Posts tagged xss


Detecting and exploiting XSS injections using XSSer Tool


what is XSSer

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.

we will test this tool on the vulnerable site.

how to use this too

  1. root@punter:/pentest/web# $ svn co xsser
  2. root@punter:/pentest/web# cd xsser
  3. root@punter:/pentest/web/xsser# python -u “” -g “Search.asp?tfSearch=” –proxy “” –referer “666.666.666.666” –user-agent “correct audit” –Fuzz -s
  4. below are the results

see the above results which is marked with blue and the attack URl we will test the results manually to confirm the XSS vulnerability chk the below screenshot

This Tool Works Perfectly finding XSS using the Automation Process

Security Assessment and Pentest tools Cheat Sheets


Got from my old Bookmarks ,below are some useful Cheat Sheets ,let me know if u found any other cheat sheets i will update the post


Backtrack 4
misc tools
Metasploit Meterpreter

Oracle Security

SQl Injection

Microsoft SQL,Sybase,MySQL,Oracle,PostgreSQL,DB2,IngresBypass SQL Injection Filters
Packetlife Cheatsheets

Ed Skoudis’ Pentest Cheatsheets

Windows commandline tools
Netcat Cheat Sheet
Useful Attack Tools, Metasploit commands, HPing, FGDump

Reverse Engineering Malware Cheat Sheet

Security Archiecture Cheat Sheet for Internet Applications

CEH cheatsheets from Mindcert

Go to Top