Open In App

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy

XSStrike – Hunting for low-hanging fruits in Kali Linux

XSStrike is a free and open-source tool available on GitHub. This tool is specially designed to find cross-site scripting. This tool is written in Python. You must have python 3.7 installed in your Kali Linux. There are lots of websites on the internet which are vulnerable of cross-site scripting(XSS). This tool makes finding cross-site scripting easy. This tool works like a scanner. The Internet has millions of websites and webapps a question comes into mind whether your website is safe or not. The security of our websites plays an important role. Cross-site scripting or XSS is a vulnerability that can be used to hack websites. This tool helps to find such vulnerabilities easily.

Features and uses of XSStrike:



Installation:

Step 1: Open your terminal of our kali linux operating system and use the following command to clone the tool. Use the second command to move into the directory of the tool.

git clone https://github.com/s0md3v/XSStrike.git
cd XSStrike



Step 2: Now you are in the directory of the tool. Use the following command to install the requirements of the tool.

pip3 install -r requirements.txt

Step 3: Now use the following command to run the tool.

python3 xsstrike.py -h

The tool is running successfully now we will see some example to use the tool.

Usages:

Example 1: Use the XSStrike tool to find reflective xss on a domain.

python3 xsstrike.py -u "http://<URL>/faq.php?lang=q"

Example 2: Use the XSStrike tool to crawling a domain.

./xsstrike.py -u "http://<URL>/" --crawl

You can see that the tool found a vulnerable webpage in the domain after crawling. This is how you can also perform crawling

Article Tags :
Linux-Unix
Recommended Articles
1. Cariddi – Hidden Endpoint Finder for Bug Hunting
2. Kali-Whoami - Stay anonymous on Kali Linux
3. Difference Between Arch Linux and Kali Linux
4. Bash Script to get Low Battery Alert in Linux
5. Kali Linux - Password Cracking Tool
6. XSS-Freak - XSS Scanner Fully Written in Kali Linux
7. Sherlock - Hunt Username on Social Media Kali Linux Tool
8. TheSpeedX / TBomb - Call and SMS Bomber for Kali Linux
9. YetAnotherSMSBomber - SMS Bomber in kali linux
10. Gasmask – Information Gathering Tool in Kali Linux
11. Difference Between Ubuntu and Kali Linux
12. Knock - Subdomain Scanner Tool in Kali Linux
13. How to determine the cause for a restart in Kali Linux?
14. R3con1z3r – Lightweight Information Gathering Tool in Kali Linux
15. CTFR - Get Subdomain in Kali Linux
16. Spoofcheck - Domain Spoofer Checker in kali linux
17. XLR8_BOMBER - SMS Bomber in Kali Linux
18. How to Install Lazy Script in Kali Linux?
19. Auto Scanning to SSL Vulnerability - A2SV Tool in Kali Linux
20. Anubis - Subdomain enumeration and information gathering tool in Kali Linux
21. How to install Virtual Box in Kali Linux
22. PickleRick - BYPASSING Blacklists CTF In Kali Linux
23. Kali Linux Tools
24. What is Vulnerability Scanning in Kali Linux?
25. Introduction to Kali Linux