-
Notifications
You must be signed in to change notification settings - Fork 0
Smart Scanning
CommonHuman-Lab edited this page May 18, 2026
·
1 revision
Filter probing runs automatically on every reflected parameter. Before injecting XSS payloads, stingxss sends a single probe to map which special characters the server encodes or strips:
< > ' " \ / ; = ( )
Payloads that require blocked characters are skipped — fewer requests, fewer false starts, faster results.
Disable with --no-probe-filter if you need raw coverage with no pre-probing:
stingxss -u "https://target.com/search?q=test" --no-probe-filter--level controls payload depth and breadth:
| Level | Description |
|---|---|
1 |
Fast — small payload set, common contexts only |
2 |
Balanced — default; broader payload set |
3 |
Thorough — full payload set, all contexts, slower |
stingxss -u "https://target.com/" --crawl --level 3Load extra payload files with -f. Files support {marker} template substitution:
stingxss -u "https://target.com/search?q=test" -f my_payloads.txt -f community.txt# Add a delay between requests (seconds)
stingxss -u "https://target.com/search?q=test" --delay 0.5
# Route through a proxy
stingxss -u "https://target.com/search?q=test" --proxy http://127.0.0.1:8080