HOCXSS Automatic Cross Site Scripting XSS Vulnerability Scanner


Today, we are presenting our own Intelligence HOCXSS Automatic (Cross Site Scripting) vulnerability scanner along with the complete demonstration tutorial.

Please check the POC Video at the end of the article.

HOCXSS is an easy way for the penetration tester and bug bounty hunters to test Cross site scripting. It has featured with crawling, detection parameter discovery, WAF detection capabilities as well.

Note: This XSS scanner wouldn’t require you to install any Library. It automatically detects, installs, and run the required files for you.

It’s main features are

  • Persistence, Non-persistence and Dom based scanning
  • It can scan target anonymously using TOR
  • Multi-threaded crawling
  • WAF detection & evasion
  • HOC updated payload
  • WAF BYPASS payloads
  • Complete HTTP support
  • Brute force payloads from a file
  • Auto-detect method GET/POST
  • Set cookie

Want to know about XSS vulnerability click here

So lets start..


  • Kali Linux OS > HOC IG

How to install?

Open the Terminal and type the following codes

>git clone https://github.com/hackersonlineclub/HOCXSS_V1.git

>cd HOCXSS_V1/

>sudo python3 hocxss.py


Output results are as follows –

First step is to select Press 1 for scan without TOR or Press 2 for scan with TOR and hit enter

Second step is to select Press 1 for Quick scan it will scan only given URL or Press 2 for Intensive scan it will scan all the link in a page (using crawl) and hit enter


Third step is to enter the target website or URL and hit enter

Here our target is testphp.vulnweb.com

It will ask for payload Y/N. If want to enter own payload press Y or y And give the File location of your payload file or  want to scan with HOC payloads press N or n

It will ask for Cookie Y/N. If want to enter own Cookie press Y or y then enter cookie like
Example:- {“ID”:”989856547”}
N or n for attack without cookie and hit enter

Wait for Output


Watch POC

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

More from Kaushal Jangid

Top 10 Digital Forensics Software Experts Use

Forensics is becoming very important in today’s digital age where many crimes...
Read More

Leave a Reply