XSSTRON is a powerful program browsing Chromium for automatic Finding XSS Vulnerabilites while browsing the web. It can detect a lot scripts of various cases with support and for POST requests.
Installation
Install Node.js and npm (https://www.npmjs.com/get-npm) or (sudo apt install npm) Download this repo files or (git clone https://github.com/RenwaX23/XSSTRON) cd XSSTRON npm install npm start
Some users using Debian/Ubuntu they may not be able to run the tool as I think there is a problem with Electron itself. But you can use the application on Windows/OSX and Linux installed on Windows Machines.
Use
Just browse the web like you would with a regular browser and then it will automatically search for XSS vulns in the background and show them in a new POC window
GET request for POC
POST POC request
Corrections
Kali / Debian users fix the installation:
sudo apt install npm sudo npm install -g electron --unsafe-perm = true --allow-root cd XSSTRON sudo npm install electron. --no-sandbox
- In (package.json) change it to:
"devDependencies": {"electron": "^ 10"},
- Try updating npm and nodejs to the latest version.
- delete node_modules and package-lock.json and reinstall them.
- in package.json change electron devDepencies to (electron11-bin).
- install electron using (npm install electron) and run the electron application. At each step remember to delete the node_modules and package-lock.json and reinstall using the npm installation.
You can download the program from here.