XSStrike is a python which can fuzz and bruteforce parameters for XSS.

XSStrike is a python which can fuzz and bruteforce parameters for XSS. 

 XSStrike is a python which can fuzz and bruteforce parameters for XSS. / Brute Force, Cross Site Scripting(XSS), Fuzzer/Fuzzing

XSStrike is a python which can fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs.

Dependencies:

+ Python 2.7.x

+ colorama, mechanize python module.

Todo:

After you enter your target URL, XSStrike will check if the target is protected by a WAF or not. If its not protected by WAF you will get three options

1. Fuzzer: It checks how the input gets reflected in the webpage and then tries to build a payload according to that.

2. Striker: It bruteforces all the parameters one by one and generates the proof of concept in a browser window.

3. Hulk: Hulk uses a different approach, it doesn’t care about reflection of input. It has a list of polyglots and solid payloads, it just enters them one by one in the target parameter and opens the resulted URL in a browser window.

XSStrike

Note:

XSStrike currently supports GET only but support for POST will be added soon. Unlike other stupid bruteforce programs, XSStrike has a small list of payloads but they are the best one.

Usage:

git clone https://github.com/UltimateHackers/XSStrike && cd XSStrike pip install -r requirements.txt chmod +x xsstrike ./xsstrike

git clone https://github.com/UltimateHackers/XSStrike && cd XSStrike pip install -r requirements.txt chmod +x xsstrike ./xsstrike

Source: https://github.com/UltimateHackers