XSStrike Advanced XSS Detection Suite
XSStrike Wiki Usage FAQ For Developers Compatibility Gallery
XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.
Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine. Here are some examples of the payloads generated by XSStrike:}]};(confirm)()//\ <A%0aONMouseOvER%0d=%0d.find(confirm)>z </tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z </SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//
Hidden Parameter Discovery
Interactive HTTP Headers Prompt
Contribution & License
Useful issues and pull requests are appreciated.
Licensed under the GNU GPLv3, see LICENSE for more information.