### Install and Run XSStrike
Source: https://github.com/s0md3v/xsstrike/blob/master/README.md
Commands to clone the repository, install necessary dependencies via pip, and execute the main XSStrike script.
```bash
git clone https://github.com/s0md3v/XSStrike
cd XSStrike
pip install -r requirements.txt --break-system-packages
python xsstrike.py
```
--------------------------------
### Updating XSStrike
Source: https://github.com/s0md3v/xsstrike/wiki/Usage
Checks for and applies updates to the current installation. It merges changes without overwriting existing local files.
```bash
python xsstrike.py --update
```
--------------------------------
### Basic URL Scanning with XSStrike
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Scan a single URL for XSS vulnerabilities using GET or POST methods. XSStrike automatically detects WAF presence, analyzes reflection contexts, generates appropriate payloads, and tests them for successful execution. Supports JSON POST data and path injection.
```bash
python xsstrike.py -u "http://example.com/search.php?q=test"
python xsstrike.py -u "http://example.com/search.php" --data "q=test&category=all"
python xsstrike.py -u "http://example.com/api/search" --data '{"query":"test","limit":10}' --json
python xsstrike.py -u "http://example.com/search/test/results" --path
```
--------------------------------
### WAF Fuzzing Mode in XSStrike
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Test Web Application Firewall (WAF) filter rules by sending various XSS-related strings and analyzing responses. This helps identify which characters and patterns are blocked, filtered, or allowed through. Supports fuzzing GET and POST parameters, with options for reduced delay.
```bash
python xsstrike.py -u "http://example.com/search.php?q=test" --fuzzer
python xsstrike.py -u "http://example.com/search.php?q=test" --fuzzer -d 1
python xsstrike.py -u "http://example.com/search.php" --data "q=test" --fuzzer
```
--------------------------------
### Configuring Logging Levels
Source: https://github.com/s0md3v/xsstrike/wiki/Usage
Demonstrates how to set console and file logging levels to manage output verbosity. File logging requires the --file-log-level flag to be active to function.
```bash
python xsstrike.py -u "http://example.com/search.php?q=query" --console-log-level WARNING
python xsstrike.py -u "http://example.com/search.php?q=query" --console-log-level DEBUG
python xsstrike.py -u "http://example.com/search.php?q=query" --file-log-level INFO --log-file output.log
```
--------------------------------
### Using Proxies in XSStrike
Source: https://github.com/s0md3v/xsstrike/wiki/Usage
Enables proxy support for requests. Proxies must be pre-configured in the core/config.py file before this flag can be utilized.
```bash
python xsstrike.py -u "http://example.com/search.php?q=query" --proxy
```
--------------------------------
### Configure Proxy Settings
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Route traffic through an HTTP proxy for debugging or anonymity. Requires prior configuration in core/config.py.
```bash
python xsstrike.py -u "http://example.com/search.php?q=test" --proxy
python xsstrike.py -u "http://example.com" --crawl --proxy -l 3
```
--------------------------------
### Manage Custom HTTP Headers
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Configure custom HTTP headers for authentication or specific request requirements. Headers can be passed via command line or an interactive editor.
```bash
python xsstrike.py -u "http://example.com/search.php?q=test" --headers "Cookie: session=abc123\nAuthorization: Bearer token123\nX-Custom: value"
python xsstrike.py -u "http://example.com/search.php?q=test" --headers
```
--------------------------------
### POST /core/photon
Source: https://context7.com/s0md3v/xsstrike/llms.txt
A multi-threaded web crawler that discovers forms, parameters, and links while optionally performing DOM vulnerability checks.
```APIDOC
## POST /core/photon
### Description
Crawls a website to map its structure, extracting forms and parameters for further security testing.
### Method
POST
### Endpoint
/core/photon
### Parameters
#### Request Body
- **seedUrl** (string) - Required - The starting URL.
- **level** (int) - Required - Crawling depth.
- **threadCount** (int) - Required - Number of concurrent threads.
- **skipDOM** (boolean) - Required - Whether to skip DOM XSS scanning.
### Response
#### Success Response (200)
- **forms** (list) - Discovered forms with actions and inputs.
- **processed_urls** (list) - Set of all crawled URLs.
```
--------------------------------
### XSStrike Configuration Settings (Python)
Source: https://context7.com/s0md3v/xsstrike/llms.txt
This Python code snippet defines key configuration variables for the XSStrike tool. It includes settings for blind XSS payloads, proxy servers, minimum payload efficiency, request delays and timeouts, event handlers for payload generation, JavaScript functions for popups, built-in payloads for bruteforce mode, and fuzz strings for WAF testing. These settings allow users to customize the behavior and targeting of the XSStrike scanner.
```python
# core/config.py - Key configuration options
# Blind XSS payload (set your XSS hunter payload here)
blindPayload = '\">'
# Proxy configuration
proxies = {
'http': 'http://127.0.0.1:8080',
'https': 'http://127.0.0.1:8080'
}
# Minimum payload efficiency to display
minEfficiency = 90
# Request settings
delay = 0 # Default delay between requests
threadCount = 10 # Default thread count
timeout = 10 # Default request timeout
# Event handlers for payload generation
eventHandlers = {
'ontoggle': ['details'],
'onpointerenter': ['d3v', 'details', 'html', 'a'],
'onmouseover': ['a', 'html', 'd3v']
}
# JavaScript functions for popups
functions = (
'[8].find(confirm)', 'confirm()',
'(confirm)()', 'co\\u006efir\\u006d()',
'(prompt)``', 'a=prompt,a()'
)
# Built-in payloads for bruteforce mode
payloads = (
'\'"',
# ... more payloads
)
# Fuzz strings for WAF testing
fuzzes = (
'', '',
'',
# ... more fuzz strings
)
```
--------------------------------
### Execute Configurable HTTP Requests
Source: https://context7.com/s0md3v/xsstrike/llms.txt
The requester function acts as the core HTTP handler, supporting GET/POST methods, JSON payloads, proxy routing, and automatic User-Agent rotation for stealthy interaction with target servers.
```python
def requester(url, data, headers, GET, delay, timeout):
"""
Make HTTP request with configured options.
"""
pass
```
--------------------------------
### Fuzzing with XSStrike
Source: https://github.com/s0md3v/xsstrike/wiki/Usage
Enables the fuzzer to test filters and WAFs. The fuzzer uses random delays, which can be adjusted using the -d flag to improve performance.
```bash
python xsstrike.py -u "http://example.com/search.php?q=query" --fuzzer
```
--------------------------------
### Extract and Write URL Parameters via document.writeln
Source: https://github.com/s0md3v/xsstrike/blob/master/test.html
Uses the URL API to parse the current location and write a specific query parameter to the document using writeln. This is a common sink for testing DOM XSS.
```javascript
document.writeln(new URL(window.location.href).searchParams.get("a"));
```
--------------------------------
### Configure Logging Levels
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Set verbosity levels for console output and file logging to assist in debugging and auditing scan results.
```bash
python xsstrike.py -u "http://example.com/search.php?q=test" --console-log-level WARNING
python xsstrike.py -u "http://example.com/search.php?q=test" --file-log-level INFO --log-file scan_results.log
```
--------------------------------
### POST /scan
Source: https://context7.com/s0md3v/xsstrike/llms.txt
The main scanning function that orchestrates DOM checking, WAF detection, context analysis, payload generation, and verification.
```APIDOC
## POST /scan
### Description
Orchestrates the XSS vulnerability scanning process for a target URL, including WAF detection and payload verification.
### Method
POST
### Endpoint
/scan
### Parameters
#### Request Body
- **target** (string) - Required - Target URL to scan
- **paramData** (dict) - Optional - POST parameters
- **encoding** (function) - Optional - Encoding function
- **headers** (dict) - Optional - HTTP headers
- **delay** (float) - Optional - Delay between requests
- **timeout** (int) - Optional - Request timeout
- **skipDOM** (boolean) - Optional - Skip DOM XSS check
- **skip** (boolean) - Optional - Skip confirmation prompts
### Request Example
{
"target": "http://example.com/search",
"paramData": {"q": "test"},
"skipDOM": false
}
### Response
#### Success Response (200)
- **status** (string) - Scan completion status
- **vulnerabilities** (list) - List of discovered XSS vectors
```
--------------------------------
### POST /core/wafDetector
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Analyzes a target URL and its parameters to detect the presence of a Web Application Firewall (WAF) by injecting noisy payloads and inspecting response patterns.
```APIDOC
## POST /core/wafDetector
### Description
Detects WAF presence by injecting a malicious payload and analyzing the response status, headers, and content patterns against known signatures.
### Method
POST
### Endpoint
/core/wafDetector
### Parameters
#### Request Body
- **url** (string) - Required - The target URL to scan.
- **params** (dict) - Required - Request parameters.
- **headers** (dict) - Required - HTTP headers to include in the request.
- **GET** (boolean) - Required - True for GET, False for POST.
- **delay** (int) - Required - Delay between requests in seconds.
- **timeout** (int) - Required - Request timeout in seconds.
### Response
#### Success Response (200)
- **waf_name** (string|null) - The name of the detected WAF, or null if none found.
```
--------------------------------
### Extract and Write URL Parameters via document.write
Source: https://github.com/s0md3v/xsstrike/blob/master/test.html
Uses URLSearchParams to retrieve a value from the query string and write it directly to the document. This method is often used to demonstrate injection vulnerabilities.
```javascript
document.write(new URLSearchParams(window.location.search).get("b"));
```
--------------------------------
### POST /core/requester
Source: https://context7.com/s0md3v/xsstrike/llms.txt
A robust HTTP request handler that supports proxying, automatic User-Agent rotation, and JSON data submission.
```APIDOC
## POST /core/requester
### Description
Executes HTTP requests with advanced features like path injection, proxy support, and automatic User-Agent rotation.
### Method
POST
### Endpoint
/core/requester
### Parameters
#### Request Body
- **url** (string) - Required - Target URL.
- **data** (dict) - Required - Request payload.
- **GET** (boolean) - Required - Request method type.
### Response
#### Success Response (200)
- **response** (object) - The standard requests.Response object.
```
--------------------------------
### POST /generate-payloads
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Generates context-aware XSS payloads based on reflection analysis and filter effectiveness.
```APIDOC
## POST /generate-payloads
### Description
Generates a set of XSS payloads tailored to the specific reflection context identified by the HTML parser.
### Method
POST
### Endpoint
/generate-payloads
### Parameters
#### Request Body
- **occurences** (dict) - Required - Context details from htmlParser
- **response** (string) - Required - Raw response text
### Request Example
{
"occurences": {"25": {"context": "script", "details": {"quote": "\""}}},
"response": ""
}
### Response
#### Success Response (200)
- **payloads** (dict) - Payloads categorized by confidence level (1-11)
```
--------------------------------
### Execute URL Parameters via eval
Source: https://github.com/s0md3v/xsstrike/blob/master/test.html
Retrieves a parameter from the query string and executes it as JavaScript code using eval. This is a high-risk sink that can lead to arbitrary code execution.
```javascript
eval(new URLSearchParams(window.location.search).get("c") || "");
```
--------------------------------
### POST /parse-html
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Analyzes HTTP responses to identify XSS reflection contexts such as HTML, attribute, script, or comment tags.
```APIDOC
## POST /parse-html
### Description
Parses the raw HTTP response to identify where user input is reflected and the specific context of that reflection.
### Method
POST
### Endpoint
/parse-html
### Parameters
#### Request Body
- **response** (object) - Required - The requests.Response object
- **encoding** (function) - Optional - Encoding function
### Request Example
{
"response": "test
"
}
### Response
#### Success Response (200)
- **position** (dict) - Map of reflection positions and context details
#### Response Example
{
"42": {"context": "attribute", "details": {"tag": "div", "type": "value", "quote": "\""}}
}
```
--------------------------------
### Crawl Websites for Forms and Parameters
Source: https://context7.com/s0md3v/xsstrike/llms.txt
The photon function provides a multi-threaded web crawler that discovers forms, parameters, and links, while optionally performing DOM vulnerability checks and identifying outdated JavaScript libraries.
```python
def photon(seedUrl, headers, level, threadCount, delay, timeout, skipDOM):
"""
Crawl website to discover forms and parameters.
"""
pass
```
--------------------------------
### Detect WAF via Payload Analysis
Source: https://context7.com/s0md3v/xsstrike/llms.txt
The wafDetector function identifies Web Application Firewalls by injecting a noisy payload and analyzing the HTTP response status, headers, and content against known WAF signatures.
```python
def wafDetector(url, params, headers, GET, delay, timeout):
"""
Detect WAF by analyzing response to malicious payload.
"""
pass
```
--------------------------------
### Orchestrate XSS Scan Workflow
Source: https://context7.com/s0md3v/xsstrike/llms.txt
The scan function serves as the primary entry point for the vulnerability assessment process. It coordinates DOM checking, WAF detection, and the iterative injection and verification of payloads across target parameters.
```python
def scan(target, paramData, encoding, headers, delay, timeout, skipDOM, skip):
"""
Perform XSS vulnerability scan on a target URL.
"""
pass
```
--------------------------------
### Automating Scans with Skip Flags
Source: https://github.com/s0md3v/xsstrike/wiki/Usage
Utilizes flags to skip user confirmation prompts and DOM scanning. These options are useful for automating batch scans and reducing execution time.
```bash
python xsstrike.py -u "http://example.com/search.php?q=query" --skip
python xsstrike.py -u "http://example.com/search.php?q=query" --skip-dom
```
--------------------------------
### Payload Bruteforcing with XSStrike
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Test custom payloads from a file or use XSStrike's built-in payload list. This mode skips context analysis and directly tests if payloads are reflected unmodified. Can use default payloads or specify a custom file.
```bash
python xsstrike.py -u "http://example.com/search.php?q=test" -f default
```
--------------------------------
### Analyze HTML Reflection Contexts
Source: https://context7.com/s0md3v/xsstrike/llms.txt
The htmlParser function processes HTTP responses to identify where user input is reflected. It categorizes the reflection into specific contexts like HTML body, attributes, scripts, or comments to inform payload generation.
```python
def htmlParser(response, encoding):
"""
Parse HTTP response to find XSS injection contexts.
"""
pass
```
--------------------------------
### Control Request Timing and Delays
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Adjust request frequency and timeouts to bypass rate limiting or handle slow server responses.
```bash
python xsstrike.py -u "http://example.com/search.php?q=test" -d 2
python xsstrike.py -u "http://example.com/search.php?q=test" --timeout 4
python xsstrike.py -u "http://example.com" --crawl -t 5 -d 1 --timeout 5 -l 3
```
--------------------------------
### Bruteforce XSS Payloads with XSStrike
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Perform XSS bruteforcing using custom payload files or POST parameters. This allows for testing specific injection vectors against target parameters.
```bash
python xsstrike.py -u "http://example.com/search.php?q=test" -f /path/to/payloads.txt
python xsstrike.py -u "http://example.com/search.php" --data "q=test" -f payloads.txt -e base64
```
--------------------------------
### POST /core/dom
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Analyzes provided JavaScript or HTML response content to identify potential DOM-based XSS vulnerabilities by tracking data flow from sources to sinks.
```APIDOC
## POST /core/dom
### Description
Scans response text for DOM XSS by identifying tainted variables flowing from user-controllable sources (e.g., location.href) to dangerous sinks (e.g., innerHTML).
### Method
POST
### Endpoint
/core/dom
### Parameters
#### Request Body
- **response** (string) - Required - The HTTP response text to analyze.
### Response
#### Success Response (200)
- **vulnerabilities** (list) - A list of highlighted lines showing the path from source to sink.
```
--------------------------------
### Web Crawling Mode in XSStrike
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Crawl a target website to discover and test multiple endpoints automatically. The crawler extracts forms, parameters, and links, then tests each discovered parameter for XSS vulnerabilities. Supports custom depth and multi-threading, and can load seed URLs from a file.
```bash
python xsstrike.py -u "http://example.com" --crawl
python xsstrike.py -u "http://example.com" --crawl -l 5 -t 10
python xsstrike.py --seeds urls.txt --crawl -l 3
python xsstrike.py -u "http://example.com" --seeds additional_urls.txt --crawl -l 4
```
--------------------------------
### Blind XSS Injection with XSStrike
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Inject blind XSS payloads during crawling to detect stored XSS vulnerabilities that execute in different contexts. Requires configuring the blind payload in core/config.py. Can be combined with increased crawl depth and multi-threading.
```bash
# First, configure blind payload in core/config.py:
# blindPayload = '\">'
python xsstrike.py -u "http://example.com" --crawl --blind
python xsstrike.py -u "http://example.com" --crawl -l 4 --blind -t 5
```
--------------------------------
### Perform DOM XSS Detection
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Scan for DOM-based XSS vulnerabilities by analyzing client-side JavaScript. This feature can be toggled to optimize scan speed.
```bash
python xsstrike.py -u "http://example.com/page.php?id=1"
python xsstrike.py -u "http://example.com/page.php?id=1" --skip-dom
```
--------------------------------
### Apply Payload Encoding
Source: https://context7.com/s0md3v/xsstrike/llms.txt
Encode payloads to bypass security filters or meet specific application requirements.
```bash
python xsstrike.py -u "http://example.com/search.php?q=test" -e base64
python xsstrike.py -u "http://example.com/search.php?q=test" -f payloads.txt -e base64
```
--------------------------------
### Inject URL Parameters into DOM via innerHTML
Source: https://github.com/s0md3v/xsstrike/blob/master/test.html
Retrieves a parameter from the query string and injects it into a specific DOM element using innerHTML. This can lead to XSS if the input is not properly sanitized.
```javascript
document.querySelector("#xss-d").innerHTML = new URLSearchParams(window.location.search).get("d");
```
--------------------------------
### Generate Context-Aware XSS Payloads
Source: https://context7.com/s0md3v/xsstrike/llms.txt
The generator function creates tailored XSS payloads based on the reflection context identified by the parser. It organizes payloads by confidence level, ranging from simple HTML injections to complex attribute breakouts.
```python
def generator(occurences, response):
"""
Generate XSS payloads based on reflection contexts.
"""
pass
```
--------------------------------
### Analyze DOM XSS Vulnerabilities
Source: https://context7.com/s0md3v/xsstrike/llms.txt
The dom function performs static analysis on JavaScript code to track data flow from user-controllable sources to dangerous execution sinks, highlighting potential DOM-based XSS vulnerabilities.
```python
def dom(response):
"""
Analyze response for DOM XSS vulnerabilities.
"""
pass
```
=== COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.