FEATURES :
Reflected and DOM XSS scanning
Multi-threaded crawling
Context analysis
Configurable core
WAF detection & evasion
Outdated JS lib scanning
Intelligent payload generator
Handmade HTML & JavaScript parser
Powerful fuzzing engine
Blind XSS support
Highly researched work-flow
Complete HTTP support
Bruteforce payloads from a file
Powered by Photon, Zetanize and Arjun
Payload Encoding
π¦Os :
> debians (kali-parrot-ubuntu...)
πΈπ½π
π
π°π»π»πΈπ
π°π
πΈπΎπ½ & π
π
π½ :
1️⃣git clone https://github.com/s0md3v/XSStrike
2️⃣cd XSStrike
2️⃣python xsstrike.py [-h] [-u TARGET] [--data DATA] [-t THREADS] [--seeds SEEDS] [--json] [--path]
[--fuzzer] [--update] [--timeout] [--params] [--crawl] [--blind]
[--skip-dom] [--headers] [--proxy] [-d DELAY] [-e ENCODING]
MORE USAGES :
4️⃣Scan a single URL
Option: -u or --url
5️⃣Test a single webpage which uses GET method.
python xsstrike.py -u "http://example.com/search.php?q=query"
6️⃣Supplying POST data
python xsstrike.py -u "http://example.com/search.php" --data "q=query"
7️⃣Testing URL path components
Option: --path
8️⃣Want to inject payloads in the URL path like http://example.com/search/<payload>, you can do that with --path switch.
python xsstrike.py -u "http://example.com/search/form/query" --path
9️⃣Treat POST data as JSON
Option: --json
This switch can be used to test JSON data via POST method.
python xsstrike.py -u "http://example.com/search.php" --data '{"q":"query"} --json'
πCrawling
Option: --crawl
For more type -h
✅
Enjoy! Follow us for more...
No comments:
Post a Comment