Not Your Regular XSS Scanner

Every XSS scanner out there just injects payloads in URL parameters and does literal string matching to see if the payload is reflected into the web page or not. So basically they do what a script kiddie does, copy and paste payloads. But is XSS about copy pasting payloads? No. That's why XSStrike uses context breaking technique to automatically generate payloads and then uses levensthian algorithm to look for the payload in the web page to avoid false positives/negatives.
It can fingerprint and fuzz WAFs, encode payloads, find hidden parameters and what not?


XSStrike looks visually stunning with its minimalistic color scheme but it won't look the same on Windows due to difference in...nevermind. A fix for this issue will be released soon.