s0md3v/XSStrike
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Somdev Sangwan
2018-10-27 19:08:11 +05:30
committed by GitHub
parent c265cd743a
commit a2f2602d7a
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@@ -20,6 +20,15 @@
</a> </a>
</p> </p>
![multi xss](https://image.ibb.co/gR1ToA/Screenshot-2018-10-27-11-18-43.png)
<p align="center">
<a href="https://github.com/s0md3v/XSStrike/wiki">XSStrike Wiki</a>
<a href="https://github.com/s0md3v/XSStrike/wiki/Usage">How To Use</a>
<a href="https://github.com/s0md3v/XSStrike/wiki/Compatibility-&-Dependencies">Compatibility</a>
<a href="https://github.com/s0md3v/XSStrike#gallery">Gallery</a>
</p>
### Why XSStrike? ### Why XSStrike?
Every XSS scanner out there has a list of payloads, it injectes the payloads and if the payload is reflected into the webpage, it is declared vulnerable but that's just stupid. XSStrike on the other hand analyses the response with multiple parsers and then crafts payloads that are guaranteed to work. Every XSS scanner out there has a list of payloads, it injectes the payloads and if the payload is reflected into the webpage, it is declared vulnerable but that's just stupid. XSStrike on the other hand analyses the response with multiple parsers and then crafts payloads that are guaranteed to work.
Here are some examples of the payloads generated by XSStrike: Here are some examples of the payloads generated by XSStrike:
@@ -36,6 +45,7 @@ Apart from that, XSStrike has crawling, fuzzing, WAF detection capabilities as w
- Multithreaded crawling - Multithreaded crawling
- Context analysis - Context analysis
- Configurable Core - Configurable Core
- Highly Researched Workflow
- WAF detection & evasion - WAF detection & evasion
- Handmade HTML & JavaScript parser - Handmade HTML & JavaScript parser
- Powerful fuzzing engine - Powerful fuzzing engine
@@ -43,7 +53,7 @@ Apart from that, XSStrike has crawling, fuzzing, WAF detection capabilities as w
- Complete HTTP Support - Complete HTTP Support
- Powered by [Photon](https://github.com/s0md3v/Photon), [Zetanize](https://github.com/s0md3v/zetanize) and [Arjun](https://github.com/s0md3v/Arjun) - Powered by [Photon](https://github.com/s0md3v/Photon), [Zetanize](https://github.com/s0md3v/zetanize) and [Arjun](https://github.com/s0md3v/Arjun)
### Screenshots ### Gallery
#### DOM XSS #### DOM XSS
![dom xss](https://image.ibb.co/d1rpvq/Screenshot-2018-10-27-10-59-43.png) ![dom xss](https://image.ibb.co/d1rpvq/Screenshot-2018-10-27-10-59-43.png)
#### Reflected XSS #### Reflected XSS