XSStrike – Advanced XSS Fuzzer & Exploitation Suite


XSStrike is an advanced XSS detection suite, which contains a powerful XSS fuzzer and provides zero false positive results using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads.

XSStrike - Advanced XSS Fuzzer & Exploitation Suite

It is also built in an intelligent enough manner to detect and break out of various contexts.


Features of XSStrike XSS Fuzzer & Hacking Tool

XSStrike has:

  • Powerful fuzzing engine
  • Context breaking technology
  • Intelligent payload generation
  • GET & POST method support
  • Cookie Support
  • WAF Fingerprinting
  • Handcrafted payloads for filter and WAF evasion
  • Hidden parameter discovery
  • Accurate results via levenshtein distance algorithm

There are various other XSS security related tools you can check out like:

XSSYA v2.0 Released – XSS Vulnerability Confirmation Tool
xssless – An Automated XSS Payload Generator Written In Python
XSSer v1.0 – Cross Site Scripter Framework

You can download XSStrike here:

XSStrike-master.zip

Or read more here.

Posted in: Hacking Tools


Latest Posts:


HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.
Fuzzilli - JavaScript Engine Fuzzing Library Fuzzilli – JavaScript Engine Fuzzing Library
Fuzzilii is a JavaScript engine fuzzing library, it's a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language.
OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.
trident - Automated Password Spraying Tool trident – Automated Password Spraying Tool
The Trident project is an automated password spraying tool developed to be deployed on multiple cloud providers and provides advanced options around scheduling
tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.


Comments are closed.