XSStrike is a python script designed to detect and exploit XSS vulnerabilites. Visit this tool’s project site for more info.
Features of xsstrike:-
- Fuzzes a parameter and builds a suitable payload
- Bruteforces paramteres with payloads
- Has an inbuilt crawler like functionality
- Can reverse engineer the rules of a WAF/Filter
- Detects and tries to bypass WAFs
- Both GET and POST support
- Most of the payloads are hand crafted
- Negligible number of false positives
- Opens the POC in a browser window
Use the following command to download it
git clone https://github.com/UltimateHackers/XSStrike/
After downloading, navigate to this tool directory with the following command
Now install the required modules with the following command
pip install -r requirements.txt
Now you are good to go! Run this tool with the following command
Using this tool
You can enter help in this tool target prompt for basic usages.
You can view this tool complete documentation here.
Are you a Developer?
If you are a developer and want to use this tool’s code in your project or want to contribute in this tool then you should read the developer guide.