HOCXSS Automatic Cross Site Scripting XSS Vulnerability Scanner

HOC XSS Scanner
HOC XSS Scanner

Today, we are presenting our own Intelligence HOCXSS Automatic (Cross Site Scripting) vulnerability scanner along with the complete demonstration tutorial.

HOCXSS is an easy way for the penetration tester and bug bounty hunters to test Cross site scripting. It has featured with crawling, detection parameter discovery, WAF detection capabilities as well.

Note: This XSS scanner wouldn’t require you to install any Library. It automatically detects, installs, and run the required files for you.

It’s main features are:

  • Persistence, Non-persistence and Dom based scanning
  • It can scan target anonymously using TOR
  • Multi-threaded crawling
  • WAF detection & evasion
  • HOC updated payload
  • WAF BYPASS payloads
  • Complete HTTP support
  • Brute force payloads from a file
  • Auto-detect method GET/POST
  • Set cookie

Want to know about XSS vulnerability click here

So lets start..


  • Kali Linux OS > HOC IG

How to install?

Open the Terminal and type the following codes

>git clone https://github.com/hackersonlineclub/HOCXSS_V1.git

>cd HOCXSS_V1/

>sudo python3 hocxss.py

Output results are as follows –

First step is to select Press 1 for scan without TOR or Press 2 for scan with TOR and hit enter

Third step is to enter the target website or URL and hit enter

Here our target is testphp.vulnweb.com

It will ask for payload Y/N. If want to enter own payload press Y or y And give the File location of your payload file or  want to scan with HOC payloads press N or n

Wait for Output

Download HOCXSS Scanner

Join Our Club

Enter your Email address to receive notifications | Join over Million Followers

Leave a Reply
Previous Article
Cyber Security Threat

Types of Cyber Security Threats To College Students

Next Article
Dark Web Monitoring

What Is A “Dark Web Monitor” And Do You Need One?

Related Posts