{"id":3308,"date":"2024-06-17T23:15:56","date_gmt":"2024-06-17T23:15:56","guid":{"rendered":"https:\/\/knoxss.pro\/?page_id=3308"},"modified":"2025-01-14T18:43:43","modified_gmt":"2025-01-14T18:43:43","slug":"knoxss-comparison-study","status":"publish","type":"page","link":"https:\/\/knoxss.pro\/?page_id=3308","title":{"rendered":"KNOXSS Comparison Table"},"content":{"rendered":"

 <\/p>\n

Here's a comparison table between KNOXSS and 2 other free, open-source XSS tools.<\/p>\n

Test results were collected by Diego Gon\u00e7alves<\/a><\/strong> in April and May of 2024 for Brute Logic.<\/p>\n

Our XSS Coverage<\/a><\/strong> was used in this study.<\/p>\n

 <\/p>\n

 <\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\n
XSS Cases<\/b><\/h5>\n<\/td>\n
\n
KNOXSS<\/b><\/h5>\n

v3.6.5<\/td>\n

\n
Dalfox<\/b><\/h5>\n

v2.9.2<\/td>\n

\n
XSStrike<\/b><\/h5>\n

v3.1.5<\/td>\n<\/tr>\n

<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
Single Reflection Using QUERY of URL<\/b><\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
HTML Injection<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\n<\/tr>\n
HTML Injection Inline with Double Quotes<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\n<\/tr>\n
HTML Injection Inline with Single Quotes<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\n<\/tr>\n
HTML Injection Inline with Double Quotes: No Tag Breaking<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\n<\/tr>\n
HTML Injection Inline with Single Quotes: No Tag Breaking<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\n<\/tr>\n
HTML Injection with Single Quotes in JS Block<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nFP<\/b><\/td>\n<\/tr>\n
HTML Injection with Double Quotes in JS Block<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nFP<\/b><\/td>\n<\/tr>\n
JS Injection with Single Quotes<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nFP<\/b><\/td>\n<\/tr>\n
JS Injection with Double Quotes<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nFP<\/b><\/td>\n<\/tr>\n
Escaped JS Injection with Single Quotes<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>True<\/b>*<\/span><\/td>\nFP<\/b><\/td>\n<\/tr>\n
Escaped JS Injection with Double Quotes<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>True<\/b>*<\/span><\/td>\nFP<\/b><\/td>\n<\/tr>\n
JS Injection In Event Handler (No Handler Breaking)<\/span><\/td>\nTrue<\/b><\/td>\nFP <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFP<\/b><\/td>\n<\/tr>\n
JS Injection in Fully Validated Anchor (Href) \u2013 email<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
JS Injection in Fully Validated Anchor (Href) \u2013 url1<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
JS Injection in Fully Validated Anchor (Href) \u2013 url2<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
JS Injection in Fully Validated Anchor (Href) \u2013 key<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
XML Injection with CDATA and Comment Breakout - p<\/span><\/td>\nTrue<\/b><\/td>\nFP <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFP<\/b><\/td>\n<\/tr>\n
XML Injection with CDATA and Comment Breakout - q<\/span><\/td>\nTrue<\/b><\/td>\nFP <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFP<\/b><\/td>\n<\/tr>\n
XML Injection with CDATA and Comment Breakout - r<\/span><\/td>\nTrue<\/b><\/td>\nFP <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFP<\/b><\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
Single Reflection Using PATH of URL<\/b><\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
HTML Injection Inline PHP_SELF<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
HTML Injection 1 Level Deep<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
HTML Injection 2 Level Deep<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
HTML Injection 3 Level Deep<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
HTML Injection in Script Block 1 Level Deep<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
HTML Injection in Script Block 2 Level Deep<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
HTML Injection in Script Block 3 Level Deep<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
JS Injection in Script Block 1 Level Deep<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
JS Injection in Script Block 2 Level Deep<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
JS Injection in Script Block 3 Level Deep<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
Multi Reflection<\/b><\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
Double Injection in HTML Context with Double Quotes<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
Double Injection in Mixed Context with Default Quotes<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
Quoteless Inline Double Injection in JS variables<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
Quoteless Inline Double Injection in JS object<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
Quoteless Inline Double Injection in JS object with Nested Array<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
Quoteless Inline Double Injection in JS object with Nested Function<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
Special Cases<\/b><\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
HTML Injection with Double Encoded Bypass<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
HTML Injection with SQLi Error-Based<\/span><\/td>\nTrue<\/b><\/td>\nFP <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
HTML Injection with PHP FILTER_VALIDATE_EMAIL Bypass<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
HTML Injection with Strict-Length Input (32 chars)<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
HTML Injection with Strict-Length Input (40 chars)<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
HTML Injection with Strict-Length Input (64 chars)<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
HTML Injection with Strip-based Bypass (AFB)<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFP<\/b><\/td>\n<\/tr>\n
HTML Injection with Spell Checking Bypass<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
HTML Injection with Base64 Encoded Input<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
HTML Injection with Parameter Guessing<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>True<\/b>*<\/span><\/td>\nFalse<\/b>**<\/span><\/td>\n<\/tr>\n
HTML Injection in Parameter Name<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFP<\/b><\/td>\n<\/tr>\n
Multi Context Injection Bypass on Alpha-based Filter and JSON Encode Function<\/span><\/td>\nTrue<\/b><\/td>\nFP<\/b><\/td>\nFP<\/b><\/td>\n<\/tr>\n
HTML Injection with CRLF in HTTP Header (Content-Type Replacement)<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>True<\/b>*<\/span><\/td>\nFP<\/b><\/td>\n<\/tr>\n
HTML Injection with Byte Fallback (WAF Bypass in Java)<\/span><\/td>\nTrue<\/b><\/td>\nFalse<\/b><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
DOM-Based XSS<\/b><\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
DOM Injection via URL Parameter (Document Sink)<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
DOM Injection via Open Redirection (Location Sink)<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
DOM Injection via URL Parameter (Execution Sink)<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
DOM Injection via AJAX in URL Fragment (Document Sink)<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
DOM Injection via AngularJS Library versions 1.6.0+<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
DOM Injection via Bootstrap Library versions 4.0.0, 4.1.0 and 4.1.1<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
Hybrid XSS (Source + DOM)<\/b><\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
JS Injection Sanitized in Source<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
JS Injection with Single Quotes Fixing ReferenceError - Object Hoisting<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
JS Injection with Single Quotes Fixing ReferenceError - Hoisting Override<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
CSP Bypass<\/b><\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
Unsafe Inline Directive<\/span><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\nTrue<\/b><\/td>\n<\/tr>\n
Base URI Against Nonce-based Scripts<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
Data URI Directive<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
Whitelisted JSONP Endpoint (googleapis.com)<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>FP<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
Stored XSS<\/b><\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
HTML Injection via Cached Header Reflection<\/span><\/td>\nTrue<\/b><\/td>\nFalse<\/b><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
Authenticated XSS<\/b><\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
HTML Injection in Cookie-Based Authenticated Page<\/span><\/td>\nTrue<\/b><\/td>\nFalse <\/b>| <\/span>False<\/b>*<\/span><\/td>\nFalse<\/b><\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
Blind XSS<\/b><\/td>\nTrue<\/b><\/td>\nFalse<\/b>***<\/span><\/td>\nFalse<\/b>***<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

 <\/p>\n\n\n\n\n
\n
<\/h5>\n<\/td>\n
\n
KNOXSS<\/b><\/h5>\n

v3.6.5<\/td>\n

\n
Dalfox<\/b><\/h5>\n

v2.9.2<\/td>\n

\n
XSStrike<\/b><\/h5>\n

v3.1.5<\/td>\n<\/tr>\n

\n

Results<\/strong><\/h4>\n

(with FP)<\/td>\n

\n
65<\/h6>\n
0 FP<\/h6>\n<\/td>\n
\n
23<\/h6>\n
17 FP<\/h6>\n<\/td>\n
\n
6<\/h6>\n
14 FP<\/h6>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

 <\/p>\n

FP = False Positive<\/p>\n

* Needed external resources with --remote-payloads and --remote-wordlists options.<\/p>\n

** It needs a 3rd party tool to find the entry point.<\/p>\n

*** No native support to it, needs to use a 3rd party tool or service.<\/p>\n","protected":false},"excerpt":{"rendered":"

  Here’s a comparison table between KNOXSS and 2 other free, open-source XSS tools. Test results were collected by Diego Gon\u00e7alves in April and May of 2024 for Brute Logic. Our XSS Coverage was used in this study.     XSS Cases KNOXSS v3.6.5 Dalfox v2.9.2 XSStrike v3.1.5 Single Reflection Using QUERY […]<\/p>\n","protected":false},"author":1,"featured_media":3171,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-3308","page","type-page","status-publish","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/knoxss.pro\/index.php?rest_route=\/wp\/v2\/pages\/3308","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/knoxss.pro\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/knoxss.pro\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/knoxss.pro\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/knoxss.pro\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3308"}],"version-history":[{"count":21,"href":"https:\/\/knoxss.pro\/index.php?rest_route=\/wp\/v2\/pages\/3308\/revisions"}],"predecessor-version":[{"id":3645,"href":"https:\/\/knoxss.pro\/index.php?rest_route=\/wp\/v2\/pages\/3308\/revisions\/3645"}],"wp:attachment":[{"href":"https:\/\/knoxss.pro\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}