XSniper is an ultra-advanced, stylish XSS vulnerability scanner built in python.
It supports multiple HTTP injection points, live scan logging, scan speed and depth control, and a hi-tech dashboard UI.
-
Injection Points:
- Query parameters
- Path segments
- POST body (if POST selected)
- HTTP headers (User-Agent, Referer, X-Forwarded-For)
- Cookies
-
Scan Control:
- Choose HTTP method (GET/POST)
- Scan speed (Fast/Medium/Slow)
- Scan depth (1–7) via buttons (depth = number of injection types checked)
-
Live Dashboard:
- Live scan log
- Full results table
- Vulnerable payloads list
- Vulnerability info panel
- Neon hi-tech UI
-
Wordlist:
- Load or paste your own payloads
- Install dependencies:
pip install PyQt5 requests
- Run the tool:
python xsniper.py
- How to scan:
- Enter target URL.
- Select HTTP method.
- Paste or load your payload wordlist.
- Pick scan speed and scan depth using the buttons.
- Click "Start Live XSS Scan".
- Review vulnerable payloads, log, and results in the dashboard.
| Depth | Injection Types |
|---|---|
| 1 | Query Parameter |
| 2 | + Header: Referer |
| 3 | + Path Segment |
| 4 | + Header: User-Agent |
| 5 | + Header: X-Forwarded-For |
| 6 | + Cookie |
| 7 | + POST Body (if POST selected) |