• Stars
    star
    969
  • Rank 47,227 (Top 1.0 %)
  • Language
    Python
  • Created almost 12 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

XSSer



Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

It provides several options to try to bypass certain filters and various special techniques for code injection.

XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:

 [PHPIDS]: PHP-IDS
 [Imperva]: Imperva Incapsula WAF
 [WebKnight]: WebKnight WAF
 [F5]: F5 Big IP WAF
 [Barracuda]: Barracuda WAF
 [ModSec]: Mod-Security
 [QuickDF]: QuickDefense
 [Sucuri]: SucuriWAF 
 [Chrome]: Google Chrome
 [IE]: Internet Explorer
 [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
 [NS-IE]: Netscape in IE rendering engine mode
 [NS-G]: Netscape in the Gecko rendering engine mode
 [Opera]: Opera Browser

XSSer


Installing:

XSSer runs on many platforms. It requires Python (3.x) and the following libraries:

- python3-pycurl - Python bindings to libcurl (Python 3)
- python3-bs4 - error-tolerant HTML parser for Python 3
- python3-geoip - Python3 bindings for the GeoIP IP-to-country resolver library
- python3-gi - Python 3 bindings for gobject-introspection libraries
- python3-cairocffi - cffi-based cairo bindings for Python (Python3)
- python3-selenium - Python3 bindings for Selenium
- firefoxdriver - Firefox WebDriver support

On Debian-based systems (ex: Ubuntu), run:

sudo apt-get install python3-pycurl python3-bs4 python3-geoip python3-gi python3-cairocffi python3-selenium firefoxdriver

On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:

sudo pip3 install pycurl bs4 pygeoip gobject cairocffi selenium

Source libs:


License:

XSSer is released under the GPLv3. You can find the full license text in the LICENSE file.


Screenshots:

XSSer

XSSer

XSSer

XSSer

XSSer

XSSer

XSSer

XSSer

More Repositories

1

ufonet

UFONet - Denial of Service Toolkit
JavaScript
1,910
star
2

cintruder

Captcha Intruder (CIntrud3r) is an automatic pentesting tool to bypass captchas.
Python
227
star
3

orb

Orb is a massive footprinting tool.
Python
41
star
4

anontwi

Anontwi is a tool for OAuth2 applications (such as: GNUSocial, Twitter) that provides different layers of encryption, privacy methods and proxy features.
Python
30
star
5

Smuggler

Smuggler can detect and exploit -HTTP Smuggling- vulnerabilities.
Python
24
star
6

xss-http-injector

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.
PHP
21
star
7

fuzzssh

FuzzSSH is a free software tool created to detect SSH (protocol) vulnerabilities.
Python
17
star
8

paranoia-browser

pArAnoIA - Tiny "Secure" Browser
Python
12
star
9

ecoin

ECOin is a P2P crypto-currency with the goal of providing a long-term energy-efficient digital economy strategy.
C++
11
star
10

Neuralia

NeuraLIA tries to learn and reply the correct answer.
Python
8
star
11

DiaNA

DiaNA can search and recognize patterns in DNA sequences.
Python
7
star
12

oasis

SolarNET.HuB (SNH) - The Project Network - Oasis
JavaScript
7
star
13

propagare

Propagar(es): extracción, organización y análisis semántico de noticias.
Python
7
star
14

pydog4apache

PyDog4Apache is an Apache web logs sneaker.
Python
6
star
15

PyAISnake

PyAISnake is a python math-sandbox simulator built to teach AI models on how to solve problems related to spatial intelligence, through the classic video game "snake".
Python
6
star
16

NoINIW2051

Shell-based CyberPunk m-RPG videogame.
Python
4
star
17

brainstocker

BrAInStocker tries to predict (using Linear Regression) the next number within a series of random numbers.
Python
4
star
18

m--github

Microsoft is acquiring GitHub so... #GoodByeGithub !
3
star
19

Elgg-Lorea-Hydra

This code is an updated version of Elgg 1.12.x (LTS version) with a selection of working mods, a new theme called "Hydra" and some advanced 'spanish' language translations...
PHP
3
star
20

x11-stack-corruption

X11/libX11.so.6 (XQueryKeymap) Stack corruption/Access violation [PoC+ Fuzzer]
Python
3
star
21

collatz

An unsolved problem in mathematics
Python
2
star
22

PandeMaths

PandeMaths simulates a mathematical model of pandemics.
Python
2
star
23

euler-bricks

An unsolved problem in mathematics
Python
2
star
24

meta-id

The meta-id firmware connects a micro-controller to the internet using an ESP8266 Wifi module.
C
1
star
25

goldbach

An unsolved problem in mathematics
Python
1
star