Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/epsylon/xsser

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
https://github.com/epsylon/xsser

exploiting pentesting toolkit xss xsser

Last synced: about 1 month ago
JSON representation

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Host: GitHub
URL: https://github.com/epsylon/xsser
Owner: epsylon
Created: 2012-12-15T21:59:53.000Z (almost 12 years ago)
Default Branch: master
Last Pushed: 2024-09-17T07:58:12.000Z (about 2 months ago)
Last Synced: 2024-09-26T22:04:22.633Z (about 1 month ago)
Topics: exploiting, pentesting, toolkit, xss, xsser
Language: Python
Homepage: https://xsser.03c8.net
Size: 16.8 MB
Stars: 1,171
Watchers: 41
Forks: 238
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: .github/CONTRIBUTING.md
- Code of conduct: .github/CODE_OF_CONDUCT.md

Awesome Lists containing this project

awesome-bugbounty-tools - xsser - Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. (Exploitation / XSS Injection)
WebHackersWeapons - xsser - framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](https://img.shields.io/github/stars/epsylon/xsser?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| (Weapons / Tools)
awesome-termux-hacking - xsser - Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications..[![->](https://img.shields.io/github/stars/epsylon/xsser.svg?style=social&label=Star&maxAge=2592000)](https://github.com/epsylon/xsser/stargazers/) (Uncategorized / Uncategorized)
StarryDivineSky - epsylon/xsser
awesome-cyber-security - XSSer - a tool to exploit XSS vulnerabilities. (Tools / Web Application Pentesting)
awesome-cyber-security - XSSer - a tool to exploit XSS vulnerabilities. (Tools / Web Application Pentesting)

README

          ![XSSer](https://xsser.03c8.net/xsser/thehive1.png "XSSer")

----------

 + Web: https://xsser.03c8.net

----------

  Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

  It provides several options to try to bypass certain filters and various special techniques for code injection.

  XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:

     [PHPIDS]: PHP-IDS

     [Imperva]: Imperva Incapsula WAF

     [WebKnight]: WebKnight WAF

     [F5]: F5 Big IP WAF

     [Barracuda]: Barracuda WAF

     [ModSec]: Mod-Security

     [QuickDF]: QuickDefense

     [Sucuri]: SucuriWAF 

     [Chrome]: Google Chrome

     [IE]: Internet Explorer

     [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel

     [NS-IE]: Netscape in IE rendering engine mode

     [NS-G]: Netscape in the Gecko rendering engine mode

     [Opera]: Opera Browser

  ![XSSer](https://xsser.03c8.net/xsser/url_generation.png "XSSer URL Generation Schema")

----------

#### Installing:

XSSer runs on many platforms. It requires Python (3.x) and the following libraries:

    - python3-pycurl - Python bindings to libcurl (Python 3)

    - python3-bs4 - error-tolerant HTML parser for Python 3

    - python3-geoip - Python3 bindings for the GeoIP IP-to-country resolver library

    - python3-gi - Python 3 bindings for gobject-introspection libraries

    - python3-cairocffi - cffi-based cairo bindings for Python (Python3)

    - python3-selenium - Python3 bindings for Selenium

    - firefoxdriver - Firefox WebDriver support

On Debian-based systems (ex: Ubuntu), run: 

    sudo apt-get install python3-pycurl python3-bs4 python3-geoip python3-gi python3-cairocffi python3-selenium firefoxdriver

On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:

    sudo pip3 install pycurl bs4 pygeoip gobject cairocffi selenium

####  Source libs:

   * Python: https://www.python.org/downloads/

   * PyCurl: http://pycurl.sourceforge.net/

   * PyBeautifulSoup4: https://pypi.org/project/beautifulsoup4/

   * PyGeoIP: https://pypi.org/project/pygeoip/

   * PyGObject: https://pypi.org/project/gobject/

   * PyCairocffi: https://pypi.org/project/cairocffi/

   * PySelenium: https://pypi.org/project/selenium/

----------

####  License:

  XSSer is released under the GPLv3. You can find the full license text

in the [LICENSE](./docs/LICENSE) file.

----------

####  Screenshots:

  ![XSSer](https://xsser.03c8.net/xsser/thehive2.png "XSSer Shell")

  ![XSSer](https://xsser.03c8.net/xsser/thehive3.png "XSSer Manifesto")

  ![XSSer](https://xsser.03c8.net/xsser/thehive4.png "XSSer Configuration")

  ![XSSer](https://xsser.03c8.net/xsser/thehive5.png "XSSer Bypassers")

  ![XSSer](https://xsser.03c8.net/xsser/thehive6.png "XSSer [HTTP GET] [LOCAL] Reverse Exploit")

  ![XSSer](https://xsser.03c8.net/xsser/thehive7.png "XSSer [HTTP POST] [REMOTE] Reverse Exploit")

  ![XSSer](https://xsser.03c8.net/xsser/thehive8.png "XSSer [HTTP DOM] Exploit")

  ![XSSer](https://xsser.03c8.net/xsser/zika4.png "XSSer GeoMap")