-
Notifications
You must be signed in to change notification settings - Fork 0
Authentication
CommonHuman-Lab edited this page May 18, 2026
·
1 revision
Authenticate once before scanning — stingxss maintains the session across all requests:
stingxss -u "https://target.com/app" \
--login-url "https://target.com/login" \
--login-user admin --login-pass secret# Basic
stingxss -u "https://target.com/api/search?q=test" \
--auth-type basic --auth-cred "admin:secret"
# Digest
stingxss -u "https://target.com/api/search?q=test" \
--auth-type digest --auth-cred "user:pass"
# NTLM (requires stingxss[ntlm])
stingxss -u "https://corp-intranet.example.com/search?q=test" \
--auth-type ntlm --auth-cred "DOMAIN\\user:pass"Install NTLM support:
pip install stingxss[ntlm]Pass cookies and custom headers directly:
stingxss -u "https://target.com/dashboard" -c "session=abc123"
stingxss -u "https://target.com/api" -H "Authorization: Bearer <token>"Import all endpoints from a spec and scan them in one command:
stingxss -u "https://target.com/" --openapi https://target.com/openapi.json
stingxss -u "https://target.com/" --openapi /path/to/swagger.yaml --base-url https://target.comHeadless Chromium discovers JS-rendered routes before scanning. Use this for SPAs where the standard crawler misses dynamically loaded endpoints:
stingxss -u "https://target.com/" --browser-crawl --level 2--browser-crawl is for discovery only. Use --browser separately for XSS execution confirmation.
pip install stingxss[browser]