CHANGELOG 5.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215
  1. ================================================================
  2. Changelog: XSSer v1.8.4 (https://xsser.03c8.net)
  3. ==============================
  4. =================
  5. March 6, 2021:
  6. =================
  7. - Bugfixing
  8. =================
  9. March 3, 2020:
  10. =================
  11. - Modified/Updated: anti false positives checkers
  12. - Added: internal 'headless' browser: gecko/firefox engine
  13. - Modified/Updated: --reverse-check (GET/POST) (local/remote)
  14. - Removed: --reverse-open
  15. - Modified/Updated: DOM attack (added vectors: 13)
  16. - Modified/Updated: GTK+
  17. - Added: Requirements
  18. - Updated: Documentation
  19. - Updated: Website
  20. =================
  21. November 16, 2019:
  22. =================
  23. - Ported to: Python3.x
  24. - Bugfixing
  25. - Added: Anti-antiXSS Firewall rules (Bypassers provided: SucuriWAF)
  26. - Modified/Updated: GTK+
  27. - Added: Requirements
  28. - Updated: Documentation
  29. - Updated: Website
  30. =================
  31. September 20, 2019:
  32. =================
  33. - Re-factorized: Main(), Hashers, Payloaders, Reporters, Exporters...
  34. - Removed: deprecated features
  35. - Removed: --no-head (from default)
  36. - Added: new options: --check-tor, --auto-set, --auto-info and --auto-random
  37. - Added: new search engines: duck, startpage
  38. - Added: new dorks (Total: 40)
  39. - Added: Anti-antiXSS Firewall rules (Bypassers provided for: Firefox, IE, Opera, Chrome)
  40. - Modified/Updated: DCP (Data Control Protocol) method
  41. - Modified/Updated: HTTPrs (HTTP Response Splitting) injections
  42. - Modified/Updated: GTK+
  43. - Modified/Updated: Crawler/Spidering
  44. - Updated: "Extra Attacks" (XSA, XSR, COOKIE)
  45. - Updated: Automatic XSS vectors list (Total: 1326 = XSS: 1293 + DCP: 16 + DOM: 6 + HTTPsr: 11)
  46. - Updated: XSSer tool updater
  47. - Updated: Documentation
  48. =================
  49. April 12, 2018:
  50. =================
  51. - Removed: deprecated features (search engines, SSLv3...)
  52. - Fixed: auto-update option
  53. =================
  54. February 24, 2016:
  55. =================
  56. - Removed: deprecated features
  57. - Updated: Automatic XSS vectors list (Total: 578 = XSS: 558 + DCP: 4 + DOM: 5 + HTTPsr: 11)
  58. - Added: XST (Cross Site Tracing)
  59. - Advanced: XSA (Cross Site Agent), XSR (Cross Site Referer) and Cookie Injection
  60. - Updated/Fixed: Dorkering system (Search engines supported: duck, bing, google, yahoo, yandex)
  61. - Added: Dorking from file (30 potential 'XSS dorks' provided)
  62. - Added: Mass-Dorking (search with all search engines provided)
  63. - Added: Discarding response method to evade false positives
  64. - Added: Anti-antiXSS Firewall rules (Bypassers provided for: PHPIDS, Imperva, WebKnight, F5BigIP, Barracuda, Apache-Modsec, QuickDefense)
  65. - Added: 'Wizard Helper' to shell mode
  66. - Updated: XSSer tool updater
  67. - Updated: 'Mana' system
  68. - Fixed: Crawlering system
  69. - Added: feature: 'Automatically audit an entire target"
  70. - Modified/Updated: GTK+
  71. - Added: Requirements
  72. - Updated: Documentation
  73. =================
  74. November 28, 2011:
  75. =================
  76. - Added: Drop Cookie option
  77. - Added: Random IP X-Forwarded-For an X-Client-IP option
  78. - Added: GSS and NTLM authentication methods
  79. - Added: Ignore proxy option
  80. - Added: TCP-NODELAY option
  81. - Added: Follow redirects option
  82. - Added: Follow redirects limiter parameter
  83. - Added: Auto-HEAD precheck system
  84. - Added: No-HEAD option
  85. - Added: Isalive option
  86. - Added: Check at url option (Blind XSS)
  87. - Added: Reverse Check parameter
  88. - Added: PHPIDS (v.0.6.5) exploit
  89. - Added: More vectors to auto-payloading
  90. - Added: HTML5 studied vectors
  91. - Fixed: Different bugs on core
  92. - Fixed: Curl handlerer options
  93. - Fixed: Dorkerers system
  94. - Fixed: Bugs on results propagation
  95. - Fixed: POST requests
  96. - Added: New features to GTK controller
  97. - Added: Detailed views to GTK interface
  98. =================
  99. February 21, 2011:
  100. =================
  101. - Added: heuristic test
  102. - Updated: dorkers list
  103. - Added: HTTP Response Splitting Induced
  104. - Added: GTK+ interface
  105. - Added: Geomapping
  106. - Added: Multithreading workers
  107. - Added: Test controllers
  108. - Added: websockets technology (orbited)
  109. - Added: update option
  110. - Added: DoS (server) side injection
  111. - Added: DCP/DOM/Induced final code
  112. - Updated: Code clean
  113. - Bugfixing
  114. - Added: New options menu
  115. - Advanced: statistics system
  116. =================
  117. November 7, 2010:
  118. =================
  119. - Added: "final remote injections" option
  120. - Added: Cross Flash Attack!
  121. - Added: Cross Frame Scripting
  122. - Added: Data Control Protocol Injections
  123. - Added: Base64 (rfc2397) PoC
  124. - Added: OnMouseMove PoC
  125. - Added: Browser launcher
  126. - Updated: Code clean
  127. - Bugfixing
  128. - Added: New options menu
  129. - Added: Pre-check system
  130. - Added: Crawler spidering clones
  131. - Added: More Advanced: statistics system
  132. - Added: "Mana" ouput results
  133. =================
  134. September 22, 2010:
  135. =================
  136. - Added: a-xml exporter
  137. - ImageXSS
  138. - New dorker engines (total 10)
  139. - Updated: Code clean
  140. - Bugfixing
  141. - Social Networking auto-publisher
  142. - Started -federated- XSS (full disclosure) pentesting botnet
  143. http://identi.ca/xsserbot01
  144. http://twitter.com/xsserbot01
  145. =================
  146. August 20, 2010:
  147. =================
  148. - Added: attack payloads to fuzzer (26 new injections)
  149. - Added: POST
  150. - Added: Statistics
  151. - Added: URL Shorteners
  152. - Added: IP Octal
  153. - Added: Post-processing payloading
  154. - Added: DOM Shadows!
  155. - Added: Cookie injector
  156. - Added: Browser DoS (Denegation of Service)
  157. =================
  158. July 1, 2010:
  159. =================
  160. - Added: Dorking
  161. - Added: Crawling
  162. - Added: IP DWORD
  163. - Updated: Code clean
  164. =================
  165. April 19, 2010:
  166. =================
  167. - Bugfixing
  168. - Added: HTTPS
  169. =================
  170. March 22, 2010:
  171. =================
  172. - Added: "inject your own payload" option. Can be used with all character encoding -bypassers- of XSSer
  173. =================
  174. March 18, 2010:
  175. =================
  176. - Added: attack payloads to fuzzer (62 different XSS injections)
  177. =================
  178. March 16, 2010:
  179. =================
  180. - Added: new payload encoders to bypass filters