epsylon/xsser: Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. @ 28334db377851400cd205a6e3ec2c271065e1032

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. https://xsser.03c8.net/

9 Commits

1 Branches

0 Releases

epsylon 28334db377 XSSer v1.8.2 - 'The Hiv3' release		5 years ago
.github	28334db377 XSSer v1.8.2 - 'The Hiv3' release	5 years ago
core	28334db377 XSSer v1.8.2 - 'The Hiv3' release	5 years ago
doc	28334db377 XSSer v1.8.2 - 'The Hiv3' release	5 years ago
gtk	28334db377 XSSer v1.8.2 - 'The Hiv3' release	5 years ago
.gitattributes	28334db377 XSSer v1.8.2 - 'The Hiv3' release	5 years ago
.gitignore	28334db377 XSSer v1.8.2 - 'The Hiv3' release	5 years ago
.pylintrc	28334db377 XSSer v1.8.2 - 'The Hiv3' release	5 years ago
COMMITMENT	28334db377 XSSer v1.8.2 - 'The Hiv3' release	5 years ago
Makefile	28334db377 XSSer v1.8.2 - 'The Hiv3' release	5 years ago
README.md	28334db377 XSSer v1.8.2 - 'The Hiv3' release	5 years ago
setup.py	28334db377 XSSer v1.8.2 - 'The Hiv3' release	5 years ago
xsser	b07980f81d XSSer v1.8.1 - 'The Hive' release	5 years ago

Web: https://xsser.03c8.net

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

It provides several options to try to bypass certain filters and various special techniques for code injection.

XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:

 [PHPIDS]: PHP-IDS
 [Imperva]: Imperva Incapsula WAF
 [WebKnight]: WebKnight WAF
 [F5]: F5 Big IP WAF
 [Barracuda]: Barracuda WAF
 [ModSec]: Mod-Security
 [QuickDF]: QuickDefense
 [Sucuri]: SucuriWAF 
 [Chrome]: Google Chrome
 [IE]: Internet Explorer
 [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
 [NS-IE]: Netscape in IE rendering engine mode
 [NS-G]: Netscape in the Gecko rendering engine mode
 [Opera]: Opera Browser

Installing:

XSSer runs on many platforms. It requires Python (3.x) and the following libraries:

- python3-pycurl - Python bindings to libcurl (Python 3)
- python3-bs4 - error-tolerant HTML parser for Python 3
- python3-geoip - Python3 bindings for the GeoIP IP-to-country resolver library
- python3-geoip2 - Python geoip2 API for web services and databases - Python 3.x
- python3-gi - Python 3 bindings for gobject-introspection libraries
- python3-cairocffi - cffi-based cairo bindings for Python (Python3)

On Debian-based systems (ex: Ubuntu), run:

sudo apt-get install python3-pycurl python3-bs4 python3-geoip python3-geoip2 python3-gi python3-cairocffi

On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:

sudo pip3 install pycurl bs4 geoip2 gobject cairocffi

Source libs:

Python: https://www.python.org/downloads/
PyCurl: http://pycurl.sourceforge.net/
PyBeautifulSoup4: https://pypi.org/project/beautifulsoup4/
PyGeoIP: https://pypi.org/project/python-geoip-python3/
PyGeoIP2: https://pypi.org/project/geoip2/
PyGObject: https://pypi.org/project/gobject/
PyCairocffi: https://pypi.org/project/cairocffi/

License:

XSSer is released under the GPLv3. You can find the full license text in the LICENSE file.

README.md

Installing:

Source libs:

License:

Screenshots: