{"id":13474273,"url":"https://github.com/epsylon/xsser","last_synced_at":"2025-05-15T19:09:02.803Z","repository":{"id":41548597,"uuid":"7184441","full_name":"epsylon/xsser","owner":"epsylon","description":"Cross Site \"Scripter\" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.","archived":false,"fork":false,"pushed_at":"2024-09-17T07:58:12.000Z","size":17611,"stargazers_count":1290,"open_issues_count":1,"forks_count":248,"subscribers_count":41,"default_branch":"master","last_synced_at":"2025-04-12T22:17:55.018Z","etag":null,"topics":["exploiting","pentesting","toolkit","xss","xsser"],"latest_commit_sha":null,"homepage":"https://xsser.03c8.net","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/epsylon.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2012-12-15T21:59:53.000Z","updated_at":"2025-04-12T06:39:34.000Z","dependencies_parsed_at":"2024-01-14T08:57:33.956Z","dependency_job_id":"390df3ac-58f9-435c-9b71-a743331716f4","html_url":"https://github.com/epsylon/xsser","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epsylon%2Fxsser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epsylon%2Fxsser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epsylon%2Fxsser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epsylon%2Fxsser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/epsylon","download_url":"https://codeload.github.com/epsylon/xsser/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254404357,"owners_count":22065641,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploiting","pentesting","toolkit","xss","xsser"],"created_at":"2024-07-31T16:01:10.952Z","updated_at":"2025-05-15T19:09:02.783Z","avatar_url":"https://github.com/epsylon.png","language":"Python","funding_links":[],"categories":["Uncategorized","Python","Exploitation","Weapons","Tools","其他_安全与渗透","Security"],"sub_categories":["Uncategorized","XSS Injection","Tools","网络服务_其他","Web Application Pentesting","Security tools"],"readme":"  ![XSSer](https://xsser.03c8.net/xsser/thehive1.png \"XSSer\")\n\n----------\n\n + Web: https://xsser.03c8.net\n\n----------\n\n  Cross Site \"Scripter\" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.\n\n  It provides several options to try to bypass certain filters and various special techniques for code injection.\n\n  XSSer has pre-installed [ \u003e 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:\n\n     [PHPIDS]: PHP-IDS\n     [Imperva]: Imperva Incapsula WAF\n     [WebKnight]: WebKnight WAF\n     [F5]: F5 Big IP WAF\n     [Barracuda]: Barracuda WAF\n     [ModSec]: Mod-Security\n     [QuickDF]: QuickDefense\n     [Sucuri]: SucuriWAF \n     [Chrome]: Google Chrome\n     [IE]: Internet Explorer\n     [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel\n     [NS-IE]: Netscape in IE rendering engine mode\n     [NS-G]: Netscape in the Gecko rendering engine mode\n     [Opera]: Opera Browser\n\n  ![XSSer](https://xsser.03c8.net/xsser/url_generation.png \"XSSer URL Generation Schema\")\n\n----------\n\n#### Installing:\n\nXSSer runs on many platforms. It requires Python (3.x) and the following libraries:\n\n    - python3-pycurl - Python bindings to libcurl (Python 3)\n    - python3-bs4 - error-tolerant HTML parser for Python 3\n    - python3-geoip - Python3 bindings for the GeoIP IP-to-country resolver library\n    - python3-gi - Python 3 bindings for gobject-introspection libraries\n    - python3-cairocffi - cffi-based cairo bindings for Python (Python3)\n    - python3-selenium - Python3 bindings for Selenium\n    - firefoxdriver - Firefox WebDriver support\n\nOn Debian-based systems (ex: Ubuntu), run: \n\n    sudo apt-get install python3-pycurl python3-bs4 python3-geoip python3-gi python3-cairocffi python3-selenium firefoxdriver\n\nOn other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:\n\n    sudo pip3 install pycurl bs4 pygeoip gobject cairocffi selenium\n\n####  Source libs:\n\n   * Python: https://www.python.org/downloads/\n   * PyCurl: http://pycurl.sourceforge.net/\n   * PyBeautifulSoup4: https://pypi.org/project/beautifulsoup4/\n   * PyGeoIP: https://pypi.org/project/pygeoip/\n   * PyGObject: https://pypi.org/project/gobject/\n   * PyCairocffi: https://pypi.org/project/cairocffi/\n   * PySelenium: https://pypi.org/project/selenium/\n\n----------\n\n####  License:\n\n  XSSer is released under the GPLv3. You can find the full license text\nin the [LICENSE](./docs/LICENSE) file.\n\n----------\n\n####  Screenshots:\n\n  ![XSSer](https://xsser.03c8.net/xsser/thehive2.png \"XSSer Shell\")\n\n  ![XSSer](https://xsser.03c8.net/xsser/thehive3.png \"XSSer Manifesto\")\n\n  ![XSSer](https://xsser.03c8.net/xsser/thehive4.png \"XSSer Configuration\")\n\n  ![XSSer](https://xsser.03c8.net/xsser/thehive5.png \"XSSer Bypassers\")\n\n  ![XSSer](https://xsser.03c8.net/xsser/thehive6.png \"XSSer [HTTP GET] [LOCAL] Reverse Exploit\")\n\n  ![XSSer](https://xsser.03c8.net/xsser/thehive7.png \"XSSer [HTTP POST] [REMOTE] Reverse Exploit\")\n\n  ![XSSer](https://xsser.03c8.net/xsser/thehive8.png \"XSSer [HTTP DOM] Exploit\")\n\n  ![XSSer](https://xsser.03c8.net/xsser/zika4.png \"XSSer GeoMap\")\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fepsylon%2Fxsser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fepsylon%2Fxsser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fepsylon%2Fxsser/lists"}