in detail.
Run `gem install XSpear` to install the tool via RubyGems
Alternatively, download the latest release from GitHub and install locally with `gem install XSpear-{version}.gem`
Add `gem 'XSpear'` to your application's Gemfile and run `bundle` to include it as a library
Install dependency gems manually if automatic installation fails: `colorize`, `selenium-webdriver`, `terminal-table`, `progress_bar` using `gem install`xspear -u 'https://www.hahwul.com/?q=123' --cookie='role=admin' -v 1 -a
Scan the specified URL with cookie header, verbose level 1, testing all parameters including non-reflected ones
xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 2
Scan the URL with verbose level 2 to show detailed scanning logs
xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 0 -o json
Scan the URL quietly (only results) and output the results in JSON format