Fri. Sep 20th, 2019

Ethical Hacking Playground

hacking is curiosity

XSStrike Intelligent XSS Discovery & Exploitation Tool

1 min read

What is XSS?

Cross site scripting is an injection attack where an attack can injection malicious scripts into a web application such as, parameters and form fields. The attacker can also hijack someones browser and steal someones session with these kind of vulnerabilities, stealing someones session is also know as session fixation.

 

Cross-Site_Scripting_28XSS29Cross-Site_Scripting_28XSS29Cross-Site_Scripting_28XSS29

Why Choose XSStrike?

Every XSS (Cross-Site-Scripting) scanner out there has a list of payloads, they inject the payloads and if the payload is reflected into the webpage, it is possibly vulnerable but that’s just stupid. XSStrike on the other hand analyses the response with multiple parsers and then crafts payloads that are guaranteed to work. Here are some examples of the payloads generated by XSStrike:

** }]};(confirm)()//\
z
z

Apart from that, XSStrike has crawling, fuzzing, WAF (Web Application Firewall) detection capabilities as well. It also scans for DOM (Document Object Model) XSS vulnerabilities.

Features

  • Reflected and DOM XSS Scanning
  • Multithreaded crawling
  • Context analysis
  • Configurable Core
  • Highly Researched Workflow**
  • WAF detection & evasion**
  • Handmade HTML & JavaScript parser
  • Powerful fuzzing engine
  • Intelligent payload generator
  • Complete HTTP Support
  • Powered by Photon , Zetanize and Arjun

Pictures**

DOM XSS

Reflected XSS

**

Crawling

**

Hidden Parameter Discovery

Cross-Site_Scripting_28XSS29

Interactive HTTP Headers Prompt

 Download XSStrike


Advertisements

Leave a Reply