Your personal XSS Wingman : Find reflected and DOM XSS by using a very fast and reliable scanner
Cross-Site Scripting (XSS) is one of the most common security vulnerabilities in modern web applications. XSS has evolved since the late ’90s. Yet tools, specifically meant to detect this weakness, have not. Wing man is a command-line XSS scanner and aims to be more accurate, efficient, and thorough than what you would expect of automated solutions. We are slowly able to perfect the discovery process by focusing on this one problem. Wingman is ideal for bug bounty hunters, pentesters, and infosec professionals.
Packed into a small, minimalistic binary for ease of use and portability.
Wing man automatically generates proof-of-concepts, making it simple to forward the issue and get it resolved.
Available on Windows, MacOS and Linux.
Quickly spawn a sandboxed Google Chrome session to find XSS as you browse. This mode will automatically submit the current page URL and HTML forms back to Wing man for scanning purposes.
Sit back and let Wing man scan a list of URLs using a lightweight and fast crawler, built from the ground up.
Leave no stone unturned by scanning every possible injection point, including the URL Query, Path, and HTTP Request Body. Optionally you can configure Wing man to exclude any of these.
Every discovered vulnerability should require some form of proof. Wingman automatically generates a Proof-Of-Concept that you can open in your browser to demonstrate the issue. Also available in JSON format.
Combine Wingman with popular Man-In-The-Middle software such as Burp Suite, OWASP ZAP, and more.
Dynamic DOM Scanner
Wingman uses advanced taint-sink tracking techniques to discover DOM XSSes. Even in highly obfuscated code.
- published date : 2022
- password: soft360
1. Disable Antivirus and Windows Defender. If the antivirus is turned on,
the program will not crack properly.
2. Install the program normally.
3. Go to the crack folder and run the crack file.
4. Done Enjoy!
* File password *: soft360