Made with <3 By Ultimate Hackers


Get Started

Learn about the different features of XSStrike

and how to use them.

In depth working of all the features for the developers.

Want to contact us? Here you go.


Complete XSS detection and exploitation kit

Welcome to XSStrike Project Site

We are always here to respond

Spider finds all the links present in the homepage of the target and checks if HTML  forms present in them are vulnerable to XSS or not.



Striker is a payload bruteforcer which brutefoces all the parameters and opens the POC in a browser window. It can bypass WAFs and common filters with the carefully crafted payloads.

Fuzzer checks where and how many times the input gets refelcted and intelligently tries to break out of the context, it builds a suitable payload if successful.

I appreciate your interest in XSStrike.

Did you find a bug? We will fix it.

Are you a developer who wants to help or needs help with XSStrike? We are here to help you.

Do you want to request a new feature? We can add that.

Do you want to buy us a coffee? We would appreciate that.

Faceboook Page: Ultimate Hackers




Ninja is module dedicated to reverse engineering of rules of WAFs and filters. Ninja creates a beutiful table of what is being blocked and what is allowed. It measures filter strength and suggests payloads whenever possible.


HULK has a list of awesome polyglot payloads which can break out of many common contexts. Good thing is that you can fire these payloads into your browser just by pressing the enter key.

WAF DEtector

WAF Detector is an underlying feature which is fired first to check if a WAF is active on the target, it can currently detect Mod Security, WebKnight and F5 BIG IP.