🕸️ wanzofc-hunter v2.0 - Documentation

wanzofc-hunter is an advanced, modular XSS (Cross-Site Scripting) scanner designed for penetration testing. It features automated WAF evasion, polyglot payloads, and visual defacement capabilities.

wanzofc-hunter adalah pemindai XSS (Cross-Site Scripting) modular tingkat lanjut yang dirancang untuk uji penetrasi. Memiliki fitur bypass WAF otomatis, payload polyglot, dan kemampuan deface visual.

---

🚀 Key Features / Fitur Utama

$3

- EN: Uses a sequential scanning logic with history tracking to prevent duplicate logs. Distinguishes between Reflected and Stored XSS using a "Clean URL Check" mechanism.
- ID: Menggunakan logika scanning sekuensial dengan pelacakan riwayat untuk mencegah log ganda. Membedakan Reflected dan Stored XSS menggunakan mekanisme "Cek URL Bersih".

$3

- EN: Automatically generates variations for every payload to bypass Firewalls.
- Techniques: URL Encode, Double URL Encode, Hex Encoding, HTML Entity, Base64 Wrapper.
- ID: Secara otomatis membuat variasi untuk setiap payload guna menembus Firewall.
- Teknik: URL Encode, Double URL Encode, Hex Encoding, HTML Entity, Base64 Wrapper.

$3

- EN: Uses complex payload strings capable of breaking out of multiple contexts (HTML Body, Attribute, Script Tag) simultaneously.
- ID: Menggunakan string payload kompleks yang mampu keluar dari berbagai konteks (HTML Body, Atribut, Tag Script) secara bersamaan.

$3

- EN: Real-time visual impact payloads to prove vulnerability.
- Effects: CSS Kill (White screen), Rotate Chaos (180° page rotation), Blackout (Dark overlay), Fake Deface (HTML Injection).
- ID: Payload dampak visual nyata untuk membuktikan kerentanan.
- Efek: CSS Kill (Layar putih), Rotate Chaos (Putar halaman 180°), Blackout (Layar hitam), Fake Deface (Injeksi HTML).

$3

- EN: Supports Out-of-Band (OOB) interaction. Injects payloads that call back to your server/webhook to steal cookies or signal execution.
- ID: Mendukung interaksi Out-of-Band (OOB). Menyuntikkan payload yang memanggil server/webhook kamu untuk mencuri cookie atau memberi sinyal eksekusi.

$3

- EN: Targeted payloads for specific entry points.
- File Upload: Double extension bypass (

image.jpgwanzofc-hunter - npm explorer
wanzofc-hunter
v2.0.3
xss security scanner cli
xsssecuritypentestscannerclibugbountyredteamwanzofc
13/weekUpdated 2 weeks agoMITUnpacked: 29.4 KB
Published by wanzofc
npm install wanzofc-hunter
RepositoryHomepagenpm

🕸️ wanzofc-hunter v2.0 - Documentation
wanzofc-hunter is an advanced, modular XSS (Cross-Site Scripting) scanner designed for penetration testing. It features automated WAF evasion, polyglot payloads, and visual defacement capabilities.
wanzofc-hunter adalah pemindai XSS (Cross-Site Scripting) modular tingkat lanjut yang dirancang untuk uji penetrasi. Memiliki fitur bypass WAF otomatis, payload polyglot, dan kemampuan deface visual.
---
🚀 Key Features / Fitur Utama
$3

- EN: Uses a sequential scanning logic with history tracking to prevent duplicate logs. Distinguishes between Reflected and Stored XSS using a "Clean URL Check" mechanism.
- ID: Menggunakan logika scanning sekuensial dengan pelacakan riwayat untuk mencegah log ganda. Membedakan Reflected dan Stored XSS menggunakan mekanisme "Cek URL Bersih".
$3

- EN: Automatically generates variations for every payload to bypass Firewalls.
  - Techniques: URL Encode, Double URL Encode, Hex Encoding, HTML Entity, Base64 Wrapper.
- ID: Secara otomatis membuat variasi untuk setiap payload guna menembus Firewall.
  - Teknik: URL Encode, Double URL Encode, Hex Encoding, HTML Entity, Base64 Wrapper.
$3

- EN: Uses complex payload strings capable of breaking out of multiple contexts (HTML Body, Attribute, Script Tag) simultaneously.
- ID: Menggunakan string payload kompleks yang mampu keluar dari berbagai konteks (HTML Body, Atribut, Tag Script) secara bersamaan.
$3

- EN: Real-time visual impact payloads to prove vulnerability.
  - Effects: CSS Kill (White screen), Rotate Chaos (180° page rotation), Blackout (Dark overlay), Fake Deface (HTML Injection).
- ID: Payload dampak visual nyata untuk membuktikan kerentanan.
  - Efek: CSS Kill (Layar putih), Rotate Chaos (Putar halaman 180°), Blackout (Layar hitam), Fake Deface (Injeksi HTML).
$3

- EN: Supports Out-of-Band (OOB) interaction. Injects payloads that call back to your server/webhook to steal cookies or signal execution.
- ID: Mendukung interaksi Out-of-Band (OOB). Menyuntikkan payload yang memanggil server/webhook kamu untuk mencuri cookie atau memberi sinyal eksekusi.
$3

- EN: Targeted payloads for specific entry points.
  - File Upload: Double extension bypass (image.jpg