[linux] XSStrike (Raw)

1. [linux]
2. XSStrike - A program which can crawl, fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs.
3.  
4. XSStrike
5. XSStrike is a python script designed to detect and exploit XSS vulnerabilites. Visit XSStrike's project site for more info.
6.  
7. A list of features XSStrike has to offer:
8. * Fuzzes a parameter and builds a suitable payload
9. * Bruteforces paramteres with payloads
10. * Has an inbuilt crawler like functionality
11. * Can reverse engineer the rules of a WAF/Filter
12. * Detects and tries to bypass WAFs
13. * Both GET and POST support
14. * Most of the payloads are hand crafted
15. * Negligible number of false positives
16. * Opens the POC in a browser window
17.  
18. Installing XSStrike
19. Use the following command to download it: git clone https://github.com/UltimateHackers/XSStrike/
20. After downloading, navigate to XSStrike directory with the following command: cd XSStrike
21. Now install the required modules with the following command: pip install -r requirements.txt
22. Now you are good to go! Run XSStrike with the following command: python xsstrike
23.  
24. Using XSStrike
25. You can enter help in XSStrike's target prompt for basic usages. You can view XSStrike's complete documentation here.
26.  
27. Are you a Developer?
28. If you are a developer and want to use XSStrike's code in your project or want to contribute to XSStrike then you should read the developer guide.
29.  
30. Credits
31. XSStrike uses code from BruteXSS, Intellifuzzer-XSS and XsScan, WAFNinja.