XSStrike literally makes XSS detection very simple!
It is very handy tool one can use.
תוכן
XSStrike is a cross-site scripting tool.
It is provided with four handwritten parsers, an intelligent payload generator, a great fuzzing engine, and an amazingly fast crawler.
XSStrike unlike other tools does not inject payloads.
It instead uses handmade parsers to test for web application’s various responses.
גַם, it can scan of DOM XSS.
It can also crawl, fingerprint, and fuzz WAFs.
The tool requires Python 3.4+ to work.
Furthermore, it supports Linux, מק, and even Windows.
Editor’s choice:
$ git clone https://github.com/s0md3v/XSStrike.git
2. Navigating directory and install the requirements:
$ cd XSStrike $ pip install -r requirements.txt
3. Running XSStrike:
$ python xsstrike
To list all available arguments, סוּג --help
:
usage: xsstrike.py [-h] [-u TARGET] [--data DATA] [-t THREADS] [--fuzzer] [--עדכון] [--timeout] [--params] [--crawl] [--skip-poc] [--skip-dom] [--headers] [-d DELAY] optional arguments: -h, --help show this help message and exit -u, --url target url --data post data -t, --threads number of threads -l, --level level of crawling --fuzzer fuzzer --update update --timeout timeout --params find params --crawl crawl --skip-poc skip poc generation --skip-dom skip dom checking --headers add headers -d, --delay delay between requests
Using this tool is quite simple.
You just need to understand some of the Linux basics.
Don’t worry, we will guide you to use it step-by-step.
Option: -u
אוֹ --url
To test a single webpage which uses the GET method:
$ python xsstrike.py -u "http://example.com/search.php?q=query"
Supplying POST data:
$ python xsstrike.py -u "http://example.com/search.php" --data "q=query"
Option: --crawl
To start crawling from the target webpage, run:
$ python xsstrike.py -u "http://example.com/page.php" --crawl
To find hidden parameters:
Option: --params
$ python xsstrike.py -u "http://example.com/page.php" --params
Option: --skip-poc
$ python xsstrike.py -u "http://example.com/search.php?q=query" --skip-poc
Option: --skip-dom
$ python xsstrike.py -u "http://example.com/search.php?q=query" --skip-dom
XSStrike is really amazing tool to find for XSS vulnerability in web applications.
You can use this tool for your convenience.
If you liked our content make sure to leave a comment down below and appreciate our team. If you are finding it difficult to use this tool you can leave your questions down below. Team CSHAWK will be soon in touch with you.
עם עלייתן של מגמות טכנולוגיות רבות, כל התעשיות קוטפות את הפירות. Different technologies…
משחק מקוון הוא הרגיל האחרון בעולם הדיגיטלי המהיר של היום. The internet now offers…
עונת המס: התקופה בשנה שאנשים ועסקים רבים חוששים. The weight of ensuring…
As we enter in the final months of 2023, we can talk more clearly about…
מאז שחרורו ב 2011, Minecraft has become one of the most played video games…
Minecraft פעיל כבר יותר מעשור, and in that time it has…
This website uses cookies.