100 1 10 10 True True True True 1 XSSer v1.8[1]: "The Hive!" - (https://xsser.03c8.net) center-always True images/xssericon_24x24.png True False True True True False True True True True False char 5 False True True True 0 True False True BbzZZzzzzzzZ!!! XSSer True False True False True True left True False True False True False Type of Connection(s): False True 10 0 True False Normal True True False Connect directly using GET 0 True True False True 5 0 True False False True 10 1 GET True True False Enter payload to audit using GET (ex: '/menu.php?q=XSS') 0 True connection_none False True 10 2 POST True True False Enter payload to audit using POST (ex: 'foo=1&bar=XSS') 0 True connection_none False True 3 False True True Enter payload True True 10 0 True True 4 True True 1 True True 0 True False True False Proxy: False False 10 0 True True Use proxy server (ex Tor: http://127.0.0.1:8118) 30 True True 5 1 Ignore-proxy True True False Ignore system default HTTP proxy 0 True False True 5 2 True False False True 10 3 True False Threads: False False 5 4 True True Maximum number of concurrent HTTP requests (default 5) True False False 5 5 True False Timeout: False False 10 6 True True Select your timeout (default 30) True False False 5 7 True False Retries: False False 10 8 True True Retries when the connection timeouts (default 1) False False 5 9 True False Delay: False False 10 10 True True Delay in seconds between each HTTP request (default 0) False False 10 11 True False 1 True False True False User-Agent: False True 10 1 True True Change your HTTP User-Agent header 40 Googlebot/2.1 (+http://www.google.com/bot.html) True True 2 True False Referer: False True 3 True True Use another HTTP Referer header 40 True True 10 4 True True 2 True False True False Cookie: False False 10 0 True True Change your HTTP Cookie header 40 True True 8 2 True False Drop-cookie True True False Ignore Set-Cookie header from response 0 True True True 10 0 True False False True 10 1 X-Forwarded-For True True False Set your HTTP X-Forwarded-For with random IP values 0 True True True 10 2 X-Client-Ip True True False Set your HTTP X-Client-IP with random IP values 0 True True True 10 3 True True 3 True True 3 True False True False Headers: False False 10 0 True True Extra HTTP headers newline separated 35 True True 10 1 True True 4 True False True False Authentication Type(s): False True 10 0 None True True False Don't use any authentication type 0 True True False True 6 1 True False False True 18 2 Basic True True False HTTP Authentication type 'Basic' 0 True auth_none False True 8 3 Digest True True False HTTP Authentication type 'Digest' 0 True auth_none False True 10 4 GSS True True False HTTP Authentication type 'GSS' 0 True auth_none False True 10 5 NTLM True True False HTTP Authentication type 'NTLM' 0 True auth_none False True 10 6 True False False True True HTTP Authentication credentials (value name:password) 50 True True 10 0 True True 0 True True 7 True True 10 6 True False TCP-nodelay True True False Use the TCP_NODELAY option 0 True False True 10 0 True False False True 10 1 Follow-redirects True True False Follow server redirection responses (302) 0 True False True 10 2 False True False Follow-limit: False True 10 0 True True Set limit for redirection requests False False 10 1 False True 3 True True 7 True False These options can be used to specify which parameter(s) we want to use as payload(s) to inject Connection(s) middle False True False True False True False True False True False HEAD checker: False True 10 0 True False HEAD True True False Verify the stability of the url (codes: 200|302) with a HEAD pre-check request 0 True False True 10 0 True False Send a HEAD request before to start a test False True 10 1 False True 1 False False 0 True True 15 0 True False False True 5 1 False True 0 True False True False True False True False Check Params: False True 10 0 True False Hashing True True False Send a hash to check if target is repeating content 0 True False True 10 0 Heuristic True True False Discover parameters filtered by using heuristics 0 True False False 10 1 False True 1 False False 0 True True 15 0 True False False True 5 1 False True 1 True False True False True False True False Alive checker: False True 10 0 True False Is-Alive True True False Check if target is alive 0 True False True 18 0 True False True False Set limit of errors before check if target is alive: True True 15 0 True True 1 False True False Is-Alive-Limit: False True 15 0 True True perform alive checking every this limit number (default: 5) False True 10 1 False True 2 False True 1 False False 0 True True 15 0 True False False True 5 1 False True 2 True False True False True False True False 'Blind' XSS: False True 10 0 True False True False True False URL: False True 10 0 True True Check reply using: alternative url -> Blind XSS 30 True True 10 1 True True 0 True False True False Method: False True 10 0 True False Check reply using: GET or POST True True 10 1 True True 1 True False True False Payload: False True 10 0 True True Check reply using: alternative payload 60 True True 10 1 True True 2 True True 1 False False 0 True True 15 0 True False False True 5 1 False True 3 True False True False True False True False Reverse checker: False True 10 0 True False Try to connect from target to XSSer to verify that is 100% vulnerable True True False Establish a reverse connection from target to XSSer to certify that is 100% vulnerable 0 True False True 0 False True 1 False False 0 True True 15 0 True False False True 5 1 False True 4 True False True False True False True False Discard checker: False True 10 0 True False True True Set code on reply to discard an injection 120 True True 10 0 False True 1 False False 0 True True 15 0 True False False True 5 1 False True 5 1 True False These options are useful to know if your target is using filters against XSS attacks Checker(s) 1 False True False True False True False Insert your code: False False 10 0 True True Inject your own code True True 10 1 AUTO True True False Inject a list of vectors provided by XSSer 0.5 True False False 15 2 False True 12 0 2 True False These options can be used to specify injection(s) code. Important if you don't want to inject a common XSS vector used by default. Choose only one option Vector(s) 2 False True False True True False True False Anti-antiXSS IDS exploits: 0.0099999997764825821 0 False False 10 0 False False 10 0 True False Firefox 12 True True False Browser: FF 0 True True False 10 4 Chrome 19 & Firefox 12 True True False Browser: Chrome + FF 0 True True False 10 4 Internet Explorer 9 True True False Browser: IE 0 True True False 10 4 Opera 10.5 & IE 6 True True False Browser: Opera + IE 0 True True False 10 4 PHPIDS (<0.6.5) True True False Browser: ALL 0 True True False 10 1 Imperva Incapsula True True False Browser: ALL 0 True True False 10 2 F5 Big IP True True False Browser: Chrome + Firefox + Opera 0 True True False 10 3 Apache Mod-sec True True False Browser: ALL 0 True True False 10 4 True True 2 True False PHPIDS (<0.7.0) True True False Browser: ALL 0 True True False 10 1 WebKnigth (4.1) True True False Chrome 0 True True False 10 2 Barracuda WAF True True False Browser: ALL 0 True True False 10 3 QuickDefense True True False Browser: Chrome 0 True True False 10 3 True True 2 3 True False These options can be used to try to bypass specific WAF/IDS products. Choose only if required Anti-antiXSS/IDS 3 False True False True False False True 1 True False True False True True False True False Bypasser(s): 0.0099999997764825821 0 False False 10 0 False False 10 0 True False StringFromCharCode() True True False Use method String.FromCharCode() 0 True True False 10 1 Hexadecimal True True False Use Hexadecimal encoding 0 True True False 10 2 Hexadecimal with semicolons True True False Use Hexadecimal encoding, with semicolons 0 True True False 10 3 Octal True True False Encode vectors IP addresses in Octal 0 True True False 10 4 True True 2 True False Unescape() True True False Use Unescape() function 0 True True False 10 1 Decimal True True False Use Decimal encoding 0 True True False 10 2 Dword True True False Encode vectors IP addresses in DWORD 0 True True False 10 3 True False True False CEM: 0 False True 3 0 True True Try -manually- different Character Encoding Mutations (reverse obfuscation: good) -> (ex: 'Mix,Une,Str,Hex') 30 False False 10 1 True True 4 True True 2 True True 0 True True 2 4 True False These options can be used to encode vector(s) and try to bypass possible anti-XSS filters. They can be combined with other techniques Bypasser(s) 4 False True False True True False True False Technique(s): 0 False True 10 0 False False 10 0 True False Cookie Injection True True False Cross Site Scripting Cookie injection 0 True True False 10 0 XRS True True False Cross Site Referer Scripting 0 True True False 10 2 XAS True True False Cross Site Agent Scripting 0 True True False 10 3 True True 1 True False DOM True True False Document Object Model injections 0 True True False 10 1 DCP True True False Data Control Protocol injections 0 True True False 10 2 Induced True True False HTTP Response Splitting Induced code 0 True True False 10 3 Anchor True True False Use Anchor Stealth payloader (DOM shadows!) 0 True True False 10 4 True True 2 5 True False These options can be used to inject code using different XSS techniques. You can choose multiple Technique(s) 5 False True False True False True False Exploiting : False False 10 0 None True True False 0.5 True True False True 15 1 True False False True 15 2 Manual True True False Exploit your own code 0.5 True finalnone False True 15 3 Remote True True False Exploit a script -remotely- 0.5 True finalnone False True 20 4 True False False True 15 5 B64 PoC True True False Base64 code encoding in META tag (rfc2397) 0.5 True finalnone False True 15 6 DoS (Client) True True False XSS Denial of service (client) injection 0.5 True finalnone False False 15 7 Dos (Server) True True False XSS Denial of service (server) injection 0.5 True finalnone False False 15 8 False False 25 0 False True False Insert your code: False False 10 0 True True Enter your exploit code 60 True True 10 1 False False 10 1 True False True False Extra : False False 10 0 OnMouse True True False Use onMouseMove() event to inject code 0.5 True False False 15 1 Iframe True True False Use <iframe> source tag to inject code 0.5 True False False 2 False False 15 2 6 True False Exploiting!!! Exploit 6 False True False True False True False Reporting : 0 False False 10 0 Export to aXML True True False Export to XML 0 True False False 5 1 Save results True True False Export results to file: XSSreport.raw 0 True False False 10 2 True True 20 0 7 True False Export results Reporting 7 False False False 0 1 True False Configure options Configure 1 False True False True False True False True False Connect: 0 False True 10 0 True False Connect GeoIP system False True 1 False False 5 0 True False False True 5 1 True False False images/world.png False False 0 False True True False True False Total Hits: False True 10 0 0 True False 0 False False 1 False False 0 True False True False Successful: False True 10 0 True False 0 True True 1 False False 1 True False True False Failed: False True 10 0 True False 0 True True 1 False False 2 False True 35 2 True True 2 True True 0 2 True False World Map Map 2 False True True True True True True Suspicious injection(s) 5 True False Potential XSS vulnerabilities Suspicious False True True True True Vulnerable target(s) 5 1 True False 100% vulnerable targets Vulnerables 1 False True True True True Failed injections 5 2 True False Failed attempts Failed 2 False True True True True Errors 5 3 True False Errors Errors 3 False True True True True Crawling tests 5 4 True False Crawler inspector Crawling 4 False 3 True False Testing results Results 3 False True False True True True False True True True True False char False True True True 0 Start Wizard Helper!! 70 True True True Start Wizard helper! False False 5 1 True False Wizard: Startup False False True True False True True 0 True False True False Choose your decision: False True 10 0 True False True True False False False 10 0 False False 10 1 False False 1 False True False False False 5 0 True False True True Enter your target(s): False False 10 0 True True Enter your target url ( http:// or https:// ) 40 False True 28 1 False ( You must enter a url with http:// or https:// ) False False 2 True False 10 1 False True False True False Enter some word :-) False True 10 0 True True Enter a query ( ex: index.asp, news.php, 'security', 'qwerty', .com... ) 40 False True 28 1 False ( You must enter something. Try: "news.php?id=") False False 2 True False 10 0 True False True False Choose one engine False True 10 0 True False True True False Search engine to use for dorking False False True 15 1 False False 1 True False 10 1 True True 2 True False 2 True False True Previous True True True Previous step False True 0 Next True True Next step True True 5 False True 3 1 False Wizard: Step 1 1 False False True True False True True 0 True False True False Choose your decision: False True 10 0 True False True False False False 10 0 False False 10 1 False False 1 False True False False False 5 1 True False True False Enter payload(s) to audit: False True 10 0 True True Enter your payload to audit 40 False True 28 1 False ( You must enter this parameter to continue ) False False 2 True False 10 2 True False 2 True False True Previous True True True Previous step False True 0 Next True True Next step True True 5 False True 3 2 False Wizard: Step 2 2 False False True True False True True 0 True False True False Choose your decision: False True 10 0 True False True True False False False 10 0 False False 10 1 False False 1 False True False False False 5 1 True False True False Enter your proxy server: False True 10 0 True True Enter your proxy server 40 False True 33 1 False ( You must enter this parameter to continue ) False False 2 False True 10 2 False True 2 True False True Previous True True True Previous step False True 0 Next True True Next step True True 5 False True 3 3 False Wizard: Step 3 3 False False True True False True True 0 True False True False Choose your decision: False True 10 0 True False True True False False False 10 0 False False 10 1 False False 1 False True False False False 5 1 True False True False Enter your "mutations": False True 10 0 True True Try -manually- different Character Encoding Mutations (reverse obfuscation: good) -> (ex: 'Mix,Une,Str,Hex') 40 False True 36 1 False ( You must enter this parameter to continue ) False False 2 True False 10 2 True False 2 True False True Previous True True True Previous step False True 0 Next True True Next step True True 5 False True 3 4 False 3 Wizard: Step 4 4 False False True True False True True 0 True False True False Choose your decision: False True 10 0 True False True False False True 10 0 False False 10 1 False False 1 False True False False False 5 1 True False True False Enter code: False True 10 0 True True Enter your code to exploit 40 False True 36 1 False ( You must enter this parameter to continue ) False False 2 True False 10 2 True True 2 True False True Previous True True True Previous step False True 0 Next True True Next step True True 5 False True 3 5 False Wizard: Step 5 5 False False True False True True True True False True True 5 0 True True 5 0 True False True False True True False True False Select target(s) from False True 15 0 True False True True False 60 True False True 0 True True 15 2 False True 0 False True 10 0 True False True False True False Shadowing level False True 15 0 True False True True 60 False True 0 True True 15 2 True True 0 False True 10 1 True False True False Type of connection(s) False True 15 0 True False True True 60 False True 0 True True 15 2 False True 10 2 True False True True False True False Load bypassers False True 15 0 True False True True 60 False True 0 True True 15 2 True True 0 False True 10 3 True False True False Exploit code False True 15 0 True False True True 60 False True 0 True True 15 2 False True 10 4 False False 1 True False True Previous True True True True True 0 CANCEL True True True False True 3 START Test! True True True True True 5 False True 2 6 False Wizard: Final Step 6 False True True 5 0 4 True False Wizard Helper Wizard 4 False True False True False True False True True True True 03c8.net False True True 0 True True 0 True True 0 True False Update True True False Search for latest XSSer version True False 0 Report a Bug True True False Report bugs, ideas... True False 1 True False 2 False True 5 1 5 True False About About 5 False True True 15 0 True False True False Fly mode(s): False False 10 0 Explorer True True False Explore the Internet to search for vulnerabilities 0.5 True True False True 10 1 Intruder True True False Test your target directly 0.5 True explorer False True 10 2 True Enter your target (ex: http(s)://host.com) True True 5 3 ALL True False Automatically audit an entire target 0 True False False 10 4 True True Enter something for search (ex: index.asp, news.php, 'security', 'bank'...) True True 5 6 True False Search engine to use for dorking False False 15 7 Tor Proxy True True False Use default Tor proxy (http://127.0.0.1:8118) 0.5 right True False False 5 8 AUTO True True False Inject a list of vectors provided by XSSer 0.5 True False False 5 9 Crawler True True False Crawl target website 0.5 True False False 5 10 True Number of urls to crawl: 1-99999 True False False 5 11 False Deeping level: 1-5 False True 5 12 Local only True False Crawl only local target(s) urls (default TRUE) 0.5 True True False True 10 13 False False 1 True False False True 10 2 True False True False True Enter your command(s) Command(s): center False False 10 0 True False True XSSer Autocompleter False xsser False True True 5 1 Aim! True True False Set your commands False True 10 2 False False 3 True False Statistics True True False Show advanced statistics and Karma level 0.5 True True False False 10 0 Verbose True False False Active verbose mode 0.5 True False False 10 1 True False False True 5 3 True False 0 False False 5 4 True False True True 5 FLY!!! True True True BbzZZzzzzzzZ!!! True True 10 6 False False 5 4