Details

Category: Vulnerabilities

Publisher: trickest

Created Date: 9/7/2021

Container: quay.io/trickest/xspear:1.4.1

Source URL: https://github.com/hahwul/XSpear

Parameters

param
string
Command: --param - Test paramters
cookie
string
Command: --cookie - Add Cookie
no-xss
boolean
Command: --no-xss - Don't test XSS, only parameters analysis
headers
string
Command: --headers - Add HTTP Headers
raw-ssl
boolean
Command: --raw-ssl - http/https switch for burp raw file
threads
string
Command: --threads - Threads , default: 10
post-data
string
Command: --data - POST Method Body data
target-url
string
required
Command: --url - Target Url
config-file
file
Command: --config - Use config file
blind-vector
string
Command: -b - Add vector of Blind XSS. With XSS Hunter, ezXSS, HBXSS... e.g: https://hahwul.xss.ht
burp-raw-file
file
Command: --raw - Load raw file(e.g raw_sample.txt)
output-format
string
Command: --output - Output format (cli , json, html)
verbose-level
string
Command: --verbose - Show log depth. 0: quite mode(only result) 1: show scanning status(default) 2: show scanning logs 3: show detail log(req/res)
test-all-params
boolean
Command: --test-all-params - Test to all params(include not reflected)
custom-payload-json-file
file
Command: --custom-payload - Load custom payload json file