Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [linux]
- XSStrike - A program which can crawl, fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs.
- XSStrike
- XSStrike is a python script designed to detect and exploit XSS vulnerabilites. Visit XSStrike's project site for more info.
- A list of features XSStrike has to offer:
- * Fuzzes a parameter and builds a suitable payload
- * Bruteforces paramteres with payloads
- * Has an inbuilt crawler like functionality
- * Can reverse engineer the rules of a WAF/Filter
- * Detects and tries to bypass WAFs
- * Both GET and POST support
- * Most of the payloads are hand crafted
- * Negligible number of false positives
- * Opens the POC in a browser window
- Installing XSStrike
- Use the following command to download it: git clone https://github.com/UltimateHackers/XSStrike/
- After downloading, navigate to XSStrike directory with the following command: cd XSStrike
- Now install the required modules with the following command: pip install -r requirements.txt
- Now you are good to go! Run XSStrike with the following command: python xsstrike
- Using XSStrike
- You can enter help in XSStrike's target prompt for basic usages. You can view XSStrike's complete documentation here.
- Are you a Developer?
- If you are a developer and want to use XSStrike's code in your project or want to contribute to XSStrike then you should read the developer guide.
- Credits
- XSStrike uses code from BruteXSS, Intellifuzzer-XSS and XsScan, WAFNinja.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement