Hey Folks, In this tutorial we are going to talk about an interesting tool that can be helpful for us during bug hunting. This tool is specifically designed for beginners who do not discover the vulnerability of cross site scripting in web applications. XSStrike is very powerful tool that tries multiple combinations of payloads to find xss vulnerabilities in web applications.
Lets take a look 🙂 !!
It is an open source tool hosted on github page and we will download it from github page by using the git tool. After the installation we have to go into the directory for the further process.
git clone https://github.com/s0md3v/XSStrike.git
cd XSStrike
lsWe have to install the pip tool to run this tool.
apt install python3-pipNow we can start this tool using python command.
python3 xsstrike.pyFor the testing purpose we will use the XVWA vulnerable web application. As we know it is an vulnerable web application so we will give the right location of vulnerability and identify does it work or not.
Usage 🙂 python3 xsstrike.py -u
python3 xsstrike.py -u http://192.168.0.114/xvwa/vulnerabilities/reflected_xss/?item=We are surprised after getting the result because it has given us many payloads to exploit the vulnerability.
As we know fuzzing is the automated process of finding hack able software bugs and In this endeavor we are going to use this feature of this tool.
python3 xsstrike.py -u http://192.168.0.114/xvwa/vulnerabilities/reflected_xss/?item= --fuzzerCrawling is an activity done by people to extract and retrieve the sensetive data from the website but in this case, this feature is created to find vulnerabilities in a website by adding one URL after another.
python3 xsstrike.py -u http://192.168.0.114/xvwa/vulnerabilities/reflected_xss/?item= --crawlIf you are a beginner then you can use this tool otherwise this tool is not much useful. Because there are many tools available here which are both open source and better.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
The gau (Get All URLs) tool is a versatile open-source utility that collects URLs from…
Jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic…
Hey Folks :) !! In this tutorial, we will describe some of the techniques commonly…
Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…
Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…
Hey Folks, we are back today after such a long break, but don't worry we…
This website uses cookies.