Giters

nycto-hackerone / XSStrike

XSStrike is a program which can crawl, fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs.

Home Page:http://teamultimate.in/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Website Python Version Bugs

XSStrike

XSStrike is a python script designed to detect and exploit XSS vulnerabilites. Visit XSStrike's project site for more info.

A list of features XSStrike has to offer:

  • Fuzzes a parameter and builds a suitable payload
  • Bruteforces paramteres with payloads
  • Has an inbuilt crawler like functionality
  • Can reverse engineer the rules of a WAF/Filter
  • Detects and tries to bypass WAFs
  • Both GET and POST support
  • Most of the payloads are hand crafted
  • Negligible number of false positives
  • Opens the POC in a browser window

Installing XSStrike

Use the following command to download it

git clone https://github.com/UltimateHackers/XSStrike/

After downloading, navigate to XSStrike directory with the following command

cd XSStrike

Now install the required modules with the following command

pip install -r requirements.txt

Now you are good to go! Run XSStrike with the following command

python xsstrike

Using XSStrike

You can enter help in XSStrike's target prompt for basic usages.

You can view XSStrike's complete documentation here.

Are you a Developer?

If you are a developer and want to use XSStrike's code in your project or want to contribute to XSStrike then you should read the developer guide.

Credits

XSStrike uses code from BruteXSS, Intellifuzzer-XSS and XsScan, WAFNinja.

About

XSStrike is a program which can crawl, fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs.

http://teamultimate.in/

License:Other

Languages

Language:Python 100.0%