123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181 |
- ================================================================
- Changelog: XSSer v1.8.1 (https://xsser.03c8.net)
- ==============================
- =================
- September 20, 2019:
- =================
- - Re-factorized: Main(), Hashers, Payloaders, Reporters, Exporters...
- - Removed: deprecated features
- - Removed: --no-head (from default)
- - Added: new options: --check-tor, --auto-set, --auto-info and --auto-random
- - Added: new search engines: duck, startpage
- - Added: new dorks (Total: 40)
- - Added: Anti-antiXSS Firewall rules (Bypassers provided for: Firefox, IE, Opera, Chrome)
- - Modified/Updated: DCP (Data Control Protocol) method
- - Modified/Updated: HTTPrs (HTTP Response Splitting) injections
- - Modified/Updated: GTK+
- - Modified/Updated: Crawler/Spidering
- - Updated: "Extra Attacks" (XSA, XSR, COOKIE)
- - Updated: Automatic XSS vectors list (Total: 1326 = XSS: 1293 + DCP: 16 + DOM: 6 + HTTPsr: 11)
- - Updated: XSSer tool updater
- - Updated: Documentation
- =================
- April 12, 2018:
- =================
- - Removed deprecated features (search engines, SSLv3...)
- - Fixed auto-update option
- =================
- February 24, 2016:
- =================
- - Removed deprecated features
- - Updated Automatic XSS vectors list (Total: 578 = XSS: 558 + DCP: 4 + DOM: 5 + HTTPsr: 11)
- - Added XST (Cross Site Tracing)
- - Advanced XSA (Cross Site Agent), XSR (Cross Site Referer) and Cookie Injection
- - Updated/Fixed Dorkering system (Search engines supported: duck, bing, google, yahoo, yandex)
- - Added Dorking from file (30 potential 'XSS dorks' provided)
- - Added Mass-Dorking (search with all search engines provided)
- - Added Discarding response method to evade false positives
- - Added Anti-antiXSS Firewall rules (Bypassers provided for: PHPIDS, Imperva, WebKnight, F5BigIP, Barracuda, Apache-Modsec, QuickDefense)
- - Added 'Wizard Helper' to shell mode
- - Updated XSSer tool updater
- - Updated 'Mana' system
- - Fixed Crawlering system
- - Added feature: 'Automatically audit an entire target"
- - Modified/Updated GTK+
- - Added Requirements
- - Updated Documentation
- =================
- November 28, 2011:
- =================
- - Added Drop Cookie option
- - Added Random IP X-Forwarded-For an X-Client-IP option
- - Added GSS and NTLM authentication methods
- - Added Ignore proxy option
- - Added TCP-NODELAY option
- - Added Follow redirects option
- - Added Follow redirects limiter parameter
- - Added Auto-HEAD precheck system
- - Added No-HEAD option
- - Added Isalive option
- - Added Check at url option (Blind XSS)
- - Added Reverse Check parameter
- - Added PHPIDS (v.0.6.5) exploit
- - Added More vectors to auto-payloading
- - Added HTML5 studied vectors
- - Fixed Different bugs on core
- - Fixed Curl handlerer options
- - Fixed Dorkerers system
- - Fixed Bugs on results propagation
- - Fixed POST requests
- - Added New features to GTK controller
- - Added Detailed views to GTK interface
- =================
- February 21, 2011:
- =================
- - Added heuristic test
- - Updated dorkers list
- - HTTP Response Splitting Induced code
- - GTK+ interface
- - Geomapping
- - Multithreading workers
- - Test controllers
- - Added websockets technology (orbited)
- - Added update option
- - DoS (server) side injection
- - DCP/DOM/Induced final code
- - Code clean
- - Bugfixing
- - New options menu
- - More advanced statistics system
- =================
- November 7, 2010:
- =================
- - Added "final remote injections" option
- - Cross Flash Attack!
- - Cross Frame Scripting
- - Data Control Protocol Injections
- - Base64 (rfc2397) PoC
- - OnMouseMove PoC
- - Browser launcher
- - Code clean
- - Bugfixing
- - New options menu
- - Pre-check system
- - Crawler spidering clones
- - More advanced statistics system
- - "Mana" ouput results
- =================
- September 22, 2010:
- =================
- - Added a-xml exporter
- - ImageXSS
- - New dorker engines (total 10)
- - Core clean
- - Bugfixing
- - Social Networking auto-publisher
- - Started -federated- XSS (full disclosure) pentesting botnet
- http://identi.ca/xsserbot01
- http://twitter.com/xsserbot01
- =================
- August 20, 2010:
- =================
- - Added attack payloads to fuzzer (26 new injections)
- - POST
- - Statistics
- - URL Shorteners
- - IP Octal
- - Post-processing payloading
- - DOM Shadows!
- - Cookie injector
- - Browser DoS (Denegation of Service)
- =================
- July 1, 2010:
- =================
- - Dorking
- - Crawling
- - IP DWORD + Core clean
- =================
- April 19, 2010:
- =================
- - HTTPS implemented + patched bugs
- =================
- March 22, 2010:
- =================
- - Added "inject your own payload" option. Can be used with all character encoding -bypassers- of XSSer
- =================
- March 18, 2010:
- =================
- - Added attack payloads to fuzzer (62 different XSS injections)
- =================
- March 16, 2010:
- =================
- - Added new payload encoders to bypass filters
|