Live pen-test probes module

Live Xss

Live reflected-XSS probe — reflection detection on discovered endpoints.

One of 119 modules in the GateTest scan suite. Catches the issue before it reaches code review, and on paid tiers opens a pull request with the fix already written.

Example finding from the liveXss module

Payload reflected unencoded in /search results page

Why we catch it

Active probes against your running site. Pen Test tier only — requires explicit written authorization for the target.

The Live Xss module sits in this category alongside 4 related modules. Together they form one of the layers of a GateTest scan — checks fire in parallel, findings cluster by root cause, and on paid tiers the AI auto-fix loop reads each finding, writes the fix, validates against the scanner, and opens a PR.

How GateTest covers live xss

  • Runs in every scan. Included on the Full ($99), Scan + Fix ($199), and Forensic Scan ($399) tiers. No additional configuration.
  • Free CLI. npm i -g gatetest && gatetest --module liveXss against any local repo. No paywall on the scanning itself.
  • AI auto-fix PR. Scan + Fix tier opens a pull request with the fix, a regression test, and a pair-review by a second Claude. Forensic Scan tier adds per-finding diagnosis and cross-finding attack-chain correlation.
  • Honest confidence rating. Findings come with high / medium / low confidence so noisy patterns don't block the gate. The confidence-calibrator trainer reads customer suppressions and tightens rules over time.

Scan your repo for live xss

Free preview of the headline findings. Pay per scan — no subscription.

Frequently asked questions

What does the Live Xss module catch?

Live reflected-XSS probe — reflection detection on discovered endpoints. Example finding: Payload reflected unencoded in /search results page

Does GateTest fix Live Xss issues automatically?

Yes — on the Scan + Fix tier ($199) and Forensic Scan tier ($399), Claude reads the finding, writes the fix, validates against the scanner, writes a regression test, and opens a pull request for your review.

Which tiers include the Live Xss module?

The Full tier ($99), Scan + Fix tier ($199), and Forensic Scan tier ($399) include all 119 modules including Live Xss. The Quick tier ($29) only includes 4 essential modules.

Can I run the Live Xss module from the CLI for free?

Yes — install with `npm i -g gatetest` and run `gatetest --module liveXss` against any local repository. Paid tiers add AI auto-fix and the cross-finding correlation work.

Related modules in Live pen-test probes

Comparing GateTest to another tool?