XSSRecon is a tool aimed at security researchers and penetration testers for identifying reflected Cross-Site Scripting (XSS) vulnerabilities in web applications. It automates testing of URL parameters to check if a payload is reflected in the response. The tool assesses how special characters are treated—whether they are allowed, blocked, or converted—using two detection methods: checking the HTTP response body and analyzing the rendered Document Object Model (DOM) through headless Chrome. Key features include a dual detection method, which ensures thorough vulnerability assessment. The tool can process multiple URLs in parallel, with a default setting of 50 concurrent workers. For DOM checking, it employs ChromeDP, limiting the number of concurrent browser instances to 5 by default. Users can customize special character tests and set various timeouts for HTTP requests and ChromeDP rendering. Output can be generated in JSON format, and users can opt for silent or verbose modes based on their needs. Installation requires Go and the `pvreplace` tool for parameter injection, with straightforward commands for downloading and setting up XSSRecon. The tool’s flexibility allows users to skip special character checks if only reflected input needs to be verified. With its combination of automation and configurability, XSSRecon streamlines the process of detecting XSS vulnerabilities, making it a valuable resource for those in the security field.