Skip to content

theoffsecgirl/webxray

BranchesTags

Repository files navigation

webxray

Offensive web scanner: crawling, XSS, SQLi, headers and WAF bypass.

🇪🇸 Versión en español

What does it do?

Offensive web scanner written in Python that combines crawling, XSS detection, SQL injection, security header analysis and WAF detection.

Features

  • Application crawling
  • Reflected XSS detection (GET and forms)
  • SQLi detection via GET and POST forms
  • Security header analysis
  • WAF detection and bypass (--waf-xss)
  • JSON / JSONL output

Installation

git clone https://github.com/theoffsecgirl/webxray.git
cd webxray
pip install -e .

Usage

webxray -u https://example.com

Pipeline

webxray -u https://target.com --format jsonl --stdout | bbcopilot ingest webxray -

Notes

  • Findings are candidates, not confirmed vulnerabilities
  • Designed for bug bounty recon and pipeline integration

License

MIT

About

Offensive web scanner: crawling, XSS, SQLi, headers and WAF bypass

theoffsecgirl.com

Topics

python crawler xss sqli bug-bounty web-security pentesting recon bugbounty offensive-security security-tools waf-detection waf-bypass python-tool bug-bounty-tools

Resources

Readme

License

MIT license

Contributing

Contributing

Security policy

Security policy
Activity

Stars

13 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v1.1.0 Latest
Apr 15, 2026

Packages

 
 
 

Contributors

Languages