Skip to content
Related Articles

Related Articles

Improve Article
Save Article
Like Article

XSStrike – Hunting for low-hanging fruits in Kali Linux

  • Last Updated : 23 Aug, 2021

XSStrike is a free and open-source tool available on GitHub. This tool is specially designed to find cross-site scripting. This tool is written in Python. You must have python 3.7 installed in your Kali Linux. There are lots of websites on the internet which are vulnerable of cross-site scripting(XSS). This tool makes finding cross-site scripting easy. This tool works like a scanner. The Internet has millions of websites and webapps a question comes into mind whether your website is safe or not. The security of our websites plays an important role. Cross-site scripting or XSS is a vulnerability that can be used to hack websites. This tool helps to find such vulnerabilities easily.

Features and uses of XSStrike:

  • It’s an open-source tool just download it and run it to find cross-site scripting vulnerabilities.
  • This tool is available on GitHub to install and start scanning websites.
  • It has a feature of error handling. If any error occurred during scanning it can handle easily.
  • It is a free and open-source tool.
  • It is written in python language.
  • It makes it easy to scan websites for xss.
  • This tool works like  scanner. XSStrike  is a multiprocessing support tool,.
  • It is a customizable tool, You can customize it.
  • It supports all types of request POST and GET.
  • It is used to find cross site scripting vulnerability in websites and webapps.


Step 1: Open your terminal of our kali linux operating system and use the following command to clone the tool. Use the second command to move into the directory of the tool.

git clone
cd XSStrike

Step 2: Now you are in the directory of the tool. Use the following command to install the requirements of the tool.

pip3 install -r requirements.txt

Step 3: Now use the following command to run the tool.

python3 -h

The tool is running successfully now we will see some example to use the tool.


Example 1: Use the XSStrike tool to find reflective xss on a domain.

python3 -u "http://<URL>/faq.php?lang=q"

Example 2: Use the XSStrike tool to crawling a domain.

./ -u "http://<URL>/" --crawl

You can see that the tool found a vulnerable webpage in the domain after crawling. This is how you can also perform crawling

My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!