s0md3v/XSStrike
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
184 Commits 1 Branch 0 Tags
fe42654c79ab24b8903eefc34762c3c1dc861daf
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Somdev Sangwan fe42654c79 Create __init__.py
2018-10-27 19:00:56 +05:30
core
Create __init__.py
2018-10-27 19:00:56 +05:30
README.md
initial info
2018-10-27 18:59:47 +05:30
xsstrike.py
Add files via upload
2018-10-27 18:57:32 +05:30

README.md


XSStrike
XSStrike

Advanced XSS Detection Suite

Why XSStrike?

Every XSS scanner out there has a list of payloads, it injectes the payloads and if the payload is reflected into the webpage, it is declared vulnerable but that's just stupid. XSStrike on the other hand analyses the response with multiple parsers and then crafts payloads that are guaranteed to work. Here are some examples of the payloads generated by XSStrike:

}]};(confirm)()//\
<A%0aONMouseOvER%0d=%0d[8].find(confirm)>z
</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z
</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//

Apart from that, XSStrike has crawling, fuzzing, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.

Main Features

  • Reflected and DOM XSS Scanning
  • Multithreaded crawling
  • Context analysis
  • Configurable Core
  • WAF detection & evasion
  • Handmade HTML & JavaScript parser
  • Powerful fuzzing engine
  • Intelligent payload generator
  • Complete HTTP Support
  • Powered by Photon, Zetanize and Arjun

Screenshots

DOM XSS

dom xss

Reflected XSS

multi xss

Crawling

crawling

Hidden Parameter Discovery

arjun

Interactive HTTP Headers Prompt

headers

Description
No description provided
Readme 638 KiB
Languages
Python 98.8%
HTML 1.2%