-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Usage
usage: xsstrike.py [-h] [-u TARGET] [--data DATA] [-t THREADS]
[--fuzzer] [--update] [--timeout] [--params] [--crawl] [--blind]
[--verbose] [--skip-dom] [--headers] [--proxy] [-d DELAY] [-e ENCODING]
optional arguments:
-h, --help show this help message and exit
-u, --url target url
--data post data
-v, --verbose verbose output
-f, --file load payloads from a file
-t, --threads number of threads
-l, --level level of crawling
-t, --encode payload encoding
--fuzzer fuzzer
--update update
--timeout timeout
--params find params
--crawl crawl
--proxy use prox(y|ies)
--blind inject blind xss payloads while crawling
--skip skip confirmation dialogue and poc
--skip-dom skip dom checking
--headers add headers
-d, --delay delay between requests
Option: -u
or --url
Test a single webpage which uses GET method.
python xsstrike.py -u "http://example.com/search.php?q=query"
python xsstrike.py -u "http://example.com/search.php" --data "q=query"
Option: --crawl
Start crawling from the target webpage for targets and test them.
python xsstrike.py -u "http://example.com/page.php" --crawl
Option: -l
or --level
| Default: 2
This option let's you specify the depth of crawling.
python xsstrike.py -u "http://example.com/page.php" --crawl -l 3
Option: -f
or --file
You can load payloads from a file and check if they work. XSStrike will not perform any analysis in this mode.
python3 xsstrike.py -u "http://example.com/page.php?q=query" -f /path/to/file.txt
Using default
as file path with load XSStrike's default payloads.
Option: --params
Find hidden parameters by parsing HTML & bruteforcing.
python xsstrike.py -u "http://example.com/page.php" --params
Option: -t
or --threads
| Default: 2
It is possible to make concurrent requests to the target while crawling and -t
option can be used to specify the number of concurrent requests to make.
While threads can help to speed up crawling, they might also trigger security mechanisms. A high number of threads can also bring down small websites.
python xsstrike.py -u "http://example.com" -t 10 --crawl -l 3
Option: --timeout
| Default: 7
It is possible to specify a number of seconds to wait before considering the HTTP(S) request timed out.
python xsstrike.py -u "http://example.com/page.php?q=query" --timeout=4
Option: -d
or --delay
| Default: 0
It is possible to specify a number of seconds to hold between each HTTP(S) request. The valid value is a int, for instance 1 means a second.
python xsstrike.py -u "http://example.com/page.php?q=query" -d 2
Option: --headers
This option will open your text editor (default is 'nano') and you can simply paste your HTTP headers and press Ctrl + S
to save.
Option: --blind
Using this option while crawling will make XSStrike inject your blind XSS payload defined in core/config.py
to be injected to every parameter of every HTML form.
python xsstrike.py -u http://example.com/page.php?q=query --crawl --blind
Option: -e
or --encode
XSStrike can encode payloads on demand. Following encodings are supported as of now:
base64
python xsstrike.py -u "http://example.com/page.php?q=query" -e base64
Want an encoding to be supported? Open an issue.
Option: --fuzzer
The fuzzer is meant to test filters and Web Application Firewalls. It is painfully slow because it sends randomly* delay requests and the delay can be up to 30 seconds. To minimize the delay, set the delay to 1 second by using the -d
option.
python xsstrike.py -u "http://example.com/search.php?q=query" --fuzzer
Option: --proxy
| Default 0.0.0.0:8080
You have to set up your prox(y|ies) in core/config.py
and then you can use the --proxy
switch to use them whenever you want.
More information on setting up proxies can be found here.
python xsstrike.py -u "http://example.com/search.php?q=query" --proxy
Option: --skip
If you want XSStrike to continue the scan if a working payload found without asking you if you want to continue scanning then you can use this option. It will skip POC generation as well.
python xsstrike.py -u "http://example.com/search.php?q=query" --skip
Option: -v
or --verbose
It is possible to make XSStrike output more information about what's happening under the hood by using -v
option as follows:
python xsstrike.py -u "http://example.com/search.php?q=query" -v
Option: --skip-dom
You may want to skip DOM XSS scanning while crawling to save you time.
python xsstrike.py -u "http://example.com/search.php?q=query" --skip-dom
Option: --update
If this option is enabled, XSStrike will check for updates. If a newer version will available, XSStrike will download and merge the updates into the current directory without overwriting other files.
python xsstrike.py --update