Skip to content

XSStrike

Advanced XSS detection suite

PythonGitHub

Description

XSStrike is a Cross Site Scripting detection suite equipped with four hand-written parsers, an intelligent payload generator, a powerful fuzzing engine, and an incredibly fast crawler.

Installation

BASH 
git clone https://github.com/s0md3v/XSStrike.git
cd XSStrike
pip install -r requirements.txt

Basic Usage

BASH 
# Basic scan
python xsstrike.py -u "https://target.com/?q=test"

# POST data
python xsstrike.py -u "https://target.com" --data "param=value"

Advanced Usage

BASH 
# Crawl and scan
python xsstrike.py -u "https://target.com" --crawl

# Skip DOM checking
python xsstrike.py -u "https://target.com/?q=test" --skip-dom

# With headers
python xsstrike.py -u "https://target.com/?q=test" --headers "Cookie: x=y"

# Fuzzing mode
python xsstrike.py -u "https://target.com/?q=test" --fuzzer

# Blind XSS
python xsstrike.py -u "https://target.com/?q=test" --blind
Back to Exploitation