View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009164Kali LinuxNew Tool Requestspublic2025-05-08 09:042026-05-07 07:49
Reportermrharoonawan Assigned Todaniruiz  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionwon't fix 
Summary0009164: Noctua - GPU Powered AI XSS Fuzzer
Description

Noctua is not just a simple tool that sends a known set of payloads; it’s effectively a crawl + AI fuzz + real browser verify pipeline for XSS detection. This often goes beyond what the default XSS scanners can do out of the box

Package Name: noctua
Version: 9.4 (Enterprise Release)
Author: Haroon Ahmad Awan · CyberZeus ([email protected])
License: MIT
Project Homepage: https://github.com/haroonawanofficial/Noctua

Description:
Noctua is a modern, AI-powered XSS fuzzing and exploitation engine designed for deep web application security testing. It incorporates machine learning models for generating intelligent payloads, supports dynamic fuzzing across single-page applications (SPA), and integrates with browser automation to confirm real-world exploitability.

Key Features:

  • AI-driven payload invention
  • Verification of XSS in Chromium
  • Blind XSS detection with DNSLog integration
  • Static + dynamic + SPA crawling
  • GraphQL introspection + fuzzing
  • Polymorphic obfuscation (250+ transformations)
  • WAF evasion headers & mutation engine
  • Full HTTP/2 & chunked transfer fuzzing
  • Multi-session stored XSS support
  • SARIF & Slack webhook output for reporting
  • GPU acceleration via PyTorch
  • much more....

Why Noctua should be in Kali:
Noctua represents the next generation of XSS fuzzers built to handle modern web architecture including API-first applications, React/Vue SPAs, GraphQL endpoints, and edge-delivered WAF environments. It far exceeds the capabilities of traditional XSS tools by leveraging AI and browser-native rendering. Current XSS scanners lacks a state-of-the-art fuzzer that combines AI, full protocol support, and browser-level exploit validation. Noctua closes that gap and aligns with Kali's purpose as a distribution for professional, offensive-grade tools.

Installation Support:

  • Comes with install.sh for full offline setup
  • Python virtualenv + Playwright browser auto-install
  • Optional .deb builder included for APT integration
  • Tested on Kali Rolling (2024.x), Python 3.11+

Debian Package: yes (noctua-xss_9.4_all.deb)
Offline Support: yes
License: MIT-compliant
Maintainer: Active & reachable
Release Status: Stable (v9.4 released)

Activities

daniruiz

daniruiz

2026-05-07 07:49

manager   ~0021646

Closing this report as the repository no longer exists

Issue History

Date Modified Username Field Change
2025-05-08 09:04 mrharoonawan New Issue
2025-05-12 11:04 daniruiz Summary Noctua — GPU Powered AI XSS Fuzzer => Noctua - GPU Powered AI XSS Fuzzer
2026-05-07 07:49 daniruiz Note Added: 0021646
2026-05-07 07:49 daniruiz Assigned To => daniruiz
2026-05-07 07:49 daniruiz Status new => closed
2026-05-07 07:49 daniruiz Resolution open => won't fix