XSStrike

LSE toolsLSE toolsXSStrike (350)XSStrike (350)

Tool and Usage

Project details

License
CC BY 4.0
Programming language
Python
Author
Somdev Sangwan
Latest release
3.1.5
Latest release date

Project health

60
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

XSStrike is an XSS detection suite with the goal to reduce the false positives to zero. It can achieve this with its own fuzzing engine. The tool also allows generating custom payloads, which is rare within this line of tools.

Usage and audience

XSStrike is commonly used for application fuzzing or web application analysis. Target users for this tool are pentesters and security professionals.

Features

  • Can perform basic HTTP authentication
  • Colored output
  • Command line interface
  • Cookie support
  • Custom payloads
  • Fuzzing engine
  • WAF detection

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + More than 5000 GitHub stars
  • + Very low number of dependencies
  • + The source code of this software is available

Author and Maintainers

XSStrike is under development by Somdev Sangwan.

Installation

Supported operating systems

XSStrike is known to work on Linux and Microsoft Windows.

Dependencies

Several dependencies are required to use XSStrike.

  • fuzzywuzzy
  • requests
  • tld

XSStrike alternatives

Similar tools to XSStrike:

60

XSSER

XXSER leverages the execution of arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload.

78

XSS Hunter

XSS Hunter helps with finding XSS attacks and trigger a warning when one is succesful. It exists as an online service, or self-hosted installation.

All XSStrike alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Categories

This tool is categorized as a XSS scanning tool and cross-site scripting scanner.