BruteXSS - Cross-Site Scripting BruteForcer


BruteXSS is a fast Cross-Site Scripting Brutforcer that can bruteforce parameters. This tool allows you to inject multiple payloads from a wordlist to the specified parameters and test the site for XSS vulnerabilities. According to the developer, "BruteXSS is very accurate at doing its task and there is no chance of false positive as the scanning is much powerful".

It supports both POST and GET requests. And, works on Windows, Linux or any device running python 2.7.

How To Use BruteXSS (on Windows)

Download the file ( from GitHub, and then extract the file. Then open the directory and hold down the ''Shift" key and right-click on the empty area of the window. Then select "Open command window here".  Then type in the command prompt and hit the Enter key. You will see a window as shown below.

Note: You must have python 2.7 installed on your computer.

BruteXSS Running

Then select a method.

  • Usage (GET Method):

COMMAND : python



WORDLIST : wordlist.txt

  • Usage (POST method):

COMMAND : python



POST DATA : parameter=value&parameter1=value1

WORDLIST : wordlist.txt

1 comment :

  1. How do i bypass a date site for to get verifacstion code?


Powered by Blogger.