Fire Range

The StingXSS Fire Range is a deliberately vulnerable Flask app that ships with OctoRig. It provides injectable endpoints that the scanner is verified against on every change.

Starting the lab

# Start Fire Range (OctoRig required)
./octorig.sh start StingXSS

Running the scanner against it

stingxss -u "http://127.0.0.1:17477" --crawl --max-pages 100 --level 2 --report-html report.html

The Fire Range covers reflected, DOM, stored, CRLF, and header-injection endpoints — enough to exercise the full scanner surface.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fire Range

Starting the lab

Running the scanner against it

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally