XSSTRON : Electron JS Browser To Find XSS Vulnerabilities

XSSTRON is a powerful Chromium Browser to find XSS Vulnerabilities automatically while browsing web, it can detect many case scenarios with support for POST requests too.

Installation

Install Node.js and npm (https://www.npmjs.com/get-npm) or (sudo apt install npm)
Download this repo files or (git clone https://github.com/RenwaX23/XSSTRON)
cd XSSTRON
npm install
npm start

Some users using Debian/Ubuntu might not able to run the tool as i think it’s an issue with Electron itself, you can continue using the app in Window/OSX and Linux installed on Windows. Check Known Issues
Usage

Just browse the web like a normal web browser then it will automatically look for XSS vulns in background and show them in a new window with POC.

GET request POC

POST request POC

Known Issues

Some users in certain linux distributions get into some problems try these

Kali/Debian users this fixes installation:

sudo apt install npm
sudo npm install -g electron –unsafe-perm=true –allow-root
cd XSSTRON
sudo npm install
electron . –no-sandbox

  • In (package.json) change it to:

“devDependencies”: {
“electron”: “^10”
},

  • Try to update npm and nodejs to latest version
  • delete node_modules and package-lock.json and reinstall
  • in package.json change the electron devDepencies to (electron11-bin)
  • install electron using (npm install electron) and run the app with electron using (electron .) with each step remember to delete the node_modules and package-lock.json and re install again using (npm install)

Failed to serialize arguments is known issue and might be fixed soon 🙂

R K

Recent Posts

How to Install Docker on Ubuntu (Step-by-Step Guide)

Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…

17 hours ago

Uninstall Docker on Ubuntu

Docker is one of the most widely used containerization platforms. But there may come a…

17 hours ago

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

2 days ago

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

3 days ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

3 days ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

3 days ago