Vulnerability scanner

XSStrike – Vulnerabilities Scanner And Exploiter

Written by Mubassir patel

Website Python Version Bugs

XSStrike is a python script designed to detect and exploit XSS vulnerabilites. Visit this tool’s project site for more info.

Features of xsstrike:-

  •  Fuzzes a parameter and builds a suitable payload
  •  Bruteforces paramteres with payloads
  •  Has an inbuilt crawler like functionality
  •  Can reverse engineer the rules of a WAF/Filter
  •  Detects and tries to bypass WAFs
  •  Both GET and POST support
  •  Most of the payloads are hand crafted
  •  Negligible number of false positives
  •  Opens the POC in a browser window


Use the following command to download it

git clone

After downloading, navigate to this tool directory with the following command

cd XSStrike

Now install the required modules with the following command

pip install -r requirements.txt

Now you are good to go! Run this tool with the following command

python xsstrike

Using this tool

You can enter  help in this tool target prompt for basic usages.

You can view this tool complete documentation here.

Are you a Developer?

If you are a developer and want to use this tool’s code in your project or want to contribute in this tool then you should read the developer guide.


This tool  uses code from BruteXSSIntellifuzzer-XSS and XsScanWAFNinja.

About the author

Mubassir patel

Mubassir is a founder and developer of this site. He is a computer science engineer. He has a very deep interest in ethical hacking, penetration testing, website development and including all technology topic.

Leave a Comment