/ezXSS

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Primary LanguagePHPMIT LicenseMIT

ezXSS

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Current features

Some features ezXSS has

  • Easy to use dashboard with statics, payloads, view/share/search reports and more
  • Payload generator
  • Instant email alert on payload
  • Custom javascript payload
  • Enable/Disable screenshots
  • Prevent double payloads from saving or alerting
  • Block domains
  • Share reports with a direct link or with other ezXSS users
  • Easily manage and view reports in the dashboard
  • Secure your login with extra protection (2FA)
  • The following information is collected on a vulnerable page:
    • The URL of the page
    • IP Address
    • Any page referer (or share referer)
    • The User-Agent
    • All Non-HTTP-Only Cookies
    • All Locale Storage
    • All Session Storage
    • Full HTML DOM source of the page
    • Page origin
    • Time of execution
    • Screenshot of the page
  • its just ez :-)

Required

  • A host with PHP 7.1 or up
  • A domain name (consider a short one)
  • An SSL if you want to test on https websites (consider Cloudflare or Let's Encrypt for a free SSL)

Installation

ezXSS is ez to install

  • Clone the repository and put the files in the document root
  • Create an empty database and provide your database information in 'src/Database.php'
  • Visit /manage/install in your browser and setup a password and email
  • Done! That was ez right?

Demo

For a demo visit demo.ezxss.com/manage with password demo1234. Please note that some features might be disabled in the demo version.

Screenshots

Dashboard Settings Payload Reports Login