-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Usage
usage: xsstrike.py [-h] [-u TARGET] [--data DATA] [-t THREADS]
[--fuzzer] [--update] [--timeout] [--params] [--crawl]
[--skip-poc] [--skip-dom] [--headers] [-d DELAY]
optional arguments:
-h, --help show this help message and exit
-u, --url target url
--data post data
-t, --threads number of threads
-l, --level level of crawling
--fuzzer fuzzer
--update update
--timeout timeout
--params find params
--crawl crawl
--skip skip confirmation dialogue and poc
--skip-poc skip poc generation
--skip-dom skip dom checking
--headers add headers
-d, --delay delay between requests
Option: -u
or --url
Test a single webpage which uses GET method.
python xsstrike.py -u "http://example.com/search.php?q=query"
python xsstrike.py -u "http://example.com/search.php" --data "q=query"
Option: --crawl
Start crawling from the target webpage for targets and test them.
python xsstrike.py -u "http://example.com/page.php" --crawl
Option: -l
or --level
| Default: 2
This option let's you specify the depth of crawling.
python xsstrike.py -u "http://example.com/page.php" --crawl -l 3
Option: --params
Find hidden parameters by parsing HTML & bruteforcing.
python xsstrike.py -u "http://example.com/page.php" --params
Option: -t
or --threads
| Default: 2
It is possible to make concurrent requests to the target while crawling and -t
option can be used to specify the number of concurrent requests to make.
While threads can help to speed up crawling, they might also trigger security mechanisms. A high number of threads can also bring down small websites.
python xsstrike.py -u "http://example.com" -t 10 --crawl -l 3
Option: --timeout
| Default: 7
It is possible to specify a number of seconds to wait before considering the HTTP(S) request timed out.
python xsstrike.py -u "http://example.com/page.php?q=query" --timeout=4
Option: -d
or --delay
| Default: 0
It is possible to specify a number of seconds to hold between each HTTP(S) request. The valid value is a int, for instance 1 means a second.
python xsstrike.py -u "http://example.com/page.php?q=query" -d 2
Option: --headers
This option will open your text editor (default is 'nano') and you can simply paste your HTTP headers and press Ctrl + S
to save.
Option: --fuzzer
The fuzzer is meant to test filters and Web Application Firewalls. It is painfully slow because it sends randomly* delay requests and the delay can be upto 30 seconds. To minimize the delay, set the delay to 1 second by using the -d
option.
python xsstrike.py -u "http://example.com/search.php?q=query" --fuzzer
Option: --skip
If you want XSStrike to continue the scan if a working payload found without asking you if you want to continue scanning then you can use this option. It will skip POC generation as well.
python xsstrike.py -u "http://example.com/search.php?q=query" --skip
Option: --skip-poc
You can use this option if you fine the POC generation feature irritating or error prone.
python xsstrike.py -u "http://example.com/search.php?q=query" --skip-poc
Option: --skip-dom
You may want to skip DOM XSS scanning while crawling to save you time.
python xsstrike.py -u "http://example.com/search.php?q=query" --skip-dom
Option: --update
If this option is enabled, XSStrike will check for updates. If a newer version will available, XSStrike will download and merge the updates into the current directory without overwriting other files.
python xsstrike.py --update