XSStrike – Most Advanced XSS Detection Suite

November 8, 2018

XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.

Instead of injecting payloads and checking it works like all the other tools do, it analyses the response with multiple parsers and then crafts payloads that are guaranteed to work with context analysis integrated with a fuzzing engine. Here are some examples of the payloads generated by it:

}]};(confirm)()//\
<A%0aONMouseOvER%0d=%0d[8].find(confirm)>z
</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z
</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//

Apart from that, it has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.

Also ReadPython-Nubia : A Command-Line & Interactive Shell Framework

XSStrike – Most Advanced XSS Detection Suite

XSStrike Gallery

DOM XSS

Reflected XSS

Crawling

Hidden Parameter Discovery

Interactive HTTP Headers Prompt

Complete Free Website Security Check

Recent Posts

Kali Linux 2024.1 Released – What’s New!

Cracking the Code: How to Optimize Your Videos for SEO Success

ShadowSpray : Tool To Spray Shadow Credentials

Lfi-Space : Lfi Scan Tool

TLDHunt : Domain Availability Checker