CHANGELOG 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181
  1. ================================================================
  2. Changelog: XSSer v1.8.1 (https://xsser.03c8.net)
  3. ==============================
  4. =================
  5. September 20, 2019:
  6. =================
  7. - Re-factorized: Main(), Hashers, Payloaders, Reporters, Exporters...
  8. - Removed: deprecated features
  9. - Removed: --no-head (from default)
  10. - Added: new options: --check-tor, --auto-set, --auto-info and --auto-random
  11. - Added: new search engines: duck, startpage
  12. - Added: new dorks (Total: 40)
  13. - Added: Anti-antiXSS Firewall rules (Bypassers provided for: Firefox, IE, Opera, Chrome)
  14. - Modified/Updated: DCP (Data Control Protocol) method
  15. - Modified/Updated: HTTPrs (HTTP Response Splitting) injections
  16. - Modified/Updated: GTK+
  17. - Modified/Updated: Crawler/Spidering
  18. - Updated: "Extra Attacks" (XSA, XSR, COOKIE)
  19. - Updated: Automatic XSS vectors list (Total: 1326 = XSS: 1293 + DCP: 16 + DOM: 6 + HTTPsr: 11)
  20. - Updated: XSSer tool updater
  21. - Updated: Documentation
  22. =================
  23. April 12, 2018:
  24. =================
  25. - Removed deprecated features (search engines, SSLv3...)
  26. - Fixed auto-update option
  27. =================
  28. February 24, 2016:
  29. =================
  30. - Removed deprecated features
  31. - Updated Automatic XSS vectors list (Total: 578 = XSS: 558 + DCP: 4 + DOM: 5 + HTTPsr: 11)
  32. - Added XST (Cross Site Tracing)
  33. - Advanced XSA (Cross Site Agent), XSR (Cross Site Referer) and Cookie Injection
  34. - Updated/Fixed Dorkering system (Search engines supported: duck, bing, google, yahoo, yandex)
  35. - Added Dorking from file (30 potential 'XSS dorks' provided)
  36. - Added Mass-Dorking (search with all search engines provided)
  37. - Added Discarding response method to evade false positives
  38. - Added Anti-antiXSS Firewall rules (Bypassers provided for: PHPIDS, Imperva, WebKnight, F5BigIP, Barracuda, Apache-Modsec, QuickDefense)
  39. - Added 'Wizard Helper' to shell mode
  40. - Updated XSSer tool updater
  41. - Updated 'Mana' system
  42. - Fixed Crawlering system
  43. - Added feature: 'Automatically audit an entire target"
  44. - Modified/Updated GTK+
  45. - Added Requirements
  46. - Updated Documentation
  47. =================
  48. November 28, 2011:
  49. =================
  50. - Added Drop Cookie option
  51. - Added Random IP X-Forwarded-For an X-Client-IP option
  52. - Added GSS and NTLM authentication methods
  53. - Added Ignore proxy option
  54. - Added TCP-NODELAY option
  55. - Added Follow redirects option
  56. - Added Follow redirects limiter parameter
  57. - Added Auto-HEAD precheck system
  58. - Added No-HEAD option
  59. - Added Isalive option
  60. - Added Check at url option (Blind XSS)
  61. - Added Reverse Check parameter
  62. - Added PHPIDS (v.0.6.5) exploit
  63. - Added More vectors to auto-payloading
  64. - Added HTML5 studied vectors
  65. - Fixed Different bugs on core
  66. - Fixed Curl handlerer options
  67. - Fixed Dorkerers system
  68. - Fixed Bugs on results propagation
  69. - Fixed POST requests
  70. - Added New features to GTK controller
  71. - Added Detailed views to GTK interface
  72. =================
  73. February 21, 2011:
  74. =================
  75. - Added heuristic test
  76. - Updated dorkers list
  77. - HTTP Response Splitting Induced code
  78. - GTK+ interface
  79. - Geomapping
  80. - Multithreading workers
  81. - Test controllers
  82. - Added websockets technology (orbited)
  83. - Added update option
  84. - DoS (server) side injection
  85. - DCP/DOM/Induced final code
  86. - Code clean
  87. - Bugfixing
  88. - New options menu
  89. - More advanced statistics system
  90. =================
  91. November 7, 2010:
  92. =================
  93. - Added "final remote injections" option
  94. - Cross Flash Attack!
  95. - Cross Frame Scripting
  96. - Data Control Protocol Injections
  97. - Base64 (rfc2397) PoC
  98. - OnMouseMove PoC
  99. - Browser launcher
  100. - Code clean
  101. - Bugfixing
  102. - New options menu
  103. - Pre-check system
  104. - Crawler spidering clones
  105. - More advanced statistics system
  106. - "Mana" ouput results
  107. =================
  108. September 22, 2010:
  109. =================
  110. - Added a-xml exporter
  111. - ImageXSS
  112. - New dorker engines (total 10)
  113. - Core clean
  114. - Bugfixing
  115. - Social Networking auto-publisher
  116. - Started -federated- XSS (full disclosure) pentesting botnet
  117. http://identi.ca/xsserbot01
  118. http://twitter.com/xsserbot01
  119. =================
  120. August 20, 2010:
  121. =================
  122. - Added attack payloads to fuzzer (26 new injections)
  123. - POST
  124. - Statistics
  125. - URL Shorteners
  126. - IP Octal
  127. - Post-processing payloading
  128. - DOM Shadows!
  129. - Cookie injector
  130. - Browser DoS (Denegation of Service)
  131. =================
  132. July 1, 2010:
  133. =================
  134. - Dorking
  135. - Crawling
  136. - IP DWORD + Core clean
  137. =================
  138. April 19, 2010:
  139. =================
  140. - HTTPS implemented + patched bugs
  141. =================
  142. March 22, 2010:
  143. =================
  144. - Added "inject your own payload" option. Can be used with all character encoding -bypassers- of XSSer
  145. =================
  146. March 18, 2010:
  147. =================
  148. - Added attack payloads to fuzzer (62 different XSS injections)
  149. =================
  150. March 16, 2010:
  151. =================
  152. - Added new payload encoders to bypass filters