Wingman- Toolkit for XSS Attacking. Allows you to find PoC on the site, as well as engage in crawl, and can also work in conjunction with Burp Suite. To start, you can use the -u flag if you have one domain or the -l flag list.txt if you have a list of domains, we will prescribe for the start:
In the --exclude flag, we can add a few more variations, such as; dom, path, query, body. If you want to make scanning more active and efficient, then be sure to add 2 flags, these are --crawl and --progress.
Launch a Chrome session by specifying the --chrome flag. Optionally this can be combined with the -u flag to launch a window and immediately navigate to given URL.
wingman -u http://testphp.vulnweb.com --chrome
We can also use wingman together with Burp Suite and its proxy. To do this, open the Burp Suite and go to the Proxy tab, and note HTTP History and we will display all wingman attacks
wingman -crawl -progress -u http://testphp.vulnweb.com/ --exclude dom,path --proxy http://localhost:8080/
