XSSpecter: an automated framework for end-to-end blind XSS detection and reporting

Blind Cross-Site Scripting (XSS) vulnerabilities present a significant challenge as they evade traditional scanners due to their out-of-band execution, where attackers do not receive immediate feedback. In this work, we present XSSpecter, an end-toend automated framework designed for the comprehensive detection and reporting of blind XSS vulnerabilities. XSSpecter integrates a Python-based command-line interface (CLI) for intelligent crawling and payload injection, and a Node.js-based web application featuring a callback listener, forensic data capture, and a Vue.js dashboard for alert management and reporting. The entire system is containerized using Docker for simplified deployment and consistent operation. XSSpecter automates uniquely tagged JavaScript payload generation, injection into forms, URL parameters, and headers, listens for out-of-band callbacks, captures extensive forensic artifacts (DOM snapshots, screenshots, environment metadata), and delivers alerts via multiple channels (email, Discord, Slack, Telegram) alongside structured reports. Evaluation in controlled environments demonstrated a 100% detection rate for triggered payloads under favorable execution conditions with a mean callback latency of approximately 650ms, and real-world application led to the discovery of previously unknown blind XSS vulnerabilities. Compared to existing tools like XSS Hunter and ezXSS, XSSpecter offers a fully automated workflow from scanning to reporting. Key contributions include a modular, containerized software stack that integrates CLI and web components for comprehensive blind XSS testing, a robust callback handling system with detailed forensic data capture, and a systematic reporting mechanism, demonstrating a scalable solution for modern web application security assessments.