Search the Community

Massive improvements in several aspects Introduction XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. XSStrike - The Most Advanced XSS Detection Suite The Most Advanced XSS Detection Suite: XSStrike Instead of injecting payloads like other tools, XSStrike uses multiple handmade parsers to analyse the web application’s response. After analyse, it crafts payloads that are guaranteed to work with context analysis integrated with a fuzzing engine. It can also crawl, fingerprint and fuzz WAFss. In addition, it can scan for DOM XSS vulnerabilities. XSStrike is fully compatible with Python 3.4+. Features: Reflected and DOM XSS Scanning Multi-threaded crawling Context analysis Configurable Core Highly Researched Work-flow WAF detection & evasion, WAF Fingerprinting Handmade HTML & JavaScript parser Powerful fuzzing engine Intelligent payload generator Complete HTTP Support Powered by Photon, Zetanize and Arjun Well documented code and regular updates [HIDE][Hidden Content]]

Introduction XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. XSStrike - The Most Advanced XSS Detection Suite The Most Advanced XSS Detection Suite: XSStrike Instead of injecting payloads like other tools, XSStrike uses multiple handmade parsers to analyse the web application’s response. After analyse, it crafts payloads that are guaranteed to work with context analysis integrated with a fuzzing engine. It can also crawl, fingerprint and fuzz WAFss. In addition, it can scan for DOM XSS vulnerabilities. XSStrike is fully compatible with Python 3.4+. Features: Reflected and DOM XSS Scanning Multi-threaded crawling Context analysis Configurable Core Highly Researched Work-flow WAF detection & evasion, WAF Fingerprinting Handmade HTML & JavaScript parser Powerful fuzzing engine Intelligent payload generator Complete HTTP Support Powered by Photon, Zetanize and Arjun Well documented code and regular updates Supported OSs: Linux (Arch, Debian, Ubnutu), Termux, Windows (7 & 10), MacOSX. Negligible DOM XSS false positives x10 Faster crawling by Removing additional request for detecting DOM XSS Skipping testing of a parameter multiple times [HIDE][Hidden Content]]