Tool and Usage
- Year of inception
- CC BY-SA 3.0
- Programming language
- Hans-Michael Varbaek
- Latest release
- Latest release date
Why this tool?
XXSER helps to get from XSS to Remote Code Execution (RCE). It provides custom tools and payloads integrated with Metasploit's Meterpreter. The goal is to automate as much as possible.
Usage and audience
XSSER is commonly used for penetration testing, security assessment, or web application analysis. Target users for this tool are pentesters and security professionals.
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code of this software is available
- - Minimal or no documentation available
History and highlights
- Demo at Black Hat Europe 2015 Arsenal
- Demo at Black Hat Europe 2016 Arsenal
- Demo at Black hat Europe 2017 Arsenal
Supported operating systems
XSSER is known to work on Linux.
Similar tools to XSSER:
XSStrike is tool for penetration testers and developers to test web applications. It scans a web application for any possible cross-site scripting weakness. With its own fuzzing engine, it might find rare issues. XSStrike can also discover the presence of a web application firewall (WAF).
XSS Hunter helps with finding XSS attacks and trigger a warning when one is succesful. It exists as an online service, or self-hosted installation.
This tool page was updated at . Found an improvement? Help the community by submitting an update.
Related tool information
- Cross-site scripting (XSS) is the name that refers to a particular weakness in web application security. The weakness is caused by incorrect handling of data input, such as cookie data, URL, or HTTP request parameters. The issue with the weak input sanitization is that some of the data may be returned to the user and perform custom script execution.