CHANGELOG 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193
  1. ================================================================
  2. Changelog: XSSer v1.8.2 (https://xsser.03c8.net)
  3. ==============================
  4. =================
  5. November 16, 2019:
  6. =================
  7. - Ported to: Python3.x
  8. - Bugfixing
  9. - Added: Anti-antiXSS Firewall rules (Bypassers provided: SucuriWAF)
  10. - Modified/Updated GTK+
  11. - Added Requirements
  12. - Updated Documentation
  13. - Updated Website
  14. =================
  15. September 20, 2019:
  16. =================
  17. - Re-factorized: Main(), Hashers, Payloaders, Reporters, Exporters...
  18. - Removed: deprecated features
  19. - Removed: --no-head (from default)
  20. - Added: new options: --check-tor, --auto-set, --auto-info and --auto-random
  21. - Added: new search engines: duck, startpage
  22. - Added: new dorks (Total: 40)
  23. - Added: Anti-antiXSS Firewall rules (Bypassers provided for: Firefox, IE, Opera, Chrome)
  24. - Modified/Updated: DCP (Data Control Protocol) method
  25. - Modified/Updated: HTTPrs (HTTP Response Splitting) injections
  26. - Modified/Updated: GTK+
  27. - Modified/Updated: Crawler/Spidering
  28. - Updated: "Extra Attacks" (XSA, XSR, COOKIE)
  29. - Updated: Automatic XSS vectors list (Total: 1326 = XSS: 1293 + DCP: 16 + DOM: 6 + HTTPsr: 11)
  30. - Updated: XSSer tool updater
  31. - Updated: Documentation
  32. =================
  33. April 12, 2018:
  34. =================
  35. - Removed deprecated features (search engines, SSLv3...)
  36. - Fixed auto-update option
  37. =================
  38. February 24, 2016:
  39. =================
  40. - Removed deprecated features
  41. - Updated Automatic XSS vectors list (Total: 578 = XSS: 558 + DCP: 4 + DOM: 5 + HTTPsr: 11)
  42. - Added XST (Cross Site Tracing)
  43. - Advanced XSA (Cross Site Agent), XSR (Cross Site Referer) and Cookie Injection
  44. - Updated/Fixed Dorkering system (Search engines supported: duck, bing, google, yahoo, yandex)
  45. - Added Dorking from file (30 potential 'XSS dorks' provided)
  46. - Added Mass-Dorking (search with all search engines provided)
  47. - Added Discarding response method to evade false positives
  48. - Added Anti-antiXSS Firewall rules (Bypassers provided for: PHPIDS, Imperva, WebKnight, F5BigIP, Barracuda, Apache-Modsec, QuickDefense)
  49. - Added 'Wizard Helper' to shell mode
  50. - Updated XSSer tool updater
  51. - Updated 'Mana' system
  52. - Fixed Crawlering system
  53. - Added feature: 'Automatically audit an entire target"
  54. - Modified/Updated GTK+
  55. - Added Requirements
  56. - Updated Documentation
  57. =================
  58. November 28, 2011:
  59. =================
  60. - Added Drop Cookie option
  61. - Added Random IP X-Forwarded-For an X-Client-IP option
  62. - Added GSS and NTLM authentication methods
  63. - Added Ignore proxy option
  64. - Added TCP-NODELAY option
  65. - Added Follow redirects option
  66. - Added Follow redirects limiter parameter
  67. - Added Auto-HEAD precheck system
  68. - Added No-HEAD option
  69. - Added Isalive option
  70. - Added Check at url option (Blind XSS)
  71. - Added Reverse Check parameter
  72. - Added PHPIDS (v.0.6.5) exploit
  73. - Added More vectors to auto-payloading
  74. - Added HTML5 studied vectors
  75. - Fixed Different bugs on core
  76. - Fixed Curl handlerer options
  77. - Fixed Dorkerers system
  78. - Fixed Bugs on results propagation
  79. - Fixed POST requests
  80. - Added New features to GTK controller
  81. - Added Detailed views to GTK interface
  82. =================
  83. February 21, 2011:
  84. =================
  85. - Added heuristic test
  86. - Updated dorkers list
  87. - HTTP Response Splitting Induced code
  88. - GTK+ interface
  89. - Geomapping
  90. - Multithreading workers
  91. - Test controllers
  92. - Added websockets technology (orbited)
  93. - Added update option
  94. - DoS (server) side injection
  95. - DCP/DOM/Induced final code
  96. - Code clean
  97. - Bugfixing
  98. - New options menu
  99. - More advanced statistics system
  100. =================
  101. November 7, 2010:
  102. =================
  103. - Added "final remote injections" option
  104. - Cross Flash Attack!
  105. - Cross Frame Scripting
  106. - Data Control Protocol Injections
  107. - Base64 (rfc2397) PoC
  108. - OnMouseMove PoC
  109. - Browser launcher
  110. - Code clean
  111. - Bugfixing
  112. - New options menu
  113. - Pre-check system
  114. - Crawler spidering clones
  115. - More advanced statistics system
  116. - "Mana" ouput results
  117. =================
  118. September 22, 2010:
  119. =================
  120. - Added a-xml exporter
  121. - ImageXSS
  122. - New dorker engines (total 10)
  123. - Core clean
  124. - Bugfixing
  125. - Social Networking auto-publisher
  126. - Started -federated- XSS (full disclosure) pentesting botnet
  127. http://identi.ca/xsserbot01
  128. http://twitter.com/xsserbot01
  129. =================
  130. August 20, 2010:
  131. =================
  132. - Added attack payloads to fuzzer (26 new injections)
  133. - POST
  134. - Statistics
  135. - URL Shorteners
  136. - IP Octal
  137. - Post-processing payloading
  138. - DOM Shadows!
  139. - Cookie injector
  140. - Browser DoS (Denegation of Service)
  141. =================
  142. July 1, 2010:
  143. =================
  144. - Dorking
  145. - Crawling
  146. - IP DWORD + Core clean
  147. =================
  148. April 19, 2010:
  149. =================
  150. - HTTPS implemented + patched bugs
  151. =================
  152. March 22, 2010:
  153. =================
  154. - Added "inject your own payload" option. Can be used with all character encoding -bypassers- of XSSer
  155. =================
  156. March 18, 2010:
  157. =================
  158. - Added attack payloads to fuzzer (62 different XSS injections)
  159. =================
  160. March 16, 2010:
  161. =================
  162. - Added new payload encoders to bypass filters