GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → s0md3v → Xsstrike

s0md3v / Xsstrike

Licence: gpl-3.0
Most advanced XSS scanner.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

xssxss-scannerxss-detectionxss-exploitxss-bruteforcexss-pythonxsstrikewaf-detection

Projects that are alternatives of or similar to Xsstrike

Xss Payload List
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (-73.36%)
Mutual labels:  xss, xss-scanner, xss-detection
xss-chef
A web application for generating custom XSS payloads
Stars: ✭ 70 (-99.29%)
Mutual labels:  xss, xss-exploit
ttt-ext
Chrome extension to aid in finding DOMXSS by simple taint analysis of string values.
Stars: ✭ 81 (-99.18%)
Mutual labels:  xss-scanner, xss-detection
safe-svg
Simple and lightweight library that helps to validate SVG files in security manners.
Stars: ✭ 25 (-99.75%)
Mutual labels:  xss, xss-detection
Foxss-XSS-Penetration-Testing-Tool
Foxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.
Stars: ✭ 35 (-99.64%)
Mutual labels:  xss, xss-detection
APSoft-Web-Scanner-v2
Powerful dork searcher and vulnerability scanner for windows platform
Stars: ✭ 96 (-99.02%)
Mutual labels:  xss, xss-detection
xssmap
Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
Stars: ✭ 107 (-98.91%)
Mutual labels:  xss, xss-scanner
Awesomexss
Awesome XSS stuff
Stars: ✭ 3,664 (-62.7%)
Mutual labels:  xss, xss-detection
Medusa
🐈Medusa是一个红队武器库平台,目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
Stars: ✭ 796 (-91.9%)
Mutual labels:  xss
Tiny Xss Payloads
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Stars: ✭ 975 (-90.07%)
Mutual labels:  xss
Janusec
Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Stars: ✭ 771 (-92.15%)
Mutual labels:  xss
Atscan
Advanced dork Search & Mass Exploit Scanner
Stars: ✭ 817 (-91.68%)
Mutual labels:  xss
Express Security
nodejs + express security and performance boilerplate.
Stars: ✭ 37 (-99.62%)
Mutual labels:  xss
Dalfox
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (-91.95%)
Mutual labels:  xss
Pythem
pentest framework
Stars: ✭ 1,060 (-89.21%)
Mutual labels:  xss
Resources For Beginner Bug Bounty Hunters
A list of resources for those interested in getting started in bug bounties
Stars: ✭ 7,185 (-26.85%)
Mutual labels:  xss
Hackingtool
ALL IN ONE Hacking Tool For Hackers
Stars: ✭ 7,521 (-23.43%)
Mutual labels:  xss-detection
Bugbounty Starter Notes
bug bounty hunters starter notes
Stars: ✭ 85 (-99.13%)
Mutual labels:  xss
Xwaf
xWAF 3.0 - Free Web Application Firewall, Open-Source.
Stars: ✭ 48 (-99.51%)
Mutual labels:  xss
Filterbypass
Browser's XSS Filter Bypass Cheat Sheet
Stars: ✭ 884 (-91%)
Mutual labels:  xss
View All Similar Projects ➔


XSStrike
XSStrike

Advanced XSS Detection Suite

multi xss

XSStrike WikiUsageFAQFor DevelopersCompatibilityGallery

XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.

Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine. Here are some examples of the payloads generated by XSStrike:

}]};(confirm)()//\
<A%0aONMouseOvER%0d=%0d[8].find(confirm)>z
</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z
</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//

Apart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.

Main Features

  • Reflected and DOM XSS scanning
  • Multi-threaded crawling
  • Context analysis
  • Configurable core
  • WAF detection & evasion
  • Outdated JS lib scanning
  • Intelligent payload generator
  • Handmade HTML & JavaScript parser
  • Powerful fuzzing engine
  • Blind XSS support
  • Highly researched work-flow
  • Complete HTTP support
  • Bruteforce payloads from a file
  • Powered by Photon, Zetanize and Arjun
  • Payload Encoding

Documentation

FAQ

Gallery

DOM XSS

dom xss

Reflected XSS

multi xss

Crawling

crawling

Fuzzing

fuzzing

Bruteforcing payloads from a file

bruteforcing

Interactive HTTP Headers Prompt

headers

Hidden Parameter Discovery

arjun

Contribution, Credits & License

Ways to contribute

  • Suggest a feature
  • Report a bug
  • Fix something and open a pull request
  • Create a browser extension
  • Create a burp suite/zaproxy plugin
  • Help me document the code
  • Spread the word

Licensed under the GNU GPLv3, see LICENSE for more information.

The WAF signatures in /db/wafSignatures.json are taken & modified from sqlmap. I extracted them from sqlmap's waf detection modules which can found here and converted them to JSON.
/plugins/retireJS.py is a modified version of retirejslib.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].