⚡ XSS Hunter

Profile

Full name Email New password (leave blank to keep current) PGP public key (optional) Save

Probe settings

Chainload URI (eval'd after fire) Page collection paths (one per line) Save

Notifications

Send test notification

Invite tokens

Generate single-use tokens to invite other users (when self-registration is off).

Generate invite token

Chainload modules

Stage-2 JS modules delivered to a fire via /chain/<injection_id>. Modules are filtered by URL and CSP patterns at delivery time — only matching enabled modules run.

---

+ New module

Name Description URL pattern (substring match; empty = always) CSP pattern (substring match on meta CSP; empty = always) JS code

Save module Cancel

API tokens

Long-lived bearer tokens for the xsshunter CLI and any programmatic client. Send as Authorization: Bearer <token>. The plaintext is shown once at creation — copy it now.

Name (e.g. "laptop", "ci") Generate API token