dom. Dic 8th, 2019

KelvinSecurity

KelvinSecurity – News – Cyber Security News – ETHICAL HACKINg – Pentesting – OSINT

XSSER – Cross Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS

1 min read

Cross Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

It provides several options to try to bypass certain filters and various special techniques for code injection.

XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:

 [PHPIDS]: PHP-IDS
 [Imperva]: Imperva Incapsula WAF
 [WebKnight]: WebKnight WAF
 [F5]: F5 Big IP WAF
 [Barracuda]: Barracuda WAF
 [ModSec]: Mod-Security
 [QuickDF]: QuickDefense
 [Chrome]: Google Chrome
 [IE]: Internet Explorer
 [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
 [NS-IE]: Netscape in IE rendering engine mode
 [NS-G]: Netscape in the Gecko rendering engine mode
 [Opera]: Opera 

Installing:

XSSer runs on many platforms. It requires Python and the following libraries:

  python-pycurl - Python bindings to libcurl
  python-xmlbuilder - create xml/(x)html files - Python 2.x
  python-beautifulsoup - error-tolerant HTML parser for Python
  python-geoip - Python bindings for the GeoIP IP-to-country resolver library

On Debian-based systems (ex: Ubuntu), run:

  sudo apt-get install python-pycurl python-xmlbuilder python-beautifulsoup python-geoip

On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc… also run:

  pip install geoip 

Source libs:

https://github.com/epsylon/xsser

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

5 − uno =

Copyright © All rights reserved. | Newsphere by AF themes.