XSpear is XSS Scanner tool which is written in ruby gems. It can be useful for detecting the XSS vulnerability with different level of payloads.


  • Pattern matching based XSS scanning
  • Detect alert confirm prompt event on headless browser
  • Testing request/response for XSS protection bypass and reflected(or all) params
  • Scanning from Raw file(Burp suite, ZAP Request)
  • Testing at selected parameters
  • Support output format cli json html
  • Support Verbose level (0~3)


You can also install using “gem install XSpear” or
  • gem install XSpear-{version}.gem


Lock image



xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 0

V 0: quite mode(show only result)

V 1: show progress bar (default)

V 2: show scanning logs

V 3: show scanning detail logs

Scanning XSS

$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy"

Only JSON output

$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy" -o json -v 0

Set scanning thread

$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -t 30

Testing at selected parameters

$ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -p cat,test

Testing at all parameters
(This option is tested with or without reflection.)

$ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -a

Testing Only parameter analysis (aka no-xss mode)

$ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" --no-xss

Testing blind xss(all params)
(Should be used as much as possible because Blind XSS is everywhere)

$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -b "https://hahwul.xss.ht" -a

# Set your blind xss host. <-b options>