XAttacker: Website Vulnerability Scanner & Auto Exploiter

XAttacker: Website Vulnerability Scanner & Auto Exploiter

XAttacker is a website vulnerability scanner and auto exploiter which scans websites for different vulnerabilities depending on the content management systems which they use. After finding the vulnerabilities, the tool will generate an exploit for the website and send the user the link of the exploit. 

XAttacker: Website Vulnerability Scanner & Auto Exploiter

XAttacker covers five different content management systems which all have their own unique exploits:

WordPress (Revslider Upload Shell, WP All Import, Gravity Forms, WP Job Manger, Cherry Plugin, etc.)
– Joomla (Com Media, Fabrik, Users, Blog, Weblinks, EXplorer, Jce, etc.)
DruPal (Add Admin, Drupalgeddon)
PrestaShop (columnadverts, homepageadvertise, simpleslideshow, videostab, etc.)
Lokomedia (SQL injection)

Each content management system has their own unique set of exploits which include the ability to send shells, deface the website, access the cPanel or access the database. In total, there are more than 40 different available exploits. The main benefit of this tool is that it automatically checks the content management system on the website, runs each applicable exploit on the website and then returns the link for each successful exploit. For additional options, the developer also provides a premium version for a low fee. The user has the option to check a single website for vulnerabilities or check a whole list of websites for vulnerabilities.


  • This tool will automatically find the CMS of a website and then return any working exploits on the website
  • It supports five different content management systems, including the ever-popular WordPress
  • Exploits cover a wide variety of functions including the ability to inject shells and access the database
  • A premium version is available which allows the user to search for even more exploits

Supported Platforms: 

  • Linux 
  • Windows 
  • Android 


  • perl 

XAttacker Install 


Clone the GitHub repo: 

$ git clone https://github.com/Moham3dRiahi/XAttacker.git 


Download Termux.

Run the following commands in Termux: 

$ git clone https://github.com/Moham3dRiahi/XAttacker.git 
$ cd XAttacker 
$ chmod +x termux-install.sh 
$ bash termux-install.sh 


Download Perl 
Download XAttacker 
Extract XAttacker into Desktop 
Open CMD and type the following commands: 
$ cd Desktop/XAttacker-master/ 


Enter the following command: 

$ perl XAttacker.pl
-l       --list      websites list

XAttacker Premium (Tool) Options:

-l    --list      WebSites List
-mu    --multi    Multithread Mode
-v    --vuln      Fixing A Vulnerability After GET ACCESS
-r    --Random    Random Shell File Name
-p    --Proxy     Connection With Proxy
-t    --tools     Show List Of Best Tools
-s    --seller    Show List Of Blackmarket Sellers Tools 
Documentation Box
Download Box