When I was reading guides on how to find blind XSS I took their advice quite literally and made a tool that would spray payloads at a list of urls or endpoints in request headers.
Add your payloads to the payloads = ['',''] in the script from XSSHunter or your server.
Still testing and will add more stuff later, like a form crawler etc.
python3 bXSSRequest.py -help
python3 bXSSRequest.py file.txt -e -get -user-agent
python3 bXSSRequest.py file.txt -e -post -referer
python3 bXSSRequest.py test.txt -ne -post -cookie
python3 bXSSRequest.py test.txt -e -post -all
-ne : Plaintext request.
-e : URL encoded request.
-get : Get request
-post : Post request
-user-agent : User agent injecton.
-referer : Referer injection.
-cookie : Cookie injection.
-all : Inject all useragent, referer, and cookie.
Why is this not in Go?
Because I'm not the kind of person that follows the trend.