# XSS Tools

## XSStrike

```text
git clone https://github.com/s0md3v/XSStrike.git
pip3 install -r XSStrike/requirements.txt
```

**Basic Usage\(Get\):**  
python3 xsstrike.py --headers -u "http://localhost/vulnerabilities/xss\_r/?name=asd"  
**Basic Usage\(Post\):**  
python xsstrike.py -u "http://example.com/search.php" --data "q=query"  
**Crawling\(depth=2 default\):**  
python xsstrike.py -u "http://example.com/page.php" --crawl -l 3  
**Find hidden parameters:**  
python xsstrike.py -u "http://example.com/page.php" --params  
**Extra:**  
--headers \#Set custom headers \(like cookies\). It is necessary to set every time  
--skip-poc  
--skip-dom \#Skip DOM XSS scanning

## BruteXSS

```text
git clone https://github.com/rajeshmajumdar/BruteXSS
```

Tool to find vulnerable \(GET or POST\) parameter to XSS using a list of payloads with a GUI.  
Custom headers \(like cookies\) can not be configured.

## XSSer

[https://github.com/epsylon/xsser](https://github.com/epsylon/xsser)  
Already installed in Kali.  
Complete tool to find XSS.

**Basic Usage\(Get\):**  
  
The tool doesnt send the payload:\(

## XSSCrapy

```text
git clone https://github.com/DanMcInerney/xsscrapy
```

Not recommended. A lot of unnecessary output, and it doesn\`t work properly.

## DalFOx

[https://github.com/hahwul/dalfox](https://github.com/hahwul/dalfox)