Skip to content

Usage

Jump to bottom
Somdev Sangwan edited this page Nov 11, 2018 · 25 revisions 
usage: xsstrike.py [-h] [-u TARGET] [--data DATA] [-t THREADS]
                   [--fuzzer] [--update] [--timeout] [--params] [--crawl]
                   [--skip-poc] [--skip-dom] [--headers] [-d DELAY]

optional arguments:
  -h, --help            show this help message and exit
  -u, --url             target url
  --data                post data
  -t, --threads         number of threads
  -l, --level           level of crawling
  --fuzzer              fuzzer
  --update              update
  --timeout             timeout
  --params              find params
  --crawl               crawl
  --skip                skip confirmation dialogue and poc
  --skip-poc            skip poc generation
  --skip-dom            skip dom checking
  --headers             add headers
  -d, --delay           delay between requests

Scan a single URL

Option: -u or --url

Test a single webpage which uses GET method.

python xsstrike.py -u "http://example.com/search.php?q=query"

Supplying POST data

python xsstrike.py -u "http://example.com/search.php" --data "q=query"

Crawling

Option: --crawl

Start crawling from the target webpage for targets and test them.

python xsstrike.py -u "http://example.com/page.php" --crawl

Crawling depth

Option: -l or --level | Default: 2

This option let's you specify the depth of crawling.

python xsstrike.py -u "http://example.com/page.php" --crawl -l 3

Find hidden parameters

Option: --params

Find hidden parameters by parsing HTML & bruteforcing.

python xsstrike.py -u "http://example.com/page.php" --params

Number of threads

Option: -t or --threads | Default: 2

It is possible to make concurrent requests to the target while crawling and -t option can be used to specify the number of concurrent requests to make. While threads can help to speed up crawling, they might also trigger security mechanisms. A high number of threads can also bring down small websites.

python xsstrike.py -u "http://example.com" -t 10 --crawl -l 3

Timeout

Option: --timeout | Default: 7

It is possible to specify a number of seconds to wait before considering the HTTP(S) request timed out.

python xsstrike.py -u "http://example.com/page.php?q=query" --timeout=4

Delay

Option: -d or --delay | Default: 0

It is possible to specify a number of seconds to hold between each HTTP(S) request. The valid value is a int, for instance 1 means a second.

python xsstrike.py -u "http://example.com/page.php?q=query" -d 2

Supply HTTP headers

Option: --headers

This option will open your text editor (default is 'nano') and you can simply paste your HTTP headers and press Ctrl + S to save.

headers demo

Fuzzing

Option: --fuzzer

The fuzzer is meant to test filters and Web Application Firewalls. It is painfully slow because it sends randomly* delay requests and the delay can be upto 30 seconds. To minimize the delay, set the delay to 1 second by using the -d option.

python xsstrike.py -u "http://example.com/search.php?q=query" --fuzzer

Skip Confirmation Prompt

Option: --skip

If you want XSStrike to continue the scan if a working payload found without asking you if you want to continue scanning then you can use this option. It will skip POC generation as well.

python xsstrike.py -u "http://example.com/search.php?q=query" --skip

Skip POC Generation

Option: --skip-poc

You can use this option if you fine the POC generation feature irritating or error prone.

python xsstrike.py -u "http://example.com/search.php?q=query" --skip-poc

Skip DOM Scanning

Option: --skip-dom

You may want to skip DOM XSS scanning while crawling to save you time.

python xsstrike.py -u "http://example.com/search.php?q=query" --skip-dom

Update

Option: --update

If this option is enabled, XSStrike will check for updates. If a newer version will available, XSStrike will download and merge the updates into the current directory without overwriting other files.

python xsstrike.py --update

Clone this wiki locally