epsylon
/
xsser


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193
							================================================================
Changelog: XSSer v1.8.2 (https://xsser.03c8.net)
==============================

=================
November 16, 2019:
=================

- Ported to: Python3.x
- Bugfixing
- Added: Anti-antiXSS Firewall rules (Bypassers provided: SucuriWAF)
- Modified/Updated GTK+
- Added Requirements
- Updated Documentation
- Updated Website

=================
September 20, 2019:
=================

- Re-factorized: Main(), Hashers, Payloaders, Reporters, Exporters...
- Removed: deprecated features
- Removed: --no-head (from default)
- Added: new options: --check-tor, --auto-set, --auto-info and --auto-random
- Added: new search engines: duck, startpage
- Added: new dorks (Total: 40)
- Added: Anti-antiXSS Firewall rules (Bypassers provided for: Firefox, IE, Opera, Chrome)
- Modified/Updated: DCP (Data Control Protocol) method
- Modified/Updated: HTTPrs (HTTP Response Splitting) injections
- Modified/Updated: GTK+
- Modified/Updated: Crawler/Spidering
- Updated: "Extra Attacks" (XSA, XSR, COOKIE)
- Updated: Automatic XSS vectors list (Total: 1326 = XSS: 1293 + DCP: 16 + DOM: 6 + HTTPsr: 11)
- Updated: XSSer tool updater
- Updated: Documentation

=================
April 12, 2018:
=================

- Removed deprecated features (search engines, SSLv3...)
- Fixed auto-update option

=================
February 24, 2016:
=================

- Removed deprecated features
- Updated Automatic XSS vectors list (Total: 578 = XSS: 558 + DCP: 4 + DOM: 5 + HTTPsr: 11)
- Added XST (Cross Site Tracing)
- Advanced XSA (Cross Site Agent), XSR (Cross Site Referer) and Cookie Injection
- Updated/Fixed Dorkering system (Search engines supported: duck, bing, google, yahoo, yandex)
- Added Dorking from file (30 potential 'XSS dorks' provided)
- Added Mass-Dorking (search with all search engines provided)
- Added Discarding response method to evade false positives
- Added Anti-antiXSS Firewall rules (Bypassers provided for: PHPIDS, Imperva, WebKnight, F5BigIP, Barracuda, Apache-Modsec, QuickDefense)
- Added 'Wizard Helper' to shell mode
- Updated XSSer tool updater
- Updated 'Mana' system
- Fixed Crawlering system
- Added feature: 'Automatically audit an entire target" 
- Modified/Updated GTK+
- Added Requirements
- Updated Documentation

=================
November 28, 2011:
=================

- Added Drop Cookie option
- Added Random IP X-Forwarded-For an X-Client-IP option
- Added GSS and NTLM authentication methods
- Added Ignore proxy option
- Added TCP-NODELAY option
- Added Follow redirects option
- Added Follow redirects limiter parameter
- Added Auto-HEAD precheck system
- Added No-HEAD option
- Added Isalive option
- Added Check at url option (Blind XSS)
- Added Reverse Check parameter
- Added PHPIDS (v.0.6.5) exploit
- Added More vectors to auto-payloading
- Added HTML5 studied vectors
- Fixed Different bugs on core
- Fixed Curl handlerer options
- Fixed Dorkerers system
- Fixed Bugs on results propagation
- Fixed POST requests
- Added New features to GTK controller
- Added Detailed views to GTK interface

=================
February 21, 2011:
=================

- Added heuristic test
- Updated dorkers list
- HTTP Response Splitting Induced code 
- GTK+ interface
- Geomapping
- Multithreading workers
- Test controllers
- Added websockets technology (orbited)
- Added update option
- DoS (server) side injection
- DCP/DOM/Induced final code
- Code clean
- Bugfixing
- New options menu
- More advanced statistics system

=================
November 7, 2010:
=================

- Added "final remote injections" option
- Cross Flash Attack! 
- Cross Frame Scripting
- Data Control Protocol Injections  
- Base64 (rfc2397) PoC
- OnMouseMove PoC
- Browser launcher
- Code clean
- Bugfixing
- New options menu
- Pre-check system
- Crawler spidering clones
- More advanced statistics system
- "Mana" ouput results

=================
September 22, 2010:
=================

- Added a-xml exporter 
- ImageXSS 
- New dorker engines (total 10) 
- Core clean 
- Bugfixing 
- Social Networking auto-publisher
- Started -federated- XSS (full disclosure) pentesting botnet

    http://identi.ca/xsserbot01
    http://twitter.com/xsserbot01

=================
August 20, 2010:
=================

- Added attack payloads to fuzzer (26 new injections) 
- POST 
- Statistics 
- URL Shorteners 
- IP Octal 
- Post-processing payloading 
- DOM Shadows! 
- Cookie injector 
- Browser DoS (Denegation of Service)

=================
July 1, 2010:
=================

- Dorking 
- Crawling 
- IP DWORD + Core clean

=================
April 19, 2010:
=================

- HTTPS implemented + patched bugs

=================
March 22, 2010:
=================

- Added "inject your own payload" option. Can be used with all character encoding -bypassers- of XSSer

=================
March 18, 2010:
=================

- Added attack payloads to fuzzer (62 different XSS injections)

=================
March 16, 2010:
=================

- Added new payload encoders to bypass filters