[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] XSSer v.1.8[1] - "The Hive!" released

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] XSSer v.1.8[1] - "The Hive!" released
From: psy <epsylon@xxxxxxxxxx>
Date: Mon, 23 Sep 2019 10:46:02 +0200

Hi FD,

I am glad to present a new release of this tool:

  - https://xsser.03c8.net

---------

"Cross Site "Scripter" (aka XSSer) is an automatic -framework- to
detect, exploit and report XSS vulnerabilities in web-based
applications. It provides several options to try to bypass certain
filters and various special techniques for code injection."

---------

XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can
bypass-exploit code on several browsers/WAFs:

 - [PHPIDS]: PHP-IDS
 - [Imperva]: Imperva Incapsula WAF
 - [WebKnight]: WebKnight WAF
 - [F5]: F5 Big IP WAF
 - [Barracuda]: Barracuda WAF
 - [ModSec]: Mod-Security
 - [QuickDF]: QuickDefense
 - [Chrome]: Google Chrome
 - [IE]: Internet Explorer
 - [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
 - [NS-IE]: Netscape in IE rendering engine mode
 - [NS-G]: Netscape in the Gecko rendering engine mode
 - [Opera]: Opera

---------

This release (v1.8.1) called "The Hive!" has added this new features:

 * Re-factorized: Main(), Hashers, Payloaders, Reporters, Exporters...
 * Removed: deprecated features
 * Removed: --no-head (from default)
 * Added: --check-tor, --auto-set, --auto-info and --auto-random
 * Added: new search engines: duck, startpage
 * Added: new dorks (Total: 40)
 * Added: Anti-antiXSS Firewall rules (Firefox, IE, Opera, Chrome)
 * Modified/Updated: DCP (Data Control Protocol) method
 * Modified/Updated: HTTPrs (HTTP Response Splitting) injections
 * Modified/Updated: GTK+
 * Modified/Updated: Crawler/Spidering
 * Updated: "Extra Attacks" (XSA, XSR, COOKIE)
 * Updated: Automatic XSS vectors list (Total: 1326)
 * Updated: XSSer tool updater
 * Updated: Documentation
 * [...]

---------

Media/Contribution:

  - https://xsser.03c8.net/xsser/hive.webm

---------

Code/Packages:

  * [source]:

  - https://code.03c8.net/epsylon/xsser

  * [mirror]:

  - https://github.com/epsylon/xsser

--------

  * [.zip]:

  - https://xsser.03c8.net/xsser/xsser_1.8-1.zip

  * [.tar.gz]:

  - https://xsser.03c8.net/xsser/xsser_1.8-1.tar.gz

-------------------------

Happy "Cross" Hacking! ;-)

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Bug Bounty Competition 2019
Next by Date: [FD] vBulletin 5.x 0day pre-auth RCE exploit
Previous by thread: [FD] Bug Bounty Competition 2019
Next by thread: [FD] vBulletin 5.x 0day pre-auth RCE exploit
Index(es):
- Date
- Thread