XSSTRON is a powerful Chromium Browser to find XSS Vulnerabilities automatically while browsing web, it can detect many case scenarios with support for POST requests too.
Installation
Install Node.js and npm (https://www.npmjs.com/get-npm) or (sudo apt install npm)
Download this repo files or (git clone https://github.com/RenwaX23/XSSTRON)
cd XSSTRON
npm install
npm start
Some users using Debian/Ubuntu might not able to run the tool as i think it’s an issue with Electron itself, you can continue using the app in Window/OSX and Linux installed on Windows. Check Known Issues
Usage
Just browse the web like a normal web browser then it will automatically look for XSS vulns in background and show them in a new window with POC.
GET request POC
POST request POC
Known Issues
Some users in certain linux distributions get into some problems try these
Kali/Debian users this fixes installation:
sudo apt install npm
sudo npm install -g electron –unsafe-perm=true –allow-root
cd XSSTRON
sudo npm install
electron . –no-sandbox
“devDependencies”: {
“electron”: “^10”
},
Failed to serialize arguments is known issue and might be fixed soon 🙂
MariaDB is an open-source relational database management system. It was created by the original MySQL developers…
Corruption investigations need accuracy, patience, and strong evidence. In 2026, OSINT tools can help researchers,…
Private investigators use OSINT to collect public information, verify identities, review business connections, check public…
Journalists use OSINT to verify public information before publishing. In 2026, misinformation, AI-generated images, fake…
Docker is an open-source platform that lets you package and run applications inside containers. Each container…
PostgreSQL (often called Postgres) is an open-source relational database system. It supports advanced features like JSON…