Tested Against WAVSEP Version:

The Reflected XSS Detection Accuracy of the Scanner:
Detection AccuracyChart
50.00% Detection Rate
85.71% False Positives
Response TypeInput VectorDetection RateDetails
Reflected XSSHTTP GET (Query String Parameters)33 out of 33Detected: 1-30(1st&2nd),31,32 GET-Experimental: 1-11 (Previously Detected: 1-10,13,14,16,17,19-21,23-25,27,30(2nd),32)
Reflected XSSHTTP POST (Body Parameters)0 out of 33None
False Positive RXSS Test CasesHTTP GET (Query String Parameters)6 out of 71,2,3,4,6,7 (Previously Detected 1,2,6,7)

WAVSEP Scan Log:
I installed XSSer using its Debian/Ubuntu package, started a terminal window and loaded the GTK GUI using the following command:
Xsser --gtk
The tool's arsenal of features is OVERWHELMING (if you just crawl the various menus enough, you'll see them), and covers a variety of detection and exploitation scenarios.
I choose the "intruder" fly mode, marked the "automatic", "crawler", "statistics", "verbose" and "launch", and then the buttons "aim" and "fly".
The tool seemed to be working and scanned the files in the target urls,
(, and later its subdirectories)
And also seemed to be using the OS default browser to perform the various checks, however, some sort of bug caused the tabs and popups to remain open, and it quickly got to the point where firefox would not open any more tabs, and to numerous annoying popups to appear and stay until I clicked them all (about two minutes of clicking).
The results for GET cases were very good, and covered all the test cases and even all the experimental test cases, however, the tool did not seem able to submit html forms, and thus, did not cover any of the post test cases.
Finally, the line "composed" by the GTK GUI included the following commands:
xsser -u -c 200 --Cw 1 --Cl -s -v --launch --user-agent Googlebot/2.1 (+ --threads 5 --timeout 30 --retries 1 --delay 0 --auto
All in all, if this tool would have been actively maintained, had its bugs fixed and had the post/json/xml input vectors covered, it could be a fantastic addition to any pen-tester's arsenal, and in any event could be used as an infrastructure for other open source projects.

The WIVET Score of the Scanner:
Detection AccuracyChart
1.0% Detection Rate

WIVET Scan Log:
I used both the intruder and explorer modes, and after predefining a valid PHPSESSID identifier for wivet, tried scanning both the root directory, menu.php and index.php root files of wivet, while testing this process with both "drop cookie" and without it.
While scanning menu.php, XSSer manages to parse and identify all the menu links (but fails to do so if referred to the root /wivet/ directory or to the frame containing index.php page). However, in all scenarios, XSSer did not identify the various pages that counted in wivet's score, and thus, although it did manage to crawl the menu pages, its score (from wivet's perspective) was 0%.
Since I couldn't truly assign a 0% score to a scanner that did manage to crawl some pages (or all the GET pages of wavsep for that matter), I assigned a symbolic score of 1%, to signify that the scanner is somehow working.

Copyright © 2010-2016 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.