xss0r Plan Comparison

Feature
BASIC PLAN
PRO PLAN
--get
--get
--post
--post
--onlyalerts
--onlyalerts
--reflection
--reflection
--suffix
--suffix
--prefix
--prefix
--fullscan
--fullscan
--crlf
--crlf
7 threads
10 threads
1,500 payloads
2,000 payloads
--filterremoves duplicates, similar URLs, keeps scope clean
--sprayfor detecting stored / deferred XSSet
--save + --resume to continue large scans
Limited basic evasion
More advanced evasions for hardened targets
--recon with options: --custom-domains, --no-brute-force
--inspector discovers hidden endpoints
Feature
PRO PLAN
DIAMOND PLAN
Exclusive Feature
Available in PRO
Availablei n DIAMOND
Explanation
Feature
GOLD PLAN
GOLD PLAN
Advanced evasion
Moreadvanced evasions for all kinds of WAFs, stronger mutation &stealth bypass.
13
15
n/a (unlimited)
n/a (unlimited)
Exclusive Feature
Available in DIAMOND
Availablei n GOLD
Explanation
✅ Custom HTTP headers & User-Agents
✅
--all
combined mode for total coverage ✅ More advanced WAF evasion to defeat sophisticated protections
⚡ Plus maximum concurrency with 15 threads
Feature
GOLD PLAN
BUSINESS PLAN
Exclusive Feature
Available in DIAMOND
Availablei n GOLD
Explanation

Get / Post - Core XSS scanning methods via GET and POST.
Onlyalerts - Shows only triggered alerts in output.
CRLF Injection - Test subdomains for CRLF injection issues.
Recon - Full recon with crawling and enumeration.
Inspector - Deep analysis for hidden and passive endpoints.
Path / Prefix / Suffix - Inject payloads into path with customizable prefix/suffix.
Cookies / Initialize - Use saved sessions for authenticated testing.
Reflection - Find reflections for XSS testing.
Spray (BlindXSS) - BlindXSS payload spraying into headers/forms.
Save / Resume - Save scan and continue later.
Fullscan - Force test of full payload list.
Fuzzer - Fuzz character filters and encoding.
Clickme - Simulated click/keyboard execution of payloads.
Limit - Control requests per minute.
Blindusername - Inject your xss0r.com username into UA for BlindXSS tracking.
Crawler - Crawl internal links and gather test points.
Stealth - Low/Medium/High stealth mode for WAF bypass.
Advanced WAF Bypass - More advanced evasions for all kinds of WAFs, stronger mutation & stealth bypass.
Payloads - Dynamic payload handling.