Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Assembly

Nix

Python

Erlang

Solidity

Crystal

Clojure

JavaScript

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Scala

F#

C++

Dart

Java

Elm

Erlang

Perl

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇸🇱 Sierra Leone

🇹🇳 Tunisia

🇧🇼 Botswana

🇱🇦 Laos

🇪🇬 Egypt

🇱🇹 Lithuania

🇱🇸 Lesotho

🇬🇲 The Gambia

All Countries Compare Countries

epsylon/xsser

Stars
969
Rank 46,866 (Top 1.0 %)
Language
Python
Created almost 12 years ago
Updated about 1 year ago

epsylon/xsser

epsylon

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Web: https://xsser.03c8.net

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

It provides several options to try to bypass certain filters and various special techniques for code injection.

XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:

 [PHPIDS]: PHP-IDS
 [Imperva]: Imperva Incapsula WAF
 [WebKnight]: WebKnight WAF
 [F5]: F5 Big IP WAF
 [Barracuda]: Barracuda WAF
 [ModSec]: Mod-Security
 [QuickDF]: QuickDefense
 [Sucuri]: SucuriWAF 
 [Chrome]: Google Chrome
 [IE]: Internet Explorer
 [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
 [NS-IE]: Netscape in IE rendering engine mode
 [NS-G]: Netscape in the Gecko rendering engine mode
 [Opera]: Opera Browser

Installing:

XSSer runs on many platforms. It requires Python (3.x) and the following libraries:

- python3-pycurl - Python bindings to libcurl (Python 3)
- python3-bs4 - error-tolerant HTML parser for Python 3
- python3-geoip - Python3 bindings for the GeoIP IP-to-country resolver library
- python3-gi - Python 3 bindings for gobject-introspection libraries
- python3-cairocffi - cffi-based cairo bindings for Python (Python3)
- python3-selenium - Python3 bindings for Selenium
- firefoxdriver - Firefox WebDriver support

On Debian-based systems (ex: Ubuntu), run:

sudo apt-get install python3-pycurl python3-bs4 python3-geoip python3-gi python3-cairocffi python3-selenium firefoxdriver

On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:

sudo pip3 install pycurl bs4 pygeoip gobject cairocffi selenium

Source libs:

Python: https://www.python.org/downloads/
PyCurl: http://pycurl.sourceforge.net/
PyBeautifulSoup4: https://pypi.org/project/beautifulsoup4/
PyGeoIP: https://pypi.org/project/pygeoip/
PyGObject: https://pypi.org/project/gobject/
PyCairocffi: https://pypi.org/project/cairocffi/
PySelenium: https://pypi.org/project/selenium/

License:

XSSer is released under the GPLv3. You can find the full license text in the LICENSE file.

Screenshots:

ufonet

UFONet - Denial of Service Toolkit

cintruder

Captcha Intruder (CIntrud3r) is an automatic pentesting tool to bypass captchas.

orb

Orb is a massive footprinting tool.

anontwi

Anontwi is a tool for OAuth2 applications (such as: GNUSocial, Twitter) that provides different layers of encryption, privacy methods and proxy features.

Smuggler

Smuggler can detect and exploit -HTTP Smuggling- vulnerabilities.

xss-http-injector

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

fuzzssh

FuzzSSH is a free software tool created to detect SSH (protocol) vulnerabilities.

paranoia-browser

pArAnoIA - Tiny "Secure" Browser

ecoin

ECOin is a P2P crypto-currency with the goal of providing a long-term energy-efficient digital economy strategy.

Neuralia

NeuraLIA tries to learn and reply the correct answer.

DiaNA

DiaNA can search and recognize patterns in DNA sequences.

oasis

SolarNET.HuB (SNH) - The Project Network - Oasis

propagare

Propagar(es): extracción, organización y análisis semántico de noticias.

pydog4apache

PyDog4Apache is an Apache web logs sneaker.

PyAISnake

PyAISnake is a python math-sandbox simulator built to teach AI models on how to solve problems related to spatial intelligence, through the classic video game "snake".

NoINIW2051

Shell-based CyberPunk m-RPG videogame.

brainstocker

BrAInStocker tries to predict (using Linear Regression) the next number within a series of random numbers.

m--github

Microsoft is acquiring GitHub so... #GoodByeGithub !

Elgg-Lorea-Hydra

This code is an updated version of Elgg 1.12.x (LTS version) with a selection of working mods, a new theme called "Hydra" and some advanced 'spanish' language translations...

x11-stack-corruption

X11/libX11.so.6 (XQueryKeymap) Stack corruption/Access violation [PoC+ Fuzzer]

collatz

An unsolved problem in mathematics

PandeMaths

PandeMaths simulates a mathematical model of pandemics.

euler-bricks

An unsolved problem in mathematics

meta-id

The meta-id firmware connects a micro-controller to the internet using an ESP8266 Wifi module.

goldbach

An unsolved problem in mathematics