Installation and simple use of XSStrike on kali linux

 Installation and simple use of XSStrike on kali linux

XSStrike is an advanced detection tool for Cross Site Scripting. It integrates payload generator, crawler and fuzzy engine functions. XSStrike does not inject payload and check its work like other tools, but analyzes the response through multiple parsers, and then guarantees the payload through contextual analysis integrated with the fuzzing engine. In addition, XSStrike also has crawling, fuzzing, parameter discovery, and WAF detection functions. It will also scan for DOM XSS vulnerabilities.

Project address: https://github.com/s0md3v/XSStrike

XSStrike can only run on python 3.6 or above.
2. Tool installation:

1. sudo apt - get  install python3 - pip
   HTTPS clone git : //github.com/s0md3v/XSStrike.gitcd XSStrike
   pip3 install  - r requirements . txtchmod  + x xsstrike . py
   

3. View help information:

./xsstrike.py -h or ./xsstrike.py --help

4. Here to do a simple experiment, write a xss.php into the /var/www/html directory, and start apache2 (service apache2 start):

1. <html>
2. <? php
3.     $n  =  $_GET [ 'payload' ];
4.     echo $n ;
5. ?>
6. </html>

Use XSStrike tool to detect:

Enter y to continue the detection, enter n to stop the detection, and then insert the payload into the url.
5. Test method:
Test a GET page:

./ xsstrike . py  - u  "url"

Test POST:

1. ./ xsstrike . Py  - U  "URL" - Data  '= payload. 1' 

Start searching for the target from the landing page and test it:

./ xsstrike . py  - u  "url" - crawl 
Depth can also specify: - L  (the default is 2 ) ./ xsstrike . Py  - U  "URL" - crawl  - L  2 

Update

./ xsstrike . py  - update

In general, there are not many command parameters of XSStrike. You can get a good understanding and familiarity by viewing the help information.