Causes this error when running...i am using latest version of xsstrike.

[UxplnJDK]

Traceback (most recent call last): File "/home/sunil/python-tools/XSStrike/xsstrike.py", line 174, in scan(target, paramData, encoding, headers, delay, timeout, skipDOM, skip) File "/home/sunil/python-tools/XSStrike/modes/scan.py", line 81, in scan vectors = generator(occurences, response.text) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/sunil/python-tools/XSStrike/core/generator.py", line 136, in generator closer = jsContexter(script) ^^^^^^^^^^^^^^^^^^^ File "/home/sunil/python-tools/XSStrike/core/jsContexter.py", line 11, in jsContexter pre = re.sub(r'(?s){.?}|(?s)(.?)|(?s)".?"|(?s)'.?'', '', pre) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/init.py", line 185, in sub return _compile(pattern, flags).sub(repl, string, count) ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/init.py", line 294, in _compile p = _compiler.compile(pattern, flags) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/_compiler.py", line 743, in compile p = _parser.parse(p, flags) ^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/_parser.py", line 980, in parse p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/_parser.py", line 455, in _parse_sub itemsappend(_parse(source, state, verbose, nested + 1, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/_parser.py", line 841, in _parse raise source.error('global flags not at the start ' re.error: global flags not at the start of the expression at position 12

[0x9Fahad]

exactly same issue here, might be the python3 libraries, testing for a solution right now.

[notkearash]

Seems like a proxy issue. Solved when I removed the --proxy flag.

[sriramoffcl]

.

On Tue, Jun 6, 2023 at 4:51 AM !Kearash @.***> wrote:

Seems like a proxy issue. Solved when I removed the --proxy flag.

— Reply to this email directly, view it on GitHub https://github.com/s0md3v/XSStrike/issues/372#issuecomment-1577670719, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIMX4PQAJSSP3QHKJ5BUILDXJZSVZANCNFSM6AAAAAAYDZ3WTA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[0x9Fahad]

Seems like a proxy issue. Solved when I removed the --proxy flag.

issue still exists when removing the proxy flag, would you please show an example of the command you used.

[notkearash]

@0x9Fahad

$ python xsstrike.py -u 'https://example.app/search?search=hi'

	XSStrike v3.1.5

[~] Checking for DOM vulnerabilities 
[-] WAF detected: CloudFlare Web Application Firewall (CloudFlare) 
[!] Testing parameter: search 
[!] Reflections found: 6 
[~] Analysing reflections 
[~] Generating payloads 
[!] Payloads generated: 3120 

I think the issue is in response. Some web apps still throws this error even without --proxy

[Anthonymcqueen21]

I am having the same problem as well xsstrike is updated and all the fuzzers and so on are updated and connected so its just weird.

[Hugo-Lua]

might be xss protection

[AdithyakrishnaV]

The problem is, XSStrike work with Python 3.8 or 3.9. Roll back to the older vertion or, consider creating a virtual environment with an older Python version: pyenv install 3.8.10 pyenv virtualenv 3.8.10 xsstrike-env pyenv activate xsstrike-env

After this you may run into an error: ModuleNotFoundError: No module named 'requests' Just run this command: pip install requests

Now the tool will be working just fine. If it helped consider subscribing to my YouTube channel: https://www.youtube.com/channel/UCR9txckubHGilBvNGvud_dg I create contents about bug boundy and reverse engineering.