XSStrike-Most advanced XSS scanner.

XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.

Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine. Here are some examples of the payloads generated by XSStrike

}]};(confirm)()// <A%0aONMouseOvER%0d=%0d[8].find(confirm)>z </tiTlE/><a%0donpOintErentER%0d=%0d(prompt)“>z </SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//

Apart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities

Requirements

  • Linux
  • Git package
  • Python package

Feature of Xsstrike Tool

  • Reflected and DOM XSS scanning
  • Multi-threaded crawling
  • Context analysis
  • Configurable core
  • WAF detection & evasion
  • Outdated JS lib scanning
  • Intelligent payload generator
  • Handmade HTML & JavaScript parser
  • Powerful fuzzing engine
  • Blind XSS support
  • Highly researched work-flow
  • Complete HTTP support
  • Bruteforce payloads from a file
  • Payload Encoding

 

Technical specification
Tool Name XSStrick
Author Name S0md3v
Tool size 1.14 mb
Version 3.1.5 Latest
About Most advanced XSS scanner
Language Used Python
Price Free
Tested Platform Linux

How to install and use Xsstrike Tool

Step 1:

First you download xsstrike Tool in your linux machine so type this below command in your terminal.

git clone https://github.com/s0md3v/XSStrike.git

Step 2:

Now open XSStrike folder in your Linux terminal so type this below command in your terminal.

cd XSStrike

Step 3:

Now you give permission to read, write and execute of xsstrike.py python file so type this below command in your terminal.

chmod +x xsstrike.py

Step 4:

Now just type this below command this command will help you to run xsstrike tool in your terminal.

python3 xsstrike.py -u ( your website)

Reflected XSS

 Crawling

Fuzzing

GITHUB

  

2 thoughts on “XSStrike-Most advanced XSS scanner.

Leave a Reply

Your email address will not be published. Required fields are marked *