Our Features


Find more features and details on our announcement blog post.

Chrome Mode

Quickly spawn a sandboxed Google Chrome session to find XSS as you browse. This mode will automatically submit the current page URL and HTML forms back to Wingman for scanning purposes.

Built-in Crawler

Sit back and let Wingman scan a list of URLs using a lightweight and fast crawler, built from the ground up.

Thorough Scans

Leave no stone unturned by scanning every possible injection point, including the URL Query, Path, and HTTP Request Body. Optionally you can configure Wingman to exclude any of these.

Generated Proof-Of-Concepts

Every discovered vulnerability should require some form of proof. Wingman automatically generates a Proof-Of-Concept that you can open in your browser to demonstrate the issue. Also available in JSON format.

Proxy Support

Combine Wingman with popular Man-In-The-Middle software such as Burp Suite, OWASP ZAP, and more.

Dynamic DOM Scanner

Wingman uses advanced taint-sink tracking techniques to discover DOM XSSes. Even in highly obfuscated code.

What Our Customers Say

Here you can find a list of all the people satisfied with our product. Want to appear here as well? Tweet about us!