View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009164Kali LinuxNew Tool Requestspublic2025-05-08 09:042025-05-12 11:04
Reportermrharoonawan Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0009164: Noctua - GPU Powered AI XSS Fuzzer
Description

Noctua is not just a simple tool that sends a known set of payloads; it’s effectively a crawl + AI fuzz + real browser verify pipeline for XSS detection. This often goes beyond what the default XSS scanners can do out of the box

Package Name: noctua
Version: 9.4 (Enterprise Release)
Author: Haroon Ahmad Awan · CyberZeus ([email protected])
License: MIT
Project Homepage: https://github.com/haroonawanofficial/Noctua

Description:
Noctua is a modern, AI-powered XSS fuzzing and exploitation engine designed for deep web application security testing. It incorporates machine learning models for generating intelligent payloads, supports dynamic fuzzing across single-page applications (SPA), and integrates with browser automation to confirm real-world exploitability.

Key Features:

  • AI-driven payload invention
  • Verification of XSS in Chromium
  • Blind XSS detection with DNSLog integration
  • Static + dynamic + SPA crawling
  • GraphQL introspection + fuzzing
  • Polymorphic obfuscation (250+ transformations)
  • WAF evasion headers & mutation engine
  • Full HTTP/2 & chunked transfer fuzzing
  • Multi-session stored XSS support
  • SARIF & Slack webhook output for reporting
  • GPU acceleration via PyTorch
  • much more....

Why Noctua should be in Kali:
Noctua represents the next generation of XSS fuzzers built to handle modern web architecture including API-first applications, React/Vue SPAs, GraphQL endpoints, and edge-delivered WAF environments. It far exceeds the capabilities of traditional XSS tools by leveraging AI and browser-native rendering. Current XSS scanners lacks a state-of-the-art fuzzer that combines AI, full protocol support, and browser-level exploit validation. Noctua closes that gap and aligns with Kali's purpose as a distribution for professional, offensive-grade tools.

Installation Support:

  • Comes with install.sh for full offline setup
  • Python virtualenv + Playwright browser auto-install
  • Optional .deb builder included for APT integration
  • Tested on Kali Rolling (2024.x), Python 3.11+

Debian Package: yes (noctua-xss_9.4_all.deb)
Offline Support: yes
License: MIT-compliant
Maintainer: Active & reachable
Release Status: Stable (v9.4 released)

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2025-05-08 09:04 mrharoonawan New Issue
2025-05-12 11:04 daniruiz Summary Noctua — GPU Powered AI XSS Fuzzer => Noctua - GPU Powered AI XSS Fuzzer