epsylon / Xsser
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
Stars: ✭ 606
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Xsser
xssmap
Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
Stars: ✭ 107 (-82.34%)
Mutual labels: xss, pentesting
Hackvault
A container repository for my public web hacks!
Stars: ✭ 1,364 (+125.08%)
Mutual labels: pentesting, xss
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+39.77%)
Mutual labels: pentesting, xss
xss-http-injector
XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.
Stars: ✭ 22 (-96.37%)
Mutual labels: toolkit, xss
Babysploit
👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍
Stars: ✭ 883 (+45.71%)
Mutual labels: toolkit, pentesting
Shuriken
Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.
Stars: ✭ 114 (-81.19%)
Mutual labels: pentesting, xss
vulnerabilities
List of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-97.69%)
Mutual labels: xss, pentesting
Findom Xss
A fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (-48.84%)
Mutual labels: pentesting, xss
Bpmn Js
A BPMN 2.0 rendering toolkit and web modeler.
Stars: ✭ 5,592 (+822.77%)
Mutual labels: toolkit
Platypus
🔨 A modern multiple reverse shell sessions manager wrote in go
Stars: ✭ 559 (-7.76%)
Mutual labels: pentesting
Yasuo
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (-14.69%)
Mutual labels: pentesting
Dearpygui
Dear PyGui: A fast and powerful Graphical User Interface Toolkit for Python with minimal dependencies
Stars: ✭ 6,631 (+994.22%)
Mutual labels: toolkit
Passphrase Wordlist
Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
Stars: ✭ 556 (-8.25%)
Mutual labels: pentesting
Bugcrowd Levelup Subdomain Enumeration
This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
Stars: ✭ 513 (-15.35%)
Mutual labels: pentesting
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (-16.01%)
Mutual labels: pentesting
Android Reports And Resources
A big list of Android Hackerone disclosed reports and other resources.
Stars: ✭ 590 (-2.64%)
Mutual labels: xss
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
It provides several options to try to bypass certain filters and various special techniques for code injection.
XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:
[PHPIDS]: PHP-IDS
[Imperva]: Imperva Incapsula WAF
[WebKnight]: WebKnight WAF
[F5]: F5 Big IP WAF
[Barracuda]: Barracuda WAF
[ModSec]: Mod-Security
[QuickDF]: QuickDefense
[Sucuri]: SucuriWAF
[Chrome]: Google Chrome
[IE]: Internet Explorer
[FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
[NS-IE]: Netscape in IE rendering engine mode
[NS-G]: Netscape in the Gecko rendering engine mode
[Opera]: Opera Browser
Installing:
XSSer runs on many platforms. It requires Python (3.x) and the following libraries:
- python3-pycurl - Python bindings to libcurl (Python 3)
- python3-bs4 - error-tolerant HTML parser for Python 3
- python3-geoip - Python3 bindings for the GeoIP IP-to-country resolver library
- python3-gi - Python 3 bindings for gobject-introspection libraries
- python3-cairocffi - cffi-based cairo bindings for Python (Python3)
- python3-selenium - Python3 bindings for Selenium
- firefoxdriver - Firefox WebDriver support
On Debian-based systems (ex: Ubuntu), run:
sudo apt-get install python3-pycurl python3-bs4 python3-geoip python3-gi python3-cairocffi python3-selenium firefoxdriver
On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:
sudo pip3 install pycurl bs4 pygeoip gobject cairocffi selenium
Source libs:
- Python: https://www.python.org/downloads/
- PyCurl: http://pycurl.sourceforge.net/
- PyBeautifulSoup4: https://pypi.org/project/beautifulsoup4/
- PyGeoIP: https://pypi.org/project/pygeoip/
- PyGObject: https://pypi.org/project/gobject/
- PyCairocffi: https://pypi.org/project/cairocffi/
- PySelenium: https://pypi.org/project/selenium/
License:
XSSer is released under the GPLv3. You can find the full license text in the LICENSE file.
Screenshots:
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].