Web crawlers or spiders have been a mainstay in the testing toolkit of security folks for many years. They’re great for mapping out websites and understanding what you’ll be testing. There’s one disadvantage to spiders though, they only show you what you have access to… what if some of those resources are user specific, or are behind resources you can’t see or reach? In this talk, Ryan Boutot will be introducing a new open source tool for security researchers called XSSpider. XSSpider is a unique spidering tool which is meant to run within an XSS payload and execute spidering from the user’s browser, saving everything it finds for later review. You will simply not want to miss the debut of this new awesome tool.