Xsstron
Powerful Chromium Browser to find XSS Vulnerabilites automatically while browsing web, it can detect many case scenarios with support for POST requests too.
Installation
Install Node.js and npm (https://www.npmjs.com/get-npm) or sudo apt install npm
After Node.js and npm successfully installed, now you can clone the repo files and install the xsstron
Some users using Debian/Ubuntu might not able to run the tool as i think it’s an issue with Electron itself, you can continue using the app in Window/OSX and Linux installed on Windows.
Known issues
Some users in certain linux distributions get into some problems try these
Kali/Debian users this fixes installation:
- In (package.json) change it to:
- try to update npm and nodejs to latest version
- delete node_modules and package-lock.json and reinstall
- in package.json change the electron devDepencies to (electron11-bin)
- install electron using (npm install electron) and run the app with electron using (electron .) with each step remember to delete the node_modules and package-lock.json and re install again using (npm install)
Failed to serialize arguments is known issue and might be fixed soon 🙂
Usage
Just browse the web like a normal web browser then it will automatically look for XSS vulns in background and show them in a new window with POC
Mass URL Scan To Find XSS Vulnerabilities
XSS GET request POC
XSS POST request POC
