lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 23 Sep 2019 10:46:02 +0200
From: psy <epsylon@...eup.net>
To: fulldisclosure@...lists.org
Subject: [FD] XSSer v.1.8[1] - "The Hive!" released

Hi FD,

I am glad to present a new release of this tool:

  - https://xsser.03c8.net

---------

"Cross Site "Scripter" (aka XSSer) is an automatic -framework- to
detect, exploit and report XSS vulnerabilities in web-based
applications. It provides several options to try to bypass certain
filters and various special techniques for code injection."

---------

XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can
bypass-exploit code on several browsers/WAFs:

 - [PHPIDS]: PHP-IDS
 - [Imperva]: Imperva Incapsula WAF
 - [WebKnight]: WebKnight WAF
 - [F5]: F5 Big IP WAF
 - [Barracuda]: Barracuda WAF
 - [ModSec]: Mod-Security
 - [QuickDF]: QuickDefense
 - [Chrome]: Google Chrome
 - [IE]: Internet Explorer
 - [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
 - [NS-IE]: Netscape in IE rendering engine mode
 - [NS-G]: Netscape in the Gecko rendering engine mode
 - [Opera]: Opera

---------

This release (v1.8.1) called "The Hive!" has added this new features:

 * Re-factorized: Main(), Hashers, Payloaders, Reporters, Exporters...
 * Removed: deprecated features
 * Removed: --no-head (from default)
 * Added: --check-tor, --auto-set, --auto-info and --auto-random
 * Added: new search engines: duck, startpage
 * Added: new dorks (Total: 40)
 * Added: Anti-antiXSS Firewall rules (Firefox, IE, Opera, Chrome)
 * Modified/Updated: DCP (Data Control Protocol) method
 * Modified/Updated: HTTPrs (HTTP Response Splitting) injections
 * Modified/Updated: GTK+
 * Modified/Updated: Crawler/Spidering
 * Updated: "Extra Attacks" (XSA, XSR, COOKIE)
 * Updated: Automatic XSS vectors list (Total: 1326)
 * Updated: XSSer tool updater
 * Updated: Documentation
 * [...]

---------

Media/Contribution:

  - https://xsser.03c8.net/xsser/hive.webm

---------

Code/Packages:

  * [source]:

  - https://code.03c8.net/epsylon/xsser

  * [mirror]:

  - https://github.com/epsylon/xsser

--------

  * [.zip]:

  - https://xsser.03c8.net/xsser/xsser_1.8-1.zip

  * [.tar.gz]:

  - https://xsser.03c8.net/xsser/xsser_1.8-1.tar.gz

-------------------------

Happy "Cross" Hacking! ;-)


Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists