Name | xsstrike JSON |
Version |
3.2.2
JSON |
| download |
home_page | https://github.com/rasheed-rd/XSStrike |
Summary | XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine. |
upload_time | 2022-12-22 21:07:31 |
maintainer | |
docs_url | None |
author | Somdev Sangwan |
requires_python | >=3.8,<4.0 |
license | GNU GPLv3 |
keywords |
xsstrike
cross site scripting
security
|
VCS |
|
bugtrack_url |
|
requirements |
No requirements were recorded.
|
Travis-CI |
|
coveralls test coverage |
No coveralls.
|
<h1 align="center">
<br>
<a href="https://github.com/s0md3v/XSStrike"><img src="https://image.ibb.co/cpuYoA/xsstrike-logo.png" alt="XSStrike"></a>
<br>
XSStrike
<br>
</h1>
<h4 align="center">Advanced XSS Detection Suite</h4>
<p align="center">
<a href="https://github.com/s0md3v/XSStrike/releases">
<img src="https://img.shields.io/github/release/s0md3v/XSStrike.svg">
</a>
<a href="https://travis-ci.com/s0md3v/XSStrike">
<img src="https://img.shields.io/travis/com/s0md3v/XSStrike.svg">
</a>
<a href="https://github.com/s0md3v/XSStrike/issues?q=is%3Aissue+is%3Aclosed">
<img src="https://img.shields.io/github/issues-closed-raw/s0md3v/XSStrike.svg">
</a>
</p>
![multi xss](https://image.ibb.co/gOCV5L/Screenshot-2018-11-19-13-33-49.png)
<p align="center">
<a href="https://github.com/s0md3v/XSStrike/wiki">XSStrike Wiki</a> •
<a href="https://github.com/s0md3v/XSStrike/wiki/Usage">Usage</a> •
<a href="https://github.com/s0md3v/XSStrike/wiki/FAQ">FAQ</a> •
<a href="https://github.com/s0md3v/XSStrike/wiki/For-Developers">For Developers</a> •
<a href="https://github.com/s0md3v/XSStrike/wiki/Compatibility-&-Dependencies">Compatibility</a> •
<a href="https://github.com/s0md3v/XSStrike#gallery">Gallery</a>
</p>
XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.
Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine.
Here are some examples of the payloads generated by XSStrike:
```
}]};(confirm)()//\
<A%0aONMouseOvER%0d=%0d[8].find(confirm)>z
</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z
</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//
```
Apart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.
### Main Features
- Reflected and DOM XSS scanning
- Multi-threaded crawling
- Context analysis
- Configurable core
- WAF detection & evasion
- Outdated JS lib scanning
- Intelligent payload generator
- Handmade HTML & JavaScript parser
- Powerful fuzzing engine
- Blind XSS support
- Highly researched work-flow
- Complete HTTP support
- Bruteforce payloads from a file
- Powered by [Photon](https://github.com/s0md3v/Photon), [Zetanize](https://github.com/s0md3v/zetanize) and [Arjun](https://github.com/s0md3v/Arjun)
- Payload Encoding
### Documentation
- [Usage](https://github.com/s0md3v/XSStrike/wiki/Usage)
- [Compatibility & Dependencies](https://github.com/s0md3v/XSStrike/wiki/Compatibility-&-Dependencies)
### FAQ
- [It says fuzzywuzzy isn't installed but it is.](https://github.com/s0md3v/XSStrike/wiki/FAQ#it-says-fuzzywuzzy-is-not-installed-but-its)
- [What's up with Blind XSS?](https://github.com/s0md3v/XSStrike/wiki/FAQ#whats-up-with-blind-xss)
- [Why XSStrike boasts that it is the most advanced XSS detection suite?](https://github.com/s0md3v/XSStrike/wiki/FAQ#why-xsstrike-boasts-that-it-is-the-most-advanced-xss-detection-suite)
- [I like the project, what enhancements and features I can expect in future?](https://github.com/s0md3v/XSStrike/wiki/FAQ#i-like-the-project-what-enhancements-and-features-i-can-expect-in-future)
- [What's the false positive/negative rate?](https://github.com/s0md3v/XSStrike/wiki/FAQ#whats-the-false-positivenegative-rate)
- [Tool xyz works against the target, while XSStrike doesn't!](https://github.com/s0md3v/XSStrike/wiki/FAQ#tool-xyz-works-against-the-target-while-xsstrike-doesnt)
- [Can I copy it's code?](https://github.com/s0md3v/XSStrike/wiki/FAQ#can-i-copy-its-code)
- [What if I want to embed it into a proprietary software?](https://github.com/s0md3v/XSStrike/wiki/FAQ#what-if-i-want-to-embed-it-into-a-proprietary-software)
### Gallery
#### DOM XSS
![dom xss](https://image.ibb.co/bQaQ5L/Screenshot-2018-11-19-13-48-19.png)
#### Reflected XSS
![multi xss](https://image.ibb.co/gJogUf/Screenshot-2018-11-19-14-19-36.png)
#### Crawling
![crawling](https://image.ibb.co/e6Rezf/Screenshot-2018-11-19-13-50-59.png)
#### Fuzzing
![fuzzing](https://image.ibb.co/fnhuFL/Screenshot-2018-11-19-14-04-46.png)
#### Bruteforcing payloads from a file
![bruteforcing](https://image.ibb.co/dy5EFL/Screenshot-2018-11-19-14-08-36.png)
#### Interactive HTTP Headers Prompt
![headers](https://image.ibb.co/ecNph0/Screenshot-2018-11-19-14-29-35.png)
#### Hidden Parameter Discovery
![arjun](https://image.ibb.co/effjh0/Screenshot-2018-11-19-14-16-51.png)
### Contribution, Credits & License
Ways to contribute
- Suggest a feature
- Report a bug
- Fix something and open a pull request
- Help me document the code
- Spread the word
Licensed under the GNU GPLv3, see [LICENSE](LICENSE) for more information.
The WAF signatures in `/db/wafSignatures.json` are taken & modified from [sqlmap](https://github.com/sqlmapproject/sqlmap). I extracted them from sqlmap's waf detection modules which can found [here](https://github.com/sqlmapproject/sqlmap/blob/master/waf/) and converted them to JSON.\
`/plugins/retireJS.py` is a modified version of [retirejslib](https://github.com/FallibleInc/retirejslib/).
Raw data
{
"_id": null,
"home_page": "https://github.com/rasheed-rd/XSStrike",
"name": "xsstrike",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.8,<4.0",
"maintainer_email": "",
"keywords": "xsstrike,cross site scripting,security",
"author": "Somdev Sangwan",
"author_email": "s0md3v@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/25/38/ddd546b78ea59666e5bf1163b40d6ee966a2f81d2c5bdc3b4b7400670699/xsstrike-3.2.2.tar.gz",
"platform": null,
"description": "<h1 align=\"center\">\n <br>\n <a href=\"https://github.com/s0md3v/XSStrike\"><img src=\"https://image.ibb.co/cpuYoA/xsstrike-logo.png\" alt=\"XSStrike\"></a>\n <br>\n XSStrike\n <br>\n</h1>\n\n<h4 align=\"center\">Advanced XSS Detection Suite</h4>\n\n<p align=\"center\">\n <a href=\"https://github.com/s0md3v/XSStrike/releases\">\n <img src=\"https://img.shields.io/github/release/s0md3v/XSStrike.svg\">\n </a>\n <a href=\"https://travis-ci.com/s0md3v/XSStrike\">\n <img src=\"https://img.shields.io/travis/com/s0md3v/XSStrike.svg\">\n </a>\n <a href=\"https://github.com/s0md3v/XSStrike/issues?q=is%3Aissue+is%3Aclosed\">\n <img src=\"https://img.shields.io/github/issues-closed-raw/s0md3v/XSStrike.svg\">\n </a>\n</p>\n\n![multi xss](https://image.ibb.co/gOCV5L/Screenshot-2018-11-19-13-33-49.png)\n\n<p align=\"center\">\n <a href=\"https://github.com/s0md3v/XSStrike/wiki\">XSStrike Wiki</a> \u2022\n <a href=\"https://github.com/s0md3v/XSStrike/wiki/Usage\">Usage</a> \u2022\n <a href=\"https://github.com/s0md3v/XSStrike/wiki/FAQ\">FAQ</a> \u2022\n <a href=\"https://github.com/s0md3v/XSStrike/wiki/For-Developers\">For Developers</a> \u2022\n <a href=\"https://github.com/s0md3v/XSStrike/wiki/Compatibility-&-Dependencies\">Compatibility</a> \u2022\n <a href=\"https://github.com/s0md3v/XSStrike#gallery\">Gallery</a>\n</p>\n\nXSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.\n\nInstead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine.\nHere are some examples of the payloads generated by XSStrike:\n```\n}]};(confirm)()//\\\n<A%0aONMouseOvER%0d=%0d[8].find(confirm)>z\n</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z\n</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//\n```\nApart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.\n\n### Main Features\n- Reflected and DOM XSS scanning\n- Multi-threaded crawling\n- Context analysis\n- Configurable core\n- WAF detection & evasion\n- Outdated JS lib scanning\n- Intelligent payload generator\n- Handmade HTML & JavaScript parser\n- Powerful fuzzing engine\n- Blind XSS support\n- Highly researched work-flow\n- Complete HTTP support\n- Bruteforce payloads from a file\n- Powered by [Photon](https://github.com/s0md3v/Photon), [Zetanize](https://github.com/s0md3v/zetanize) and [Arjun](https://github.com/s0md3v/Arjun)\n- Payload Encoding\n\n### Documentation\n- [Usage](https://github.com/s0md3v/XSStrike/wiki/Usage)\n- [Compatibility & Dependencies](https://github.com/s0md3v/XSStrike/wiki/Compatibility-&-Dependencies)\n\n### FAQ\n- [It says fuzzywuzzy isn't installed but it is.](https://github.com/s0md3v/XSStrike/wiki/FAQ#it-says-fuzzywuzzy-is-not-installed-but-its)\n- [What's up with Blind XSS?](https://github.com/s0md3v/XSStrike/wiki/FAQ#whats-up-with-blind-xss)\n- [Why XSStrike boasts that it is the most advanced XSS detection suite?](https://github.com/s0md3v/XSStrike/wiki/FAQ#why-xsstrike-boasts-that-it-is-the-most-advanced-xss-detection-suite)\n- [I like the project, what enhancements and features I can expect in future?](https://github.com/s0md3v/XSStrike/wiki/FAQ#i-like-the-project-what-enhancements-and-features-i-can-expect-in-future)\n- [What's the false positive/negative rate?](https://github.com/s0md3v/XSStrike/wiki/FAQ#whats-the-false-positivenegative-rate)\n- [Tool xyz works against the target, while XSStrike doesn't!](https://github.com/s0md3v/XSStrike/wiki/FAQ#tool-xyz-works-against-the-target-while-xsstrike-doesnt)\n- [Can I copy it's code?](https://github.com/s0md3v/XSStrike/wiki/FAQ#can-i-copy-its-code)\n- [What if I want to embed it into a proprietary software?](https://github.com/s0md3v/XSStrike/wiki/FAQ#what-if-i-want-to-embed-it-into-a-proprietary-software)\n\n### Gallery\n#### DOM XSS\n![dom xss](https://image.ibb.co/bQaQ5L/Screenshot-2018-11-19-13-48-19.png)\n#### Reflected XSS\n![multi xss](https://image.ibb.co/gJogUf/Screenshot-2018-11-19-14-19-36.png)\n#### Crawling\n![crawling](https://image.ibb.co/e6Rezf/Screenshot-2018-11-19-13-50-59.png)\n#### Fuzzing\n![fuzzing](https://image.ibb.co/fnhuFL/Screenshot-2018-11-19-14-04-46.png)\n#### Bruteforcing payloads from a file\n![bruteforcing](https://image.ibb.co/dy5EFL/Screenshot-2018-11-19-14-08-36.png)\n#### Interactive HTTP Headers Prompt\n![headers](https://image.ibb.co/ecNph0/Screenshot-2018-11-19-14-29-35.png)\n#### Hidden Parameter Discovery\n![arjun](https://image.ibb.co/effjh0/Screenshot-2018-11-19-14-16-51.png)\n\n### Contribution, Credits & License\nWays to contribute\n- Suggest a feature\n- Report a bug\n- Fix something and open a pull request\n- Help me document the code\n- Spread the word\n\nLicensed under the GNU GPLv3, see [LICENSE](LICENSE) for more information.\n\nThe WAF signatures in `/db/wafSignatures.json` are taken & modified from [sqlmap](https://github.com/sqlmapproject/sqlmap). I extracted them from sqlmap's waf detection modules which can found [here](https://github.com/sqlmapproject/sqlmap/blob/master/waf/) and converted them to JSON.\\\n`/plugins/retireJS.py` is a modified version of [retirejslib](https://github.com/FallibleInc/retirejslib/).\n",
"bugtrack_url": null,
"license": "GNU GPLv3",
"summary": "XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine.",
"version": "3.2.2",
"split_keywords": [
"xsstrike",
"cross site scripting",
"security"
],
"urls": [
{
"comment_text": "",
"digests": {
"md5": "9449d3a5c7779f232532706f26b57681",
"sha256": "727d77621ead440ac41fc1564d648138010180ce86213b0d59e75930884c4481"
},
"downloads": -1,
"filename": "xsstrike-3.2.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "9449d3a5c7779f232532706f26b57681",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8,<4.0",
"size": 58250,
"upload_time": "2022-12-22T21:07:30",
"upload_time_iso_8601": "2022-12-22T21:07:30.365565Z",
"url": "https://files.pythonhosted.org/packages/0f/db/149bd66bc3ced702266d1b40a59869c3433b753275150e02433d4fb6fb8c/xsstrike-3.2.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"md5": "07b63e4b33f9f19e74f876d5c816fcd9",
"sha256": "531dd850951ddd76f1a9a584500ef8e49bb3e6cf76ccbb4f0579ea3756892b2f"
},
"downloads": -1,
"filename": "xsstrike-3.2.2.tar.gz",
"has_sig": false,
"md5_digest": "07b63e4b33f9f19e74f876d5c816fcd9",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8,<4.0",
"size": 51663,
"upload_time": "2022-12-22T21:07:31",
"upload_time_iso_8601": "2022-12-22T21:07:31.453584Z",
"url": "https://files.pythonhosted.org/packages/25/38/ddd546b78ea59666e5bf1163b40d6ee966a2f81d2c5bdc3b4b7400670699/xsstrike-3.2.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2022-12-22 21:07:31",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "rasheed-rd",
"github_project": "XSStrike",
"travis_ci": true,
"coveralls": false,
"github_actions": true,
"lcname": "xsstrike"
}