XSStrike installation tool

Others 2020-02-19 01:39:15 views: null

About 0x01

XSStrike is a script used to detect and exploit XSS vulnerabilities

XSStrike currently offer product features:

After building the appropriate payload parameter fuzzing

Payload using the parameters exhaustive match

Built-in functions reptiles

Detect and attempt to bypass WAF

Both GET and POST method

Most of payload are carefully constructed by the author

Low false alarm rate

0x02 download and install

Download: https://github.com/s0md3v/XSStrike

The latest version supports python3

windows, linux system can run

After the download is complete, enter XSStrike catalog:

cd XSStrike

Next, the following command module mounted reliance:

pip install -r requirements.txt

0x03 Use

1. Test a web page using the GET method:

python3 xsstrike.py -u "http://example.com/search.php?q=query"

2. Test POST data:

python3 xsstrike.py -u "http://example.com/search.php" --data "q=query"
python3 xsstrike.py -u "http://example.com/search.php" --data '{"q":"query"} --json'

3. Test URL path:

python3 xsstrike.py -u "http://example.com/search/form/query" --path

4. From the beginning of the search target landing page and test

python3 xsstrike.py -u "http://example.com/page.php" --crawl

You can specify how deep to crawl the default 2: -l

python3 xsstrike.py -u "http://example.com/page.php" --crawl -l 3

5. If you want to test the file URL, or just want to add seeds to crawl, you can use this --seedsoption:

python xsstrike.py --seeds urls.txt

6. Find the hidden parameter:

  To find the hidden parameters by parsing HTML and brute force

python3 xsstrike.py -u "http://example.com/page.php" --params

7. Blind XSS: creeping use this parameter to insert xss codes to each variable to each html form

python3 xsstrike.py -u http://example.com/page.php?q=query --crawl --blind

8. fuzzing --fuzzer

The blur filters and is designed to test a Web application firewall , you can use -dthe option to delay to 1 second .

python3 xsstrike.py -u "http://example.com/search.php?q=query" --fuzzer

9. The skip scanning DOM

 When crawl skippable DOM XSS scanning to save time

python3 xsstrike.py -u "http://example.com/search.php?q=query" --skip-dom

10. Update:

If you keep up with --updata option, XSStrike will check for updates. If a newer version is available, XSStrike will download the update and incorporate it into the current directory without overwriting other files.

python3 xsstrike.py --update

 

Guess you like

Origin www.cnblogs.com/-chenxs/p/12329506.html
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com