Xspear is a powerful XSS scanning and parameter analysis tool on ruby gems, capable of both static and dynamic XSS vulnerability analysis. Therefore, it has the ability to scan, detect and analyze potential XSS vulnerabilities on web applications. Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser (with Selenium) Testing request/response for XSS protection bypass and reflected(or all) params Reflected Params All params(for blind xss, anytings) Filtered test event handler HTML tag Special Char Useful code Testing custom payload for only you! Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...) Dynamic/Static Analysis Find SQL Error pattern Analysis Security headers(CSP HSTS X-frame-options, XSS-protection etc.. ) Analysis Other headers..(Server version, Content-Type, etc...) XSS Testing to URI Path Testing Only Parameter Analysis (aka no-XSS mode) Scanning from Raw file(Burp suite, ZAP Request) XSpear running on ruby code(with Gem library) Show....