【Web安全】xsstrike工具使用方法表格

本文链接：https://blog.csdn.net/likinguuu/article/details/134630141

xsstrike工具使用方法表格

版本：XSStrike v3.1.5

项目地址：

https://github.com/s0md3v/XSStrike

使用文档：

usage: xsstrike.py [-h] [-u TARGET] [--data PARAMDATA] [-e ENCODE] [--fuzzer] [--update] [--timeout TIMEOUT] [--proxy]
                   [--crawl] [--json] [--path] [--seeds ARGS_SEEDS] [-f ARGS_FILE] [-l LEVEL]
                   [--headers [ADD_HEADERS]] [-t THREADCOUNT] [-d DELAY] [--skip] [--skip-dom] [--blind]
                   [--console-log-level {DEBUG,INFO,RUN,GOOD,WARNING,ERROR,CRITICAL,VULN}]
                   [--file-log-level {DEBUG,INFO,RUN,GOOD,WARNING,ERROR,CRITICAL,VULN}] [--log-file LOG_FILE]

optional arguments:
  -h, --help            show this help message and exit
  -u TARGET, --url TARGET
                        url
  --data PARAMDATA      post data
  -e ENCODE, --encode ENCODE
                        encode payloads
  --fuzzer              fuzzer
  --update              update
  --timeout TIMEOUT     timeout
  --proxy               use prox(y|ies)
  --crawl               crawl
  --json                treat post data as json
  --path                inject payloads in the path
  --seeds ARGS_SEEDS    load crawling seeds from a file
  -f ARGS_FILE, --file ARGS_FILE
                        load payloads from a file
  -l LEVEL, --level LEVEL
                        level of crawling
  --headers [ADD_HEADERS]
                        add headers
  -t THREADCOUNT, --threads THREADCOUNT
                        number of threads
  -d DELAY, --delay DELAY
                        delay between requests
  --skip                don't ask to continue
  --skip-dom            skip dom checking
  --blind               inject blind XSS payload while crawling
  --console-log-level {DEBUG,INFO,RUN,GOOD,WARNING,ERROR,CRITICAL,VULN}
                        Console logging level
  --file-log-level {DEBUG,INFO,RUN,GOOD,WARNING,ERROR,CRITICAL,VULN}
                        File logging level
  --log-file LOG_FILE   Name of the file to log

使用方法表格

参数	描述	使用示例
`-h`, `--help`	显示帮助信息并退出	`python3 xsstrike.py -h`
`-u TARGET`, `--url TARGET`	指定目标URL	`python3 xsstrike.py -u http://example.com/111.php?q=123`
`--data PARAMDATA`	提供POST数据	`python3 xsstrike.py --data "username=admin"`
`-e ENCODE`, `--encode ENCODE`	有效载荷编码	`python3 xsstrike.py -e base64`
`--fuzzer`	启动模糊测试器	`python3 xsstrike.py --fuzzer`
`--update`	更新XSstrike	`python3 xsstrike.py --update`
`--timeout TIMEOUT`	设置请求超时时间	`python3 xsstrike.py --timeout 10`
`--proxy`	使用代理服务器	`python3 xsstrike.py --proxy http://127.0.0.1:8080`
`--crawl`	爬行目标网站以发现更多页面	`python3 xsstrike.py --crawl`
`--json`	将POST数据视为JSON	`python3 xsstrike.py --data '{"user":"admin"}' --json`
`--path`	在路径中注入有效Payload	`python3 xsstrike.py --url http://example.com --path`
`--seeds ARGS_SEEDS`	从文件加载URL作为种子	`python3 xsstrike.py --seeds urls.txt`
`-f ARGS_FILE`, `--file ARGS_FILE`	从文件加载有效Payload	`python3 xsstrike.py -f payloads.txt`
`-l LEVEL`, `--level LEVEL`	设置爬行深度级别	`python3 xsstrike.py --level 2`
`--headers [ADD_HEADERS]`	添加HTTP头部	`python3 xsstrike.py --headers "User-Agent: Custom"`
`-t THREADCOUNT`, `--threads THREADCOUNT`	设置线程数量	`python3 xsstrike.py --threads 5`
`-d DELAY`, `--delay DELAY`	设置请求之间的延迟时间	`python3 xsstrike.py --delay 1`
`--skip`	跳过确认对话框和PoC(概念验证)	`python3 xsstrike.py --skip`
`--skip-dom`	跳过DOM检查	`python3 xsstrike.py --skip-dom`
`--blind`	在爬行时注入盲目XSS有效Payload	`python3 xsstrike.py --blind`
`--console-log-level {DEBUG,INFO,RUN,GOOD,WARNING,ERROR,CRITICAL,VULN}`	设置控制台日志级别	`python3 xsstrike.py --console-log-level INFO`
`--file-log-level {DEBUG,INFO,RUN,GOOD,WARNING,ERROR,CRITICAL,VULN}`	设置文件日志级别	`python3 xsstrike.py --file-log-level DEBUG`
`--log-file LOG_FILE`	设置日志文件的名称	`python3 xsstrike.py --log-file xsstrike.log`