Wednesday, 2 August 2017
One comments

XSStrike: A Python Script Designed To Detect And Exploit XSS Vulnerabilities

XSStrike: A Python Script Designed To Detect And Exploit XSS Vulnerabilities

XSStrike is a python script designed to detect and exploit XSS vulnerabilities.


A list of features XSStrike has to offer:
  •  Fuzzes a parameter and builds a suitable payload
  •  Bruteforces parameters with payloads
  •  Has an inbuilt crawler like functionality
  •  Can reverse engineer the rules of a WAF/Filter
  •  Detects and tries to bypass WAFs
  •  Both GET and POST support
  •  Most of the payloads are hand crafted
  •  Negligible number of false positives
  •  Opens the POC in a browser window

Installing XSStrike

Use the following command to download it

git clone https://github.com/UltimateHackers/XSStrike/

After downloading, navigate to XSStrike directory with the following command

cd XSStrike

Now install the required modules with the following command

pip install -r requirements.txt

Now you are good to go! Run XSStrike with the following command

python xsstrike


Using XSStrike

You can enter your target URL now but remember, you have to mark the most crucial parameter by inserting "d3v<" in it.

For example: target.com/search.php?q=d3v&category=1

After you enter your target URL, XSStrike will check if the target is protected by a WAF or not. If its not protected by WAF you will get three options

1. Fuzzer: It checks how the input gets reflected in the webpage and then tries to build a payload according to that.

2. Striker: It brute-forces all the parameters one by one and generates the proof of concept in a browser window.

3. Spider: It extracts all the links present in homepage of the target and checks parameters in them for XSS.

4. Hulk: Hulk uses a different approach, it doesn't care about reflection of input. It has a list of polyglots and solid payloads, it just enters them one by one in the target parameter and opens the resulted URL in a browser window.

XSStrike can also bypass Website Application Firewall (WAFs)

Watch Video:

 

Download

1 comments:

  1. Are you desperately in need of a hacker in any area of your life???

    then you can contact; [email protected]

    I will help you at affordable prices, i offer services like
    -hack into your cheating partner's phone(whatsapp,bbm.gmail,icloud,facebook, twitter,snap chat and others)
    -Sales of Blank ATM cards.

    -hack into email accounts and trace email location -all social media accounts,

    -school database to clear or change grades,

    -Retrieval of lost file/documents

    -DUIs -company records and systems,

    -Bank accounts,Paypal accounts -Credit cards hacker

    -Credit score hack -Monitor any phone and email address

    -Websites hacking, pentesting.

    -IP addresses and people tracking.

    -Hacking courses and classes.

    my services are the best on the market and 100% security and discreet work is guaranteed.,...

    ReplyDelete

 
Toggle Footer
Top