Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/epsylon/xsser
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
https://github.com/epsylon/xsser
exploiting pentesting toolkit xss xsser
Last synced: about 1 month ago
JSON representation
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
- Host: GitHub
- URL: https://github.com/epsylon/xsser
- Owner: epsylon
- Created: 2012-12-15T21:59:53.000Z (almost 12 years ago)
- Default Branch: master
- Last Pushed: 2024-09-17T07:58:12.000Z (about 2 months ago)
- Last Synced: 2024-09-26T22:04:22.633Z (about 1 month ago)
- Topics: exploiting, pentesting, toolkit, xss, xsser
- Language: Python
- Homepage: https://xsser.03c8.net
- Size: 16.8 MB
- Stars: 1,171
- Watchers: 41
- Forks: 238
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: .github/CONTRIBUTING.md
- Code of conduct: .github/CODE_OF_CONDUCT.md
Awesome Lists containing this project
- awesome-bugbounty-tools - xsser - Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. (Exploitation / XSS Injection)
- WebHackersWeapons - xsser - framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](https://img.shields.io/github/stars/epsylon/xsser?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| (Weapons / Tools)
- awesome-termux-hacking - xsser - Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications..[![->](https://img.shields.io/github/stars/epsylon/xsser.svg?style=social&label=Star&maxAge=2592000)](https://github.com/epsylon/xsser/stargazers/) (Uncategorized / Uncategorized)
- StarryDivineSky - epsylon/xsser
- awesome-cyber-security - XSSer - a tool to exploit XSS vulnerabilities. (Tools / Web Application Pentesting)
- awesome-cyber-security - XSSer - a tool to exploit XSS vulnerabilities. (Tools / Web Application Pentesting)
README
![XSSer](https://xsser.03c8.net/xsser/thehive1.png "XSSer")
----------
+ Web: https://xsser.03c8.net
----------
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
It provides several options to try to bypass certain filters and various special techniques for code injection.
XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:
[PHPIDS]: PHP-IDS
[Imperva]: Imperva Incapsula WAF
[WebKnight]: WebKnight WAF
[F5]: F5 Big IP WAF
[Barracuda]: Barracuda WAF
[ModSec]: Mod-Security
[QuickDF]: QuickDefense
[Sucuri]: SucuriWAF
[Chrome]: Google Chrome
[IE]: Internet Explorer
[FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
[NS-IE]: Netscape in IE rendering engine mode
[NS-G]: Netscape in the Gecko rendering engine mode
[Opera]: Opera Browser![XSSer](https://xsser.03c8.net/xsser/url_generation.png "XSSer URL Generation Schema")
----------
#### Installing:
XSSer runs on many platforms. It requires Python (3.x) and the following libraries:
- python3-pycurl - Python bindings to libcurl (Python 3)
- python3-bs4 - error-tolerant HTML parser for Python 3
- python3-geoip - Python3 bindings for the GeoIP IP-to-country resolver library
- python3-gi - Python 3 bindings for gobject-introspection libraries
- python3-cairocffi - cffi-based cairo bindings for Python (Python3)
- python3-selenium - Python3 bindings for Selenium
- firefoxdriver - Firefox WebDriver supportOn Debian-based systems (ex: Ubuntu), run:
sudo apt-get install python3-pycurl python3-bs4 python3-geoip python3-gi python3-cairocffi python3-selenium firefoxdriver
On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:
sudo pip3 install pycurl bs4 pygeoip gobject cairocffi selenium
#### Source libs:
* Python: https://www.python.org/downloads/
* PyCurl: http://pycurl.sourceforge.net/
* PyBeautifulSoup4: https://pypi.org/project/beautifulsoup4/
* PyGeoIP: https://pypi.org/project/pygeoip/
* PyGObject: https://pypi.org/project/gobject/
* PyCairocffi: https://pypi.org/project/cairocffi/
* PySelenium: https://pypi.org/project/selenium/----------
#### License:
XSSer is released under the GPLv3. You can find the full license text
in the [LICENSE](./docs/LICENSE) file.----------
#### Screenshots:
![XSSer](https://xsser.03c8.net/xsser/thehive2.png "XSSer Shell")
![XSSer](https://xsser.03c8.net/xsser/thehive3.png "XSSer Manifesto")
![XSSer](https://xsser.03c8.net/xsser/thehive4.png "XSSer Configuration")
![XSSer](https://xsser.03c8.net/xsser/thehive5.png "XSSer Bypassers")
![XSSer](https://xsser.03c8.net/xsser/thehive6.png "XSSer [HTTP GET] [LOCAL] Reverse Exploit")
![XSSer](https://xsser.03c8.net/xsser/thehive7.png "XSSer [HTTP POST] [REMOTE] Reverse Exploit")
![XSSer](https://xsser.03c8.net/xsser/thehive8.png "XSSer [HTTP DOM] Exploit")
![XSSer](https://xsser.03c8.net/xsser/zika4.png "XSSer GeoMap")