Skip to main content

XSStrike-Most advanced XSS scanner.

XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.


Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine. Here are some examples of the payloads generated by XSStrike
}]};(confirm)()//\ <A%0aONMouseOvER%0d=%0d[8].find(confirm)>z </tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z </SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//
Apart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities

Requirements

  • Linux
  • Git package
  • Python package

Feature of Xsstrike Tool

  • Reflected and DOM XSS scanning
  • Multi-threaded crawling
  • Context analysis
  • Configurable core
  • WAF detection & evasion
  • Outdated JS lib scanning
  • Intelligent payload generator
  • Handmade HTML & JavaScript parser
  • Powerful fuzzing engine
  • Blind XSS support
  • Highly researched work-flow
  • Complete HTTP support
  • Bruteforce payloads from a file
  • Payload Encoding
 
Technical specification
Tool Name XSStrick
Author Name S0md3v
Tool size 1.14 mb
Version 3.1.5 Latest
About Most advanced XSS scanner
Language Used Python
Price Free
Tested Platform Linux

How to install and use Xsstrike Tool

Step 1:

First you download xsstrike Tool in your linux machine so type this below command in your terminal.
git clone https://github.com/s0md3v/XSStrike.git

Step 2:

Now open XSStrike folder in your Linux terminal so type this below command in your terminal.
cd XSStrike

Step 3:

Now you give permission to read, write and execute of xsstrike.py python file so type this below command in your terminal.
chmod +x xsstrike.py

Step 4:

Now just type this below command this command will help you to run xsstrike tool in your terminal.
python3 xsstrike.py -u ( your website)

Reflected XSS


 Crawling

Fuzzing


GITHUB

  
Labels:

Comments

Post a Comment

Popular posts from this blog

Sslyze-analyze the SSL configuration of a server by connecting to it

 What is SSLyze? SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. Feature of Sslyze Multi-processed and multi-threaded scanning (it’s fast) SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility Performance testing: session resumption and TLS tickets support Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more Server certificate validation and revocation checking through OCSP stapling Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP and FTP Support for client certificates when scanning servers that perform mutual authentication XML output to further process the scan results How to install sslyze Just you type this below command in your terminal this command's will help you to install sslyze on your computer and termux. Linux sudo apt-get install ssl...
Post a Comment
Read more

xprobe2 - A Remote active operating system fingerprinting tool

What is Xprobe2? xprobe2 - A Remote active operating system fingerprinting tool xprobe2 is an active operating system fingerprinting tool with a different approach to operating system fingerprinting. xprobe2 relies on fuzzy signature matching, probabilistic guesses, multiple matches simultaneously, and a signature database. The operation of xprobe2 is described in a paper titled " xprobe2 - A 'Fuzzy ' Approach to Remote Active Operating System Fingerprinting" Option's How to install Xprobe2 First you need to open your terminal after that you type this below command in your terminal this command will help you to install this xprobe2 package. Linux sudo apt install xprobe Termux pkg install xprobe How to use xprobe Just use this below command or see this below image. sudo xprobe2 ( Domain name ) Example's xprobe2 -v -D 1 -D 2 192.168.1.10 Will launch an OS fingerprinting attempt targeting 192.168.1.10. Modules 1 and 2, which are reachability tests, will be di...
Post a Comment
Read more

Root android phone with one click without computer

 What is framaroot? Framaroot is a free android app which can root almost every device in one click without any need of PC/Computer. Framaroot has its own complex exploits which vary from device to device according to its chipset model and android version. In newer versions of Framaroot, you can unroot your android phone in one click too Feature of Framaroot Root android phone with one click Install SuperSu Unroot or execute Advanced user How to Download and install Framaroot First you download framaroot application on your android phone so click this below download button. Now Install it with a file explorer or directly from your internet browser, if android warn you about security risk, say OK and check Unknown sources to allow install of applications outside of Play Store. How to use Open your Framaroot and select one of the following action: Install SuperSU, Unroot or Execute script (for advanced users) Possible case once application is launched A popup saying "Your device see...
1 comment
Read more