// arsenal·Web AppSecIntermediateFOSS

XSStrike

Advanced XSS detection suite with context-aware payload generation.

Web AppSec

$ xsstrike --help

XSStrike

// what it is

Description

s0md3v's XSS finder that goes beyond grep-style detection — it parses HTML context (attribute, tag, script block) and generates payloads tailored to each. Includes a built-in payload mutator.

// use cases

What people use it for

Find reflected XSS automatically
Confirm DOM-based XSS

// commands

The commands you'll type

Crawl + fuzz

$ python xsstrike.py -u 'https://target/page?q=test' --crawl

// facts

category: Web AppSec
platforms: LIN · WIN · MAC
license: FOSS
difficulty: Intermediate

// links

// related in Web AppSec

Web AppSecIntermediate

Burp Suite

PortSwigger's intercepting HTTP proxy — the de facto web app testing platform.

OWASP ZAP

The free, OWASP-stewarded alternative to Burp.

Nikto

Loud-but-fast web server scanner — checks for thousands of misconfigurations.

FOSS

LIN·WIN·MAC

open entry →