ENNAENNA

XSStrike

GPL-3.0

Vulnerability Scanning · Python

XSStrike is an advanced cross-site scripting (XSS) detection suite that includes a powerful fuzzing engine, context analysis, and WAF detection/bypass capabilities. It automates the process of identifying XSS vulnerabilities by analyzing various contexts and injection points. Written in Python, XSStrike is a go-to tool for security testers looking to identify and exploit XSS vulnerabilities in web applications.

14.9kstars
2.1kforks
90issues
Updated 1y ago
+I use this
View on GitHub

Installation

$ pip install xsstrike

Tags

xsswaf-bypassfuzzingcontext-analysiswaf-detectionxss-bruteforcexss-detectionxss-exploitxss-pythonxss-scannerxsstrike

Details

Category
Vulnerability Scanning
Language
Python
Repository
s0md3v/XSStrike
License
GPL-3.0
Platforms
🐧linux🍎macos🪟windows

Links

GitHub Repository

github.com/s0md3v/XSStrike

Releases

github.com/s0md3v/XSStrike/releases

Issues

github.com/s0md3v/XSStrike/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Used in 1 Workflow

🕸

Web Application Penetration Test

Intermediate · 6 steps · 1-5 days

Community Reviews

Alternatives & Comparisons

CRLFuzz

Go

CRLF injection scanner. Fast detection of HTTP response splitting vulnerabilities across multiple URLs.

Compare XSStrike vs CRLFuzz

More in Vulnerability Scanning

Nuclei

Go

Fast vulnerability scanner driven by YAML templates. Thousands of community-contributed detection templates.

template-basedcvemisconfig

sqlmap

Python

Automatic SQL injection and database takeover tool. Detects and exploits SQL injection flaws.

sql-injectiondatabaseautomated

WPScan

Ruby

WordPress security scanner. Enumerates plugins, themes, users, and checks for known vulnerabilities.

wordpressplugin-enumcve

OpenVAS

C

Full-featured vulnerability scanner. 50,000+ NVTs, credentialed scanning, compliance checks.

enterprisenvtcompliance

Commix

Python

Automated OS command injection exploitation tool. Tests web apps for command injection vulnerabilities.

command-injectionautomatedweb-app

testssl.sh

Shell

Command-line tool for checking TLS/SSL ciphers, protocols, and cryptographic flaws on any port.

tlssslcipher-check