![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLqrgXaUDWY7BMJt2RHAipnxhAqsIMWCwsAZul4VQltuVfLlbD7-k3DIdEuignJ2-_m-fzpEvmxMY8xDkEkjpExEVG8fP1taAKkdZzCU3MfE3kGVUK_AxKjOpl7kSJjV91evX2uEQyR_n_/s640/XSpear_1.png) XSpear is XSS Scanner on ruby gems **Key features** * Pattern matching based XSS scanning * Detect `alert` `confirm` `prompt` event on headless browser (with Selenium) * Testing request/response for XSS protection bypass and reflected(or all) params * Reflected Params * All params(for blind xss, anytings) * Filtered test `event handler` `HTML tag` `Special Char` `Useful code` * Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...) * Dynamic/Static Analysis * Find SQL Error pattern * Analysis Security headers(`CSP` `HSTS` `X-frame-options`, `XSS-protection` etc.. ) * Analysis Other headers..(Server version, Content-Type, etc...) * XSS Testing to URI Path * Scanning from Raw file(Burp suite, ZAP Request) * XSpear running on ruby code(with Gem library) * Show `table base cli-report` and `filtered rule`, `testing raw query`(url) * Testing at selected parameters * Support output format `cli` `json` * cli: summary, filtered rule(params), Raw Query * Support Verbose level (0~3) * 0: quite mode(only result) * 1: show scanning status(default) * 2: show scanning logs * 3: show detail log(req/res) * Support custom callback code to any test various attack vectors * Support Config file **Installation** Install it yourself as: $ gem install XSpear Or install it yourself as (local file): $ gem install XSpear-{version}.gem Add this line to your application's Gemfile: gem 'XSpear' And then execute: $ bundle **Dependency gems** `colorize` `selenium-webdriver` `terminal-table` `progress_bar` If you configured it to install automatically in the Gem library, but it behaves abnormally, install it with the following command. $ gem install colorize $ gem install selenium-webdriver $ gem install terminal-table $ gem install progress_bar **Usage on cli** Usage: xspear -u [target] -[options] [value] [ e.g ] $ xspear -u 'https://www.hahwul.com/?q=123' --cookie='role=admin' -v 1 -a $ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 2 [ Options ] -u, --url=target_URL [required] Target Url -d, --data=POST Body [optional] POST Method Body data -a, --test-all-params [optional] test to all params(include not reflected) --headers=HEADERS [optional] Add HTTP Headers --cookie=COOKIE [optional] Add Cookie --raw=FILENAME [optional] Load raw file(e.g raw_sample.txt) -p, --param=PARAM [optional] Test paramters -b, --BLIND=URL [optional] Add vector of Blind XSS + with XSS Hunter, ezXSS, HBXSS, etc... + e.g : -b https://hahwul.xss.ht -t, --threads=NUMBER [optional] thread , default: 10 -o, --output=FORMAT [optional] Output format (cli , json) -c, --config=FILENAME [optional] Using config.json -v, --verbose=0~3 [optional] Show log depth + v=0 : quite mode(only result) + v=1 : show scanning status(default) + v=2 : show scanning logs + v=3 : show detail log(req/res) -h, --help Prints this help --version Show XSpear version --update Show how to update **Result types** * (I)NFO: Get information ( e.g sql error , filterd rule, reflected params, etc..) * (V)UNL: Vulnerable XSS, Checked alert/prompt/confirm with Selenium * (L)OW: Low level issue * (M)EDIUM: medium level issue * (H)IGH: high level issue **Verbose Mode** **[0] quite mode(show only result)** $ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 0 you see report **[1] show progress bar (default)** $ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 1 [*] analysis request.. [*] used test-reflected-params mode(default) [*] creating a test query [for reflected 2 param + blind XSS ] [*] test query generation is complete. [249 query] [*] starting XSS Scanning. [10 threads] [#######################################] [249/249] [100.00%] [01:05] [00:00] [ 3.83/s] ... you see report **[2] show scanning logs** $ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 2 [*] analysis request.. [I] [22:42:41] [200/OK] [param: cat][Found SQL Error Pattern] [-] [22:42:41] [200/OK] 'STATIC' not reflected [-] [22:42:41] [200/OK] 'cat' not reflected [I] [22:42:41] [200/OK] reflected rEfe6[param: cat][reflected parameter] [*] used test-reflected-params mode(default) [*] creating a test query [for reflected 2 param + blind XSS ] [*] test query generation is complete. [249 query] [*] starting XSS Scanning. [10 threads] [I] [22:42:43] [200/OK] reflected onhwul=64[param: cat][reflected EHon{any} pattern] [-] [22:42:54] [200/OK] 'cat' not reflected [-] [22:42:54] [200/OK] 'cat' not reflected