Open In App

XSStrike – Hunting for low-hanging fruits in Kali Linux

Last Updated : 23 Aug, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

XSStrike is a free and open-source tool available on GitHub. This tool is specially designed to find cross-site scripting. This tool is written in Python. You must have python 3.7 installed in your Kali Linux. There are lots of websites on the internet which are vulnerable of cross-site scripting(XSS). This tool makes finding cross-site scripting easy. This tool works like a scanner. The Internet has millions of websites and webapps a question comes into mind whether your website is safe or not. The security of our websites plays an important role. Cross-site scripting or XSS is a vulnerability that can be used to hack websites. This tool helps to find such vulnerabilities easily.

Features and uses of XSStrike:

  • It’s an open-source tool just download it and run it to find cross-site scripting vulnerabilities.
  • This tool is available on GitHub to install and start scanning websites.
  • It has a feature of error handling. If any error occurred during scanning it can handle easily.
  • It is a free and open-source tool.
  • It is written in python language.
  • It makes it easy to scan websites for xss.
  • This tool works like  scanner. XSStrike  is a multiprocessing support tool,.
  • It is a customizable tool, You can customize it.
  • It supports all types of request POST and GET.
  • It is used to find cross site scripting vulnerability in websites and webapps.

Installation:

Step 1: Open your terminal of our kali linux operating system and use the following command to clone the tool. Use the second command to move into the directory of the tool.

git clone https://github.com/s0md3v/XSStrike.git
cd XSStrike

Step 2: Now you are in the directory of the tool. Use the following command to install the requirements of the tool.

pip3 install -r requirements.txt

Step 3: Now use the following command to run the tool.

python3 xsstrike.py -h

The tool is running successfully now we will see some example to use the tool.

Usages:

Example 1: Use the XSStrike tool to find reflective xss on a domain.

python3 xsstrike.py -u "http://<URL>/faq.php?lang=q"

Example 2: Use the XSStrike tool to crawling a domain.

./xsstrike.py -u "http://<URL>/" --crawl

You can see that the tool found a vulnerable webpage in the domain after crawling. This is how you can also perform crawling


Like Article
Suggest improvement
Previous
Detecting and Checking Rootkits with Chkrootkit and rkhunter Tool in Kali Linux
Next
Sitadel – Web Application Security Scanner in Kali Linux
Share your thoughts in the comments

Similar Reads

Cariddi – Hidden Endpoint Finder for Bug Hunting
Kali-Whoami - Stay anonymous on Kali Linux
Difference Between Arch Linux and Kali Linux
Bash Script to get Low Battery Alert in Linux
Kali Linux - Password Cracking Tool
XSS-Freak - XSS Scanner Fully Written in Kali Linux
Sherlock - Hunt Username on Social Media Kali Linux Tool
TheSpeedX / TBomb - Call and SMS Bomber for Kali Linux
YetAnotherSMSBomber - SMS Bomber in kali linux
Gasmask – Information Gathering Tool in Kali Linux

M
mohdshariq
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox