Jump to content
Sign in to follow this  


Recommended Posts


Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

It provides several options to try to bypass certain filters and various special techniques for code injection.


XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:

- [Imperva]: Imperva Incapsula WAF
- [WebKnight]: WebKnight WAF
- [F5]: F5 Big IP WAF
- [Barracuda]: Barracuda WAF
- [ModSec]: Mod-Security
- [QuickDF]: QuickDefense
- [Chrome]: Google Chrome
- [IE]: Internet Explorer
- [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
- [NS-IE]: Netscape in IE rendering engine mode
- [NS-G]: Netscape in the Gecko rendering engine mode
- [Opera]: Opera

Current version:

XSSer The Hive



URL/Hash Generation Schema:

XSSer The Hive!

XSSer The Hive!

XSSer The Hive!

XSSer The Hive!

XSSer The Hive!

XSSer ZiKA-47 Swarm


  • 2012 at RootedCon | [ Slides: "XSSer - The Cross Site Scripting framework": Spanish ] - [ Video: Spanish ]
  • 2011 at THSF'11 | [ Slides: "XSSer - The Mosquito": English ]
  • 2009 at Cyberspace | [ Paper: "XSS for fun and profit": English | Spanish ]


XSSer runs on many platforms. It requires Python and the following libraries:

  • python-pycurl - Python bindings to libcurl
  • python-xmlbuilder - create xml/(x)html files - Python 2.x
  • python-beautifulsoup - error-tolerant HTML parser for Python
  • python-geoip - Python bindings for the GeoIP IP-to-country resolver library


On Debian-based systems (ex: Ubuntu), run:

sudo apt-get install python-pycurl python-xmlbuilder python-beautifulsoup python-geoip

Source Code:

Xsser can be cloned from different code respositories. This option is a good idea if you want to [ --update ] automatically the tool, every some time.



ex: git clone https://code.03c8.net/epsylon/xsser



ex: git clone https://github.com/epsylon/xsser


XSSer v1.7.2b: "ZiKA-47 Swarm!" :



XSSer v1.6: "Grey Swarm!":



XSSer v1.5: "Swarm Edition!":



XSSer v1.0: "The mosquito":



XSSer is released under the terms of the General Public License v3 and is copyrighted by psy.


This framework is actively looking for new sponsors and funding. If you or your organization has an interest in keeping XSSer, please contact directly.



For donations: [ BTC:19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw ]


Sursa: https://xsser.03c8.net/

Share this post

Link to post
Share on other sites

imi da eroarea asta Traceback (most recent call last):
  File "./xsser", line 22, in <module>
    from core.main import xsser
  File "/root/Desktop/xsser/core/main.py", line 22, in <module>
    from core.main import xsser
ImportError: cannot import name xsser

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...