XSStrike - Advanced XSS Detection Suite

[Clumsy]

​

XSStrike​

​

XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.


Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine.Here are some examples of the payloads generated by XSStrike:


Apart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.

​

Main Features​

​

• Reflected and DOM XSS scanning​
• Multi-threaded crawling​
• Context analysis​
• Configurable core​
• WAF detection & evasion​
• Outdated JS lib scanning​
• Intelligent payload generator​
• Handmade HTML & JavaScript parser​
• Powerful fuzzing engine​
• Blind XSS support​
• Highly researched work-flow​
• Complete HTTP support​
• Bruteforce payloads from a file​
• Powered by Photon, Zetanize and Arjun​
• Payload Encoding​

Download​

To view the content, you need to Sign In or Register.

Gameplay Screenshots​

DOM XSS​

​

Reflected XSS​

​

​

Crawling​

​

​

Fuzzing​

​

​

Bruteforcing payloads from a file​

​

​

Interactive HTTP Headers Prompt​

​

​

Hidden Parameter Discovery​

XSS Strike Guide
​

 

[hacxx]

Looks good, while reading the thread is quite easy to create one. It only takes a lot of time.

Thanks

 

[cfox]

Looks good, while reading the thread is quite easy to create one. It only takes a lot of time.

Thanks

Why don't you just improve it, and make your own version then?

 

[hacxx]

Is my learning curve. I was thinking something along, write in php with html tag verification.

 

[poutchi]

j'éspere il marche

 

[hacxx]

Thanks, your reply comes very late.