XSStrike
XSStrike copied to clipboard
s0md3v
Most advanced XSS scanner.
Hi. I can sometimes see the following error. I can access the site through a browser. This site is fast enough. Increasing the "timeout" option does not resolve this issue....
While testing for a advanced xss payload on a site, I got a reflected xss script being executed their. original example =https://ab.redacted.com/?vtowg%3C%2fscript%3E%3Cimg%20src%3dx%20onerror%3ddocument.cookie()%3Eirfp=d1 when i passed this payload into the tool...
**Is your feature request related to a problem? Please describe.** I cant use tor with this tool, so I cant use this tool. **Describe the solution you'd like** add Socks...
python3 xsstrike.py -u https://www.fidelity.com/news/overview XSStrike v3.1.5 [~] Checking for DOM vulnerabilities [+] Potentially vulnerable objects found ------------------------------------------------------------ 4 document.writeln('
Could we have an option to stop the scanner after the first successful payload. For example: ``` $ xsstrike -u 'http://testphp.vulnweb.com/search.php' --data 'goButton=go&searchFor=test' XSStrike v3.1.5 [~] Checking for DOM vulnerabilities...
**Describe the bug** Trying to use XSStrike on Windows 10, Python 3.7.9 and the DVWA XSS (DOM) page. I stored [this payload list](https://github.com/payloadbox/xss-payload-list/blob/master/Intruder/xss-payload-list.txt) into a `payloads.txt` file, then when I...
**Describe the bug** The scanner quits if it cannot get a js resource from a blocked (for example, in iptables) domain **To Reproduce** block domain (where js stored) with iptables...
Xsstrike v3.1.5 @s0md3v **If your feature request is related to a usage issue, please describe it** I need to send the output to a log, but the escape code record...
