XSSTRON is a powerful Chromium browser for automatically finding XSS Vulnerabilites while browsing the web. It can detect many scripts in different cases with support for POST requests as well.
Table of Contents
Installation
Install Node.js and npm (https://www.npmjs.com/get-npm) or (sudo apt install npm) Download this repo files or (git clone https://github.com/RenwaX23/XSSTRON) cd XSSTRON npm install npm start
Some users using Debian / Ubuntu may not be able to run the tool, as I think there is a problem with Electron itself. However, you can use the application on Windows / OSX and Linux installed on Windows Machines.
Use
Just browse the web like you would with a regular browser and then it will automatically search for XSS vulns in the background and show them in a new POC window
GET request for POC
POST POC request
Corrections
Kali / Debian users fix the installation:
sudo apt install npm sudo npm install -g electron --unsafe-perm = true --allow-root cd XSSTRON sudo npm install electron. --no-sandbox
- In (package.json) change it to:
"devDependencies": {"electron": "^ 10"},
- Try updating npm and nodejs to the latest version.
- delete node_modules and package-lock.json and reinstall them.
- in package.json change electron devDepencies to (electron11-bin).
- install electron using (npm install electron) and run the electron application. At each step remember to delete the node_modules and package-lock.json and reinstall using the npm installation.
You can download the program from here.