ezXSS : Easy Way For Penetration Testers & Bug Bounty Hunters

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Current Features

Some features ezXSS has

  • Easy to use dashboard with statics, payloads, view/share/search reports and more
  • Payload generator
  • Instant email alert on payload
  • Custom javascript payload
  • Enable/Disable screenshots
  • Prevent double payloads from saving or alerting
  • Block domains
  • Share reports with a direct link or with other ezXSS users
  • Easily manage and view reports in the dashboard
  • Secure your login with extra protection (2FA)
  • The following information is collected on a vulnerable page:
    • The URL of the page
    • IP Address
    • Any page referer (or share referer)
    • The User-Agent
    • All Non-HTTP-Only Cookies
    • All Locale Storage
    • All Session Storage
    • Full HTML DOM source of the page
    • Page origin
    • Time of execution
    • Screenshot of the page
  • its just ez 🙂

Required

  • A host with PHP 7.1 or up
  • A domain name (consider a short one)
  • An SSL if you want to test on https websites (consider Cloudflare or Let’s Encrypt for a free SSL)

Installation

ezXSS is ez to install

  • Clone the repository and put the files in the document root
  • Create an empty database and provide your database information in ‘src/Database.php’
  • Visit /manage/install in your browser and setup a password and email
  • Done! That was ez right?

Also Read – AtomShields CLI : Security Testing Framework For Repositories & Source Code

Demo

For a demo visit demo.ezxss.com/manage with password demo1234. Please note that some features might be disabled in the demo version.

Screenshots

R K

Recent Posts

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

3 hours ago

MODeflattener – Miasm’s OLLVM Deflattener

MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…

3 hours ago

My Awesome List : Tools And Their Functions

"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…

3 hours ago

Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463

CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…

3 hours ago

Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals

The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…

4 hours ago

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

6 hours ago