XSSTRON : Electron JS Browser To Find XSS Vulnerabilities

XSSTRON is a powerful Chromium Browser to find XSS Vulnerabilities automatically while browsing web, it can detect many case scenarios with support for POST requests too.

Installation

Install Node.js and npm (https://www.npmjs.com/get-npm) or (sudo apt install npm)
Download this repo files or (git clone https://github.com/RenwaX23/XSSTRON)
cd XSSTRON
npm install
npm start

Some users using Debian/Ubuntu might not able to run the tool as i think it’s an issue with Electron itself, you can continue using the app in Window/OSX and Linux installed on Windows. Check Known Issues
Usage

Just browse the web like a normal web browser then it will automatically look for XSS vulns in background and show them in a new window with POC.

GET request POC

POST request POC

Known Issues

Some users in certain linux distributions get into some problems try these

Kali/Debian users this fixes installation:

sudo apt install npm
sudo npm install -g electron –unsafe-perm=true –allow-root
cd XSSTRON
sudo npm install
electron . –no-sandbox

  • In (package.json) change it to:

“devDependencies”: {
“electron”: “^10”
},

  • Try to update npm and nodejs to latest version
  • delete node_modules and package-lock.json and reinstall
  • in package.json change the electron devDepencies to (electron11-bin)
  • install electron using (npm install electron) and run the app with electron using (electron .) with each step remember to delete the node_modules and package-lock.json and re install again using (npm install)

Failed to serialize arguments is known issue and might be fixed soon 🙂