• We just launched and are currently in beta. Join us as we build and grow the community.

XSStrike – A Automate XSS Vulnerability Finder

gdfgsfasfsf

Funny Flash Master
G
Divine
G Rep
0
0
0
Rep
0
G Vouches
0
0
0
Vouches
0
Posts
101
Likes
133
Bits
0
1 MONTH
1 1 MONTH OF SERVICE
LEVEL 1 500 XP
Black-White-Yellow-Corporate-Photo-Architecture-Presentation.png


Hey Folks, In this tutorial we are going to talk about an interesting tool that can be helpful for us during bug hunting. This tool is specifically designed for beginners who do not discover the vulnerability of cross site scripting in web applications. XSStrike is very powerful tool that tries multiple combinations of payloads to find xss vulnerabilities in web applications.

Lets take a look 🙂 !!

Installation

It is an open source tool hosted on github page and we will download it from github page by using the git tool. After the installation we have to go into the directory for the further process.

git clone https://github.com/s0md3v/XSStrike.git
cd XSStrike
ls123git clone
https://github.com/s0md3v/XSStrike.gitcd XSStrikels

1-15.png


We have to install the pip tool to run this tool.

apt install python3-pip1apt install python3-pip

2-19.png


Now we can start this tool using python command.

python3 xsstrike.py1python3 xsstrike.py

3-14.png

Usage

For the testing purpose we will use the XVWA vulnerable web application. As we know it is an vulnerable web application so we will give the right location of vulnerability and identify does it work or not.
Usage 🙂 python3 xsstrike.py -u

python3 xsstrike.py -u http://192.168.0.114/xvwa/vulnerabilities/reflected_xss/?item=1python3 xsstrike.py-u

Loading…

192.168.0.114

4-14.png


We are surprised after getting the result because it has given us many payloads to exploit the vulnerability.

Fuzzer

As we know fuzzing is the automated process of finding hack able software bugs and In this endeavor we are going to use this feature of this tool.

python3 xsstrike.py -u http://192.168.0.114/xvwa/vulnerabilities/reflected_xss/?item= --fuzzer1python3 xsstrike.py-u
http://192.168.0.114/xvwa/vulnerabilities/reflected_xss/?item= --fuzzer

5-14.png

Crawl

Crawling is an activity done by people to extract and retrieve the sensetive data from the website but in this case, this feature is created to find vulnerabilities in a website by adding one URL after another.

python3 xsstrike.py -u http://192.168.0.114/xvwa/vulnerabilities/reflected_xss/?item= --crawl1python3 xsstrike.py-u
http://192.168.0.114/xvwa/vulnerabilities/reflected_xss/?item= --crawl

6-13.png

Conclusion

If you are a beginner then you can use this tool otherwise this tool is not much useful. Because there are many tools available here which are both open source and better.

About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact On Linkedin.
 
You must log in or register to reply here.

414,348

309,607

309,616

Z Zkhjeb
Top