Sleepy Puppy is a delayed cross-site scripting (XSS) payload-management framework recently open sourced by Netflix. It enables you to test vulnerabilities for XSS past the target application when the perpetrator intends to attack a secondary underlying system. With XSS being one of the OWASP Top10, we see this framework assisting with automated security checks for several applications. It simplifies the capturing, managing and tracking of XSS propagation over long periods of time, with customizable payloads. Sleepy puppy also exposes an API that can be integrated with vulnerability tools like ZAP, for automated security checks.