README.md 2.5 KB
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
It provides several options to try to bypass certain filters and various special techniques for code injection.
XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:
[PHPIDS]: PHP-IDS
[Imperva]: Imperva Incapsula WAF
[WebKnight]: WebKnight WAF
[F5]: F5 Big IP WAF
[Barracuda]: Barracuda WAF
[ModSec]: Mod-Security
[QuickDF]: QuickDefense
[Chrome]: Google Chrome
[IE]: Internet Explorer
[FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
[NS-IE]: Netscape in IE rendering engine mode
[NS-G]: Netscape in the Gecko rendering engine mode
[Opera]: Opera
Installing:
XSSer runs on many platforms. It requires Python and the following libraries:
python-pycurl - Python bindings to libcurl
python-xmlbuilder - create xml/(x)html files - Python 2.x
python-beautifulsoup - error-tolerant HTML parser for Python
python-geoip - Python bindings for the GeoIP IP-to-country resolver library
On Debian-based systems (ex: Ubuntu), run:
sudo apt-get install python-pycurl python-xmlbuilder python-beautifulsoup python-geoip
On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:
pip install geoip
Source libs:
- Python: https://www.python.org/downloads/
- PyCurl: http://pycurl.sourceforge.net/
- PyBeautifulSoup: https://pypi.python.org/pypi/BeautifulSoup
- PyGeoIP: https://pypi.python.org/pypi/GeoIP
License:
XSSer is released under the GPLv3. You can find the full license text in the LICENSE file.
Screenshots:
