Not possible to combine parameters --params, --blind, --crawl

[edgarolijar]

It seems that it is not possible to combine parameters --params, --blind and --crawl. I'm running an application on localhost and would like to test it for possible XSS vulnerabilites by using blackbox approach. I have lots of forms. So i would like to crawl the website, extract all the URLs, extract all HTTP GET and POST parameters and test them all. It seems that it is not possible to do that now.

--params, to extract parameters from forms (HTTP POST). Not sure if it keeps track in which form it found a parameter (there might be multiple forms on same page).

--blind, because it should test blindely. lol.

--crawl -l 5, because it should crawl the website and check for possible links (with HTTP GET parameters)

I would like to do something like that:

./xsstrike.py -u http://localhost/home --header "Cookie: SESSION_COOKIE=123" --params --blind --crawl -l 10

So as I said it would be pretty awesome if it could scan the website (--crawl) & test (--blind) all possible forms (--params) & links and then just report potential vulnerabilities. Currently I need to run --crawl, collect all URLs, clean them, put them into file, then rerun again and provide that file to xsstrike...

Thanks in advance :)