Sakura-501

Sakura-501 / XSStrike-go

Public
42
0
89% credibility
Found Feb 27, 2026 at 30 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

A security scanning tool that tests websites for cross-site scripting vulnerabilities by analyzing inputs, pages, and responses.

How It Works

1
πŸ“° Discover the security tool

You hear about a handy checker that spots weak spots on websites where harmful scripts might sneak in.

2
πŸ’» Get it ready

Download the tool and set it up on your computer with a simple preparation step.

3
🌐 Enter website address

Type in the web page or site you want to check for safety.

4
Choose scan style
⚑
Quick input check

Test main entry points fast to see reflections.

πŸ•ΈοΈ
Site explorer

Wander through pages and forms to find more spots.

πŸ’‘
Idea generator

Create sample tests to try new angles.

5
πŸš€ Run the check

Hit start and feel the tool buzz as it probes for issues automatically.

6
πŸ“‹ View the results

Get a clear list of safe areas and any risky spots it found.

πŸ›‘οΈ Strengthen your site

Use the insights to patch weaknesses and rest easy knowing your site is tougher.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 30 to 42 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is XSStrike-go?

XSStrike-go is a Go rewrite of the Python XSStrike XSS scanner, designed to detect reflected and DOM-based XSS flaws in web apps. Point it at a URL, POST data, or crawl seeds via CLI flags like `--url`, `--data`, `--crawl --level 2`, and it fuzzes params, generates context-specific payloads, tests path injections, and spits out JSON reports on reflections and candidates. It also flags WAFs and retire.js vulns during scans.

Why is it gaining traction?

Unlike the original Python tool, this Go version runs benchmarks against a local vuln lab and public XSS payload corpora, proving detection rates and low false positives. Users get active fuzzing with `--fuzzer --file default`, blind payloads in crawls, and encoding chains like `--encode base64`, all with proxy support and threaded requests for faster sweeps.

Who should use this?

Pentesters probing params and forms for XSS during recon, bug bounty hunters crawling single-page apps or SPAs, and red teamers needing quick WAF bypass checks before payload bruteforcing.

Verdict

Grab it for a snappy Go alternative to XSStrike with strong docs, CI tests, and self-benchmarks, despite 12 stars and 0.9% credibility score showing early maturity. Production scanners may wait for more stars; otherwise, it's a practical drop-in for Go CLI workflows.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.