Packages and Binaries:
xsstrike
Most advanced XSS scanner
XSStrike is a Cross Site Scripting detection suite equipped with four hand
written parsers, an intelligent payload generator, a powerful fuzzing engine
and an incredibly fast crawler.
Installed size: 179 KB
How to install: sudo apt install xsstrike
Dependencies:
- python3
- python3-fuzzywuzzy
- python3-requests
- python3-tld
xsstrike
root@kali:~# xsstrike -h
XSStrike v3.1.5
usage: xsstrike.py [-h] [-u TARGET] [--data PARAMDATA] [-e ENCODE] [--fuzzer]
[--update] [--timeout TIMEOUT] [--proxy] [--crawl] [--json]
[--path] [--seeds ARGS_SEEDS] [-f ARGS_FILE] [-l LEVEL]
[--headers [ADD_HEADERS]] [-t THREADCOUNT] [-d DELAY]
[--skip] [--skip-dom] [--blind]
[--console-log-level {DEBUG,INFO,RUN,GOOD,WARNING,ERROR,CRITICAL,VULN}]
[--file-log-level {DEBUG,INFO,RUN,GOOD,WARNING,ERROR,CRITICAL,VULN}]
[--log-file LOG_FILE]
options:
-h, --help show this help message and exit
-u, --url TARGET url
--data PARAMDATA post data
-e, --encode ENCODE encode payloads
--fuzzer fuzzer
--update update
--timeout TIMEOUT timeout
--proxy use prox(y|ies)
--crawl crawl
--json treat post data as json
--path inject payloads in the path
--seeds ARGS_SEEDS load crawling seeds from a file
-f, --file ARGS_FILE load payloads from a file
-l, --level LEVEL level of crawling
--headers [ADD_HEADERS]
add headers
-t, --threads THREADCOUNT
number of threads
-d, --delay DELAY delay between requests
--skip don't ask to continue
--skip-dom skip dom checking
--blind inject blind XSS payload while crawling
--console-log-level {DEBUG,INFO,RUN,GOOD,WARNING,ERROR,CRITICAL,VULN}
Console logging level
--file-log-level {DEBUG,INFO,RUN,GOOD,WARNING,ERROR,CRITICAL,VULN}
File logging level
--log-file LOG_FILE Name of the file to log
Updated on: 2026-Mar-13