aptkid / XSStrike

Most advanced XSS detection suite.

Home Page:http://xsstrike.tk

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool


XSStrike
XSStrike

Advanced XSS Detection Suite

multi xss

XSStrike WikiUsageFAQFor DevelopersCompatibilityGallery

XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.

Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine. Here are some examples of the payloads generated by XSStrike:

}]};(confirm)()//\
<A%0aONMouseOvER%0d=%0d[8].find(confirm)>z
</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z
</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//

Apart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.

Main Features

  • Reflected and DOM XSS Scanning
  • Multi-threaded crawling
  • Context analysis
  • Configurable Core
  • Highly Researched Work-flow
  • WAF detection & evasion
  • Handmade HTML & JavaScript parser
  • Powerful fuzzing engine
  • Intelligent payload generator
  • Complete HTTP Support
  • Powered by Photon, Zetanize and Arjun

Documentation

FAQ

Gallery

DOM XSS

dom xss

Reflected XSS

multi xss

Crawling

crawling

Fuzzing

fuzzing

Hidden Parameter Discovery

arjun

Interactive HTTP Headers Prompt

headers

Contribution & License

Useful issues and pull requests are appreciated.

Licensed under the GNU GPLv3, see LICENSE for more information.

About

Most advanced XSS detection suite.

http://xsstrike.tk

License:GNU General Public License v3.0


Languages

Language:Python 100.0%