RaspberryPi-powered web application bug hunter
- spider for urls containing parameters (parse out dupe params)
- dump full urls to a text file
- append urls with xss payloads
- test urls (ZAP/looking for 200s)
- dump HTTP 200s to a text file
- manually inspect urls for xss (response time, response body size)
https://www.youtube.com/watch?v=3vVnMh6AUkk 33:00 in the video for Spider via API