diff --git a/README.md b/README.md index a37f65c..61b080f 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,9 @@

### Why XSStrike? -Every XSS scanner out there has a list of payloads, they inject the payloads and if the payload is reflected into the webpage, it is declared vulnerable but that's just stupid. XSStrike on the other hand analyses the response with multiple parsers and then crafts payloads that are guaranteed to work. +XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. + +Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work with context analysis integrated with a fuzzing engine. Here are some examples of the payloads generated by XSStrike: ``` }]};(confirm)()//\ @@ -38,7 +40,7 @@ Here are some examples of the payloads generated by XSStrike: z
**Note:** This is a beta release and hence prone to bugs. If you find a bug please create an issue. + +### Documentation +- [Usage](https://github.com/s0md3v/XSStrike/wiki/Usage) +- [Compatibilty & Dependencies](https://github.com/s0md3v/XSStrike/wiki/Compatibility-&-Dependencies) + ### Gallery #### DOM XSS ![dom xss](https://image.ibb.co/d1rpvq/Screenshot-2018-10-27-10-59-43.png) @@ -65,9 +73,8 @@ Apart from that, XSStrike has crawling, fuzzing, WAF detection capabilities as w #### Interactive HTTP Headers Prompt ![headers](https://image.ibb.co/jw5NgV/Screenshot-2018-10-27-18-45-32.png) - ### Contribution & License -XSStrike v.30 is in beta phase and has been released for public testing.
+XSStrike v3.0 is in beta phase at present and has been released for public testing.
Useful issues and pull requests are appreciated. I haven't decided a license yet.