XSStrike Intelligent XSS Discovery & Exploitation Tool

What is XSS?

Cross site scripting is an injection attack where an attack can injection malicious scripts into a web application such as, parameters and form fields. The attacker can also hijack someones browser and steal someones session with these kind of vulnerabilities, stealing someones session is also know as session fixation.



Why Choose XSStrike?

Every XSS (Cross-Site-Scripting) scanner out there has a list of payloads, they inject the payloads and if the payload is reflected into the webpage, it is possibly vulnerable but that’s just stupid. XSStrike on the other hand analyses the response with multiple parsers and then crafts payloads that are guaranteed to work. Here are some examples of the payloads generated by XSStrike:

** }]};(confirm)()//\

Apart from that, XSStrike has crawling, fuzzing, WAF (Web Application Firewall) detection capabilities as well. It also scans for DOM (Document Object Model) XSS vulnerabilities.


  • Reflected and DOM XSS Scanning
  • Multithreaded crawling
  • Context analysis
  • Configurable Core
  • Highly Researched Workflow**
  • WAF detection & evasion**
  • Handmade HTML & JavaScript parser
  • Powerful fuzzing engine
  • Intelligent payload generator
  • Complete HTTP Support
  • Powered by Photon , Zetanize and Arjun



Reflected XSS




Hidden Parameter Discovery


Interactive HTTP Headers Prompt

 Download XSStrike

Leave a Reply