XSSer: Cross Site 'Scripter'

News:

Introduction:

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

It provides several options to try to bypass certain filters and various special techniques for code injection.

----------

XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:

- [PHPIDS]: PHP-IDS
- [Imperva]: Imperva Incapsula WAF
- [WebKnight]: WebKnight WAF
- [F5]: F5 Big IP WAF
- [Barracuda]: Barracuda WAF
- [ModSec]: Mod-Security
- [QuickDF]: QuickDefense
- [Sucuri]: SucuriWAF
- [Chrome]: Google Chrome
- [IE]: Internet Explorer
- [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
- [NS-IE]: Netscape in IE rendering engine mode
- [NS-G]: Netscape in the Gecko rendering engine mode
- [Opera]: Opera Browser

Current version:

XSSer The Hive

Download:


Captures:

URL/Hash Generation Schema:

XSSer The Hive!
+Zoom
Shell:

XSSer The Hive!
+Zoom
Manifesto:

XSSer The Hive!
+Zoom
Configuration:

XSSer The Hive!
+Zoom
Bypassers:

XSSer The Hive!
+Zoom
GeoMap:

XSSer ZiKA-47 Swarm
+Zoom

Documentation:


Installation:

XSSer runs on many platforms. It requires Python (3.x) and the following libraries:

You can automatically get all required libraries using (as root):

sudo python setup.py install

For manual installation on Debian-based systems (ex: Ubuntu), run:

sudo apt-get install python3-pycurl python3-bs4 python3-geoip python3-geoip2 python3-cairocffi

On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:

sudo pip3 install pycurl bs4 geoip2 gobject cairocffi


Source Code:

Xsser can be cloned from different code respositories. This option is a good idea if you want to [ --update ] automatically the tool, every some time.

+Official:

https://code.03c8.net/epsylon/xsser

ex: git clone https://code.03c8.net/epsylon/xsser

+Mirror:

https://github.com/epsylon/xsser

ex: git clone https://github.com/epsylon/xsser


Packages:

XSSer v1.8.2: "The Hiv3!" :

---------------------

XSSer v1.7.2b: "ZiKA-47 Swarm!":

---------------------

XSSer v1.6: "Grey Swarm!":

---------------------

XSSer v1.5: "Swarm Edition!":

---------------------

XSSer v1.0: "The mosquito":


License:

XSSer is released under the terms of the General Public License v3 and is copyrighted by psy.


Support:

This framework is actively looking for new sponsors and funding. If you or your organization has an interest in keeping XSSer, please contact directly.

For donations: [ BTC:19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw ]