XSSTRON: Find XSS with Electron JS Browser

XSSTRON is a powerful Chromium browser for automatically finding XSS Vulnerabilites while browsing the web. It can detect many scripts in different cases with support for POST requests as well.


Install Node.js and npm (https://www.npmjs.com/get-npm) or (sudo apt install npm) Download this repo files or (git clone https://github.com/RenwaX23/XSSTRON) cd XSSTRON npm install npm start

Some users using Debian / Ubuntu may not be able to run the tool, as I think there is a problem with Electron itself. However, you can use the application on Windows / OSX and Linux installed on Windows Machines.


Just browse the web as you would with a normal browser and then it's off to a good startautomatically for XSS vulns in the background and will show them in a new POC window

GET request for POC

POST POC request


Kali / Debian users fix the installation:

sudo apt install npm sudo npm install -g electron --unsafe-perm = true --allow-root cd XSSTRON sudo npm install electron. --no-sandbox
  • In (package.json) change it to:
  "devDependencies": {"electron": "^ 10"},
  • Try updating npm and nodejs to the latest version.
  • delete node_modules and package-lock.json and reinstall them.
  • in package.json change electron devDepencies to (electron11-bin).
  • install electron using (npm install electron) and run the electron application. At each step remember to delete the node_modules and package-lock.json and reinstall using the npm installation.

You can download the program from here.

iGuRu.gr The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).