How To Scan XSS vulnerability of Web Applications using XSpear

How To Scan XSS vulnerability of Web Applications using XSpear

Cross-site scripting.

One of the major vulnerabilities found in web applications.
If you own a web application you should know how to scan for XSS vulnerability. If you do not own a web application, still, knowing about it will help you in the future.
What is Cross-site scripting?
Cross-site scripting is a technique in which attackers inject malicious scripts into a target web application and may allow them to gain access control of the web application but it will differ depending on the type of Cross-site attack. If the attacker injects Javascript, this could allow him/her to interact with the cookies. This is the specialty of Java script.
What do we have in cookies? we have saved passwords, or the attacker can redirect the victim to a phishing website.
There are mainly three types of Cross-site scripting attacks.
  1. Reflected XSS
  2. Stored  XSS
  3. DOM XSS
Want to know more about it? visit Portswigger.
Here, we are going to scan a website for XSS vulnerability. The tool going to be used here is called XSpear which is written in GEM and very powerful.
Let’s see how we can configure XSpear in Kali Linux.

Configuring XSpear in Kali Linux

Fire up your Kali Linux machine and download XSpear from Github. Navigate to the directory where you have downloaded it and expand it.
Now its time to start the installation process.
1.  Make sure you have Gem installed in your machine. Launch the XSpear script with the command-
gem install XSpear-1.3.1.gem
2. Launch the scan process by using the commands given below. We are using a website legally just for educational purposes.
Now it will list all low, medium and high-level issues.

XSpear has generated the report and found  24 vulnerabilities. 

How To Scan XSS vulnerability of Web Applications using XSpear
Click here to see more screenshots.

Most hackers are young because young people tend to be adaptable. As long as you remain to be adaptable, you can always be a good hacker. – Emmanuel Goldstein     ~Click here to tweet~


Cross-site scripting has always been a powerful attack for hackers. This attack is just basically a Game of Codes!
You have good knowledge of different web-based programming languages, you found a website with XSS vulnerability, then play with it.
What’s your opinion about XSpear? will you use it? Let us know in the comment box below. Also, if you face any problem while installing it, feel free to leave a comment explaining your problem.


The tutorial you found on this website is only for educational purposes. Misuse of this information can lead you to jail or punishment. Anything you damage, we are not responsible for that. Do use it on your own property. If you want to test it on other’s property, take written permission from them.