{"id":15323234,"url":"https://github.com/krishpranav/xspear","last_synced_at":"2025-03-27T18:16:58.594Z","repository":{"id":109908068,"uuid":"367582210","full_name":"krishpranav/xspear","owner":"krishpranav","description":"xspear is a xss vulnerability scanner made in ruby","archived":false,"fork":false,"pushed_at":"2021-05-15T09:16:08.000Z","size":24,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-04T13:46:32.218Z","etag":null,"topics":["information-retrieval","information-security","ruby","xspear","xss","xss-scanner","xss-vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/krishpranav.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-15T08:47:21.000Z","updated_at":"2024-07-14T13:34:33.000Z","dependencies_parsed_at":"2023-03-21T09:17:42.533Z","dependency_job_id":null,"html_url":"https://github.com/krishpranav/xspear","commit_stats":{"total_commits":18,"total_committers":2,"mean_commits":9.0,"dds":0.05555555555555558,"last_synced_commit":"781580ed1dd60ae79bdafd0ba9726981ac1a4fa5"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krishpranav%2Fxspear","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krishpranav%2Fxspear/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krishpranav%2Fxspear/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krishpranav%2Fxspear/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/krishpranav","download_url":"https://codeload.github.com/krishpranav/xspear/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245898334,"owners_count":20690466,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["information-retrieval","information-security","ruby","xspear","xss","xss-scanner","xss-vulnerability"],"created_at":"2024-10-01T09:19:22.620Z","updated_at":"2025-03-27T18:16:58.571Z","avatar_url":"https://github.com/krishpranav.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# xspear\nxspear is a xss vulnerability scanner made in ruby\n\n[![forthebadge](https://forthebadge.com/images/badges/made-with-ruby.svg)](https://forthebadge.com)\n\n# Installation\n```\ngit clone https://github.com/krishpranav/xspear\ncd xspear\nbundle install\nbundle\n```\n\n# Usage\n```\nUsage: xspear -u [target] -[options] [value]\n[ e.g ]\n$ xspear -u 'https://www.hahwul.com/?q=123' --cookie='role=admin' -v 1 -a \n$ xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 2\n$ xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 0 -o json\n\n[ Options ]\n    -u, --url=target_URL             [required] Target Url\n    -d, --data=POST Body             [optional] POST Method Body data\n    -a, --test-all-params            [optional] test to all params(include not reflected)\n        --no-xss                     [optional] no testing xss, only parameters analysis\n        --headers=HEADERS            [optional] Add HTTP Headers\n        --cookie=COOKIE              [optional] Add Cookie\n        --custom-payload=FILENAME    [optional] Load custom payload json file\n        --raw=FILENAME               [optional] Load raw file(e.g raw_sample.txt)\n    -p, --param=PARAM                [optional] Test paramters\n    -b, --BLIND=URL                  [optional] Add vector of Blind XSS\n                                      + with XSS Hunter, ezXSS, HBXSS, etc...\n                                      + e.g : -b https://hahwul.xss.ht\n    -t, --threads=NUMBER             [optional] thread , default: 10\n    -o, --output=FORMAT              [optional] Output format (cli , json)\n    -c, --config=FILENAME            [optional] Using config.json\n    -v, --verbose=0~3                [optional] Show log depth\n                                      + v=0 : quite mode(only result)\n                                      + v=1 : show scanning status(default)\n                                      + v=2 : show scanning logs\n                                      + v=3 : show detail log(req/res)\n    -h, --help                       Prints this help\n        --version                    Show XSpear version\n        --update                     Show how to update\n\n```\n\n# quite mode\n```\n$ xspear -u \"http://testphp.vulnweb.com/listproducts.php?cat=123\" -v 0\n```\n\n# show progress bar\n```\n$ xspear -u \"http://testphp.vulnweb.com/listproducts.php?cat=123\" -v 1\n[*] analysis request..\n[*] used test-reflected-params mode(default)\n[*] creating a test query [for reflected 2 param + blind XSS ]\n[*] test query generation is complete. [249 query]\n[*] starting XSS Scanning. [10 threads]\n\n[#######################################] [249/249] [100.00%] [01:05] [00:00] [  3.83/s]\n...\n```\n\n# show scanning logs\n```\n$ xspear -u \"http://testphp.vulnweb.com/listproducts.php?cat=123\" -v 2\n[*] analysis request..\n[I] [22:42:41] [200/OK] [param: cat][Found SQL Error Pattern]\n[-] [22:42:41] [200/OK] 'STATIC' not reflected\n[-] [22:42:41] [200/OK] 'cat' not reflected \u003cscript\u003ealert(45)\u003c/script\u003e\n[I] [22:42:41] [200/OK] reflected rEfe6[param: cat][reflected parameter]\n[*] used test-reflected-params mode(default)\n[*] creating a test query [for reflected 2 param + blind XSS ]\n[*] test query generation is complete. [249 query]\n[*] starting XSS Scanning. [10 threads]\n[I] [22:42:43] [200/OK] reflected onhwul=64[param: cat][reflected EHon{any} pattern]\n[-] [22:42:54] [200/OK] 'cat' not reflected \u003cimg/src onerror=alert(45)\u003e\n[-] [22:42:54] [200/OK] 'cat' not reflected \u003csvg/onload=alert(45)\u003e\n[H] [22:42:54] [200/OK] reflected \u003cscript\u003ealert(45)\u003c/script\u003e[param: cat][reflected XSS Code]\n[V] [22:42:59] [200/OK] found alert/prompt/confirm (45) in selenium!! '\"\u003e\u003csvg/onload=alert(45)\u003e[param: cat][triggered \u003csvg/onload=alert(45)\u003e]\n...\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkrishpranav%2Fxspear","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkrishpranav%2Fxspear","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkrishpranav%2Fxspear/lists"}