Hey Folks, In this tutorial we are going to talk about an interesting tool that can be helpful for us during bug hunting. This tool is specifically designed for beginners who do not discover the vulnerability of cross site scripting in web applications. XSStrike is very powerful tool that tries multiple combinations of payloads to find xss vulnerabilities in web applications.

Lets take a look 🙂 !!


It is an open source tool hosted on github page and we will download it from github page by using the git tool. After the installation we have to go into the directory for the further process.

We have to install the pip tool to run this tool.

Now we can start this tool using python command.


For the testing purpose we will use the XVWA vulnerable web application. As we know it is an vulnerable web application so we will give the right location of vulnerability and identify does it work or not.
Usage 🙂 python3 xsstrike.py -u

We are surprised after getting the result because it has given us many payloads to exploit the vulnerability.


As we know fuzzing is the automated process of finding hack able software bugs and In this endeavor we are going to use this feature of this tool.


Crawling is an activity done by people to extract and retrieve the sensetive data from the website but in this case, this feature is created to find vulnerabilities in a website by adding one URL after another.


If you are a beginner then you can use this tool otherwise this tool is not much useful. Because there are many tools available here which are both open source and better.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact On Linkedin.

Leave a Reply

Your email address will not be published. Required fields are marked *