s0md3v/XSStrike
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Somdev Sangwan
2018-10-30 10:06:43 +05:30
committed by GitHub
parent 1f39a2e96e
commit efdb2b52fa
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@@ -30,7 +30,9 @@
</p>
### Why XSStrike?
Every XSS scanner out there has a list of payloads, they inject the payloads and if the payload is reflected into the webpage, it is declared vulnerable but that's just stupid. XSStrike on the other hand analyses the response with multiple parsers and then crafts payloads that are guaranteed to work.
XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.
Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work with context analysis integrated with a fuzzing engine.
Here are some examples of the payloads generated by XSStrike:
```
}]};(confirm)()//\
@@ -38,7 +40,7 @@ Here are some examples of the payloads generated by XSStrike:
</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z
</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//
```
Apart from that, XSStrike has crawling, fuzzing, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.
Apart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.
### Main Features
- Reflected and DOM XSS Scanning
@@ -53,6 +55,12 @@ Apart from that, XSStrike has crawling, fuzzing, WAF detection capabilities as w
- Complete HTTP Support
- Powered by [Photon](https://github.com/s0md3v/Photon), [Zetanize](https://github.com/s0md3v/zetanize) and [Arjun](https://github.com/s0md3v/Arjun)
> **Note:** This is a beta release and hence prone to bugs. If you find a bug please create an issue.
### Documentation
- [Usage](https://github.com/s0md3v/XSStrike/wiki/Usage)
- [Compatibilty & Dependencies](https://github.com/s0md3v/XSStrike/wiki/Compatibility-&-Dependencies)
### Gallery
#### DOM XSS
![dom xss](https://image.ibb.co/d1rpvq/Screenshot-2018-10-27-10-59-43.png)
@@ -65,9 +73,8 @@ Apart from that, XSStrike has crawling, fuzzing, WAF detection capabilities as w
#### Interactive HTTP Headers Prompt
![headers](https://image.ibb.co/jw5NgV/Screenshot-2018-10-27-18-45-32.png)
### Contribution & License
XSStrike v.30 is in beta phase and has been released for public testing.<br>
XSStrike v3.0 is in beta phase at present and has been released for public testing.<br>
Useful issues and pull requests are appreciated.
I haven't decided a license yet.