[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-70738":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":25,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":35,"readmeContent":36,"aiSummary":37,"trendingCount":16,"starSnapshotCount":16,"syncStatus":38,"lastSyncTime":39,"discoverSource":40},70738,"XSStrike","s0md3v\u002FXSStrike","s0md3v","Most advanced XSS scanner.","",null,"Python",15013,2074,276,70,0,11,34,65,33,44.95,"GNU General Public License v3.0",false,"master",true,[27,28,29,30,31,32,33,34],"waf-detection","xss","xss-bruteforce","xss-detection","xss-exploit","xss-python","xss-scanner","xsstrike","2026-06-12 02:02:42","\u003Ch1 align=\"center\">\n  \u003Cbr>\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\">\u003Cimg src=\"https:\u002F\u002Fimage.ibb.co\u002FcpuYoA\u002Fxsstrike-logo.png\" alt=\"XSStrike\">\u003C\u002Fa>\n  \u003Cbr>\n  XSStrike\n  \u003Cbr>\n\u003C\u002Fh1>\n\n\u003Ch4 align=\"center\">Advanced XSS Detection Suite\u003C\u002Fh4>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Freleases\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Frelease\u002Fs0md3v\u002FXSStrike.svg\">\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Ftravis-ci.com\u002Fs0md3v\u002FXSStrike\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Ftravis\u002Fcom\u002Fs0md3v\u002FXSStrike.svg\">\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fissues?q=is%3Aissue+is%3Aclosed\">\n      \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues-closed-raw\u002Fs0md3v\u002FXSStrike.svg\">\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n![multi xss](https:\u002F\u002Fimage.ibb.co\u002FgOCV5L\u002FScreenshot-2018-11-19-13-33-49.png)\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fwiki\">XSStrike Wiki\u003C\u002Fa> •\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fwiki\u002FUsage\">Usage\u003C\u002Fa> •\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fwiki\u002FFAQ\">FAQ\u003C\u002Fa> •\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fwiki\u002FFor-Developers\">For Developers\u003C\u002Fa> •\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fwiki\u002FCompatibility-&-Dependencies\">Compatibility\u003C\u002Fa> •\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike#gallery\">Gallery\u003C\u002Fa>\n\u003C\u002Fp>\n\nXSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.\n\nInstead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine.\nHere are some examples of the payloads generated by XSStrike:\n```\n}]};(confirm)()\u002F\u002F\\\n\u003CA%0aONMouseOvER%0d=%0d[8].find(confirm)>z\n\u003C\u002FtiTlE\u002F>\u003Ca%0donpOintErentER%0d=%0d(prompt)``>z\n\u003C\u002FSCRiPT\u002F>\u003CDETAILs\u002F+\u002FonpoINTERenTEr%0a=%0aa=prompt,a()\u002F\u002F\n```\nApart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.\n\n### Main Features\n- Reflected and DOM XSS scanning\n- Multi-threaded crawling\n- Context analysis\n- Configurable core\n- WAF detection & evasion\n- Outdated JS lib scanning\n- Intelligent payload generator\n- Handmade HTML & JavaScript parser\n- Powerful fuzzing engine\n- Blind XSS support\n- Highly researched work-flow\n- Complete HTTP support\n- Bruteforce payloads from a file\n- Powered by [Photon](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FPhoton), [Zetanize](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002Fzetanize) and [Arjun](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FArjun)\n- Payload Encoding\n\n### Installation\nEnter the following commands one by one in terminal:\n```\ngit clone https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\ncd XSStrike\npip install -r requirements.txt --break-system-packages\n```\n\nNow, XSStrike can be used at any time as follows:\n```\npython xsstrike.py\n```\n\n### Documentation\n- [Usage](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fwiki\u002FUsage)\n- [Compatibility & Dependencies](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fwiki\u002FCompatibility-&-Dependencies)\n\n### FAQ\n- [It says fuzzywuzzy isn't installed but it is.](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fwiki\u002FFAQ#it-says-fuzzywuzzy-is-not-installed-but-its)\n- [What's up with Blind XSS?](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fwiki\u002FFAQ#whats-up-with-blind-xss)\n- [Why XSStrike boasts that it is the most advanced XSS detection suite?](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fwiki\u002FFAQ#why-xsstrike-boasts-that-it-is-the-most-advanced-xss-detection-suite)\n- [I like the project, what enhancements and features I can expect in future?](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fwiki\u002FFAQ#i-like-the-project-what-enhancements-and-features-i-can-expect-in-future)\n- [What's the false positive\u002Fnegative rate?](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fwiki\u002FFAQ#whats-the-false-positivenegative-rate)\n- [Tool xyz works against the target, while XSStrike doesn't!](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fwiki\u002FFAQ#tool-xyz-works-against-the-target-while-xsstrike-doesnt)\n- [Can I copy it's code?](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fwiki\u002FFAQ#can-i-copy-its-code)\n- [What if I want to embed it into a proprietary software?](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike\u002Fwiki\u002FFAQ#what-if-i-want-to-embed-it-into-a-proprietary-software)\n\n### Gallery\n#### DOM XSS\n![dom xss](https:\u002F\u002Fimage.ibb.co\u002FbQaQ5L\u002FScreenshot-2018-11-19-13-48-19.png)\n#### Reflected XSS\n![multi xss](https:\u002F\u002Fimage.ibb.co\u002FgJogUf\u002FScreenshot-2018-11-19-14-19-36.png)\n#### Crawling\n![crawling](https:\u002F\u002Fimage.ibb.co\u002Fe6Rezf\u002FScreenshot-2018-11-19-13-50-59.png)\n#### Fuzzing\n![fuzzing](https:\u002F\u002Fimage.ibb.co\u002FfnhuFL\u002FScreenshot-2018-11-19-14-04-46.png)\n#### Bruteforcing payloads from a file\n![bruteforcing](https:\u002F\u002Fimage.ibb.co\u002Fdy5EFL\u002FScreenshot-2018-11-19-14-08-36.png)\n#### Interactive HTTP Headers Prompt\n![headers](https:\u002F\u002Fimage.ibb.co\u002FecNph0\u002FScreenshot-2018-11-19-14-29-35.png)\n#### Hidden Parameter Discovery\n![arjun](https:\u002F\u002Fimage.ibb.co\u002Feffjh0\u002FScreenshot-2018-11-19-14-16-51.png)\n\n### Contribution, Credits & License\nWays to contribute\n- Suggest a feature\n- Report a bug\n- Fix something and open a pull request\n- Help me document the code\n- Spread the word\n\nLicensed under the GNU GPLv3, see [LICENSE](LICENSE) for more information.\n\nThe WAF signatures in `\u002Fdb\u002FwafSignatures.json` are taken & modified from [sqlmap](https:\u002F\u002Fgithub.com\u002Fsqlmapproject\u002Fsqlmap). I extracted them from sqlmap's waf detection modules which can found [here](https:\u002F\u002Fgithub.com\u002Fsqlmapproject\u002Fsqlmap\u002Fblob\u002Fmaster\u002Fwaf\u002F) and converted them to JSON.\\\n`\u002Fplugins\u002FretireJS.py` is a modified version of [retirejslib](https:\u002F\u002Fgithub.com\u002FFallibleInc\u002Fretirejslib\u002F).\n","XSStrike 是一个先进的跨站脚本（XSS）检测工具。它集成了四种手工编写的解析器、智能载荷生成器、强大的模糊测试引擎以及快速的爬虫功能，能够通过上下文分析来生成确保有效的攻击载荷，而不仅仅是简单地注入和检查。该工具支持反射型和DOM型XSS扫描、多线程爬取、WAF检测与绕过等功能，并且具有高度可配置的核心系统。XSStrike适用于需要对Web应用进行安全评估以发现潜在XSS漏洞的各种场景，尤其是当目标网站采取了较为复杂的安全防护措施时更为有效。",2,"2026-06-11 03:33:54","high_star"]