XSStrike
XSStrike XSStrike is the intelligent XSS fuzzer that crafts context-aware payloads, bypassing WAFs with evasion techniques and parsing responses for reflective hits in real-time audits. Run its Python script on URLs with --fuzzer for automated scans, customizing contexts for DOM or stored tests. Open-source from s0md3v, it's the payload pioneer for pentesters templating advanced XSS chains.
Explore →Dalfox
Dalfox Dalfox is the comprehensive XSS scanner with blind payload tracking via callbacks, fuzzing params and headers for reflected or DOM-based vulns in single or batch modes. Launch its Go CLI on endpoints with -b for out-of-band tests, analyzing chains for confirmation. Open-source from hahwul, it's the blind beacon for web warriors hunting delayed executions.
Explore →XSSer
XSSer XSSer is the automated framework for discovering and exploiting XSS across vectors like GET/POST or DOM, with WAF bypasses and payload generators for thorough coverage. Fire up its Python CLI with -u for targets, selecting attack types for customized blasts. Open-source from epsylon3, it's the vector virtuoso for auditors templating multi-flavor XSS assaults.
Explore →xsshunter
XSS Hunter xsshunter is the blind XSS platform that generates unique payloads for tracking hits via webhooks, monitoring callbacks for delayed or stored executions in long-term hunts. Deploy via its Node.js dashboard, embedding hooks in tests for automated alerts. Open-source from mandatoryprogrammer, it's the patient predator for pentesters setting XSS traps.
Explore →nuclei-xss-templates
Nuclei XSS Templates nuclei-xss-templates uses YAML rules to probe for XSS sinks in forms and APIs, matching responses for payload executions with custom evasion strings for WAF dodges. Clone the pack, run via Nuclei CLI on scopes for severity-tagged hits. Open-source from projectdiscovery, it's the template trapper for scalable XSS detection in recon.
Explore →beef
BeEF BeEF is the browser exploitation framework that hooks XSS victims for post-ex commands, testing session hijacks or phishing via injected JS payloads in controlled labs. Start its Ruby server, embed hooks in vulns, and command browsers from the UI. Open-source from beefproject, it's the hook handler for client-side pentesters templating browser takeovers.
Explore →jsluice
jsluice jsluice extracts XSS sinks and sources from JS files, mapping potential vectors for DOM-based attacks with static analysis in recon phases. Run its Go CLI on bundles for JSON outputs of callable functions. Open-source from mandiant, it's the JS juicer for web auditors templating client-side XSS paths.
Explore →xss-fuzzer
XSS Fuzzer xss-fuzzer is the mutation engine for crafting polyglot payloads, fuzzing contexts like attributes or events to bypass filters in automated XSS hunts. Configure via Python with wordlists, running against forms for hit confirmation. Open-source from community, it's the polyglot pioneer for researchers templating evasion tests.
Explore →dom-xss-tester
DOM XSS Tester dom-xss-tester probes JS sinks for DOM-based XSS by injecting payloads and tracing execution paths with custom source trackers. Script its JS engine for browser tests, logging reflections for vuln confirmation. Open-source from PortSwigger, it's the DOM detective for client-side pentesters mapping sink-source flows.
Explore →xss-payload-list