XAttacker is a is a perl website tool to vulnerability scanner & auto exploiter, which you can use to find vulnerability in your website or you can use this tool to Get Shells, Sends, Deface, cPanels & Databases.

Currently tol is supported by CMS like WordPress, Joomla, Drupal, PrestaShop, and LokoMedia.

Also Read Blind-Bash : Project To Obfuscate Your Bash Code

XAttacker Installation

Linux Installation

git clone
cd XAttacker

Windows Installation

Download Perl
Download XAttacker
Extract XAttacker into Desktop
Open CMD and type the following commands:
cd Desktop/XAttacker-master/

Android Installation

git clone
cd XAttacker
chmod +x


Scan and Exploit Examples

  • If you have list of target websites saved in text file(list.txt) then you can run tool with this command line

perl -l list.txt

  • If you don’t have list of target websites then run the tool with this command below