node package manager


Cross-site Tracing vulnerability assessment tool.

nTrace 0.0.5

nTrace is a command-line security tool to detect Cross-Site Tracing (XST) vulnerabilities, written in node. An XST attack is typically used in conjunction with an XSS attack, making it additionally devestating.


Updated the TRACE request to also include a custom header. nTrace will then look for that same header in the response to determine whether or not the site is truly vulnerable to XST attacks.

npm install -g ntrace


git clone git://
./ntrace.js --url=<> --https=<yes or no>
./ntrace.js https=yes
VULNERABLE: Site responded with our custom header meaning it is susceptible to XST attacks
SAFE: This site does not appear to be susceptible to XST
There was a problem with the request, which might mean TRACE is not supported.
To be safe, try the request again and change the --https flag
(error message will be appended, typically socket hangup).