ezXSS : Easy Way For Penetration Testers & Bug Bounty Hunters

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Current Features

Some features ezXSS has

Easy to use dashboard with statics, payloads, view/share/search reports and more
Payload generator
Instant email alert on payload
Custom javascript payload
Enable/Disable screenshots
Prevent double payloads from saving or alerting
Block domains
Share reports with a direct link or with other ezXSS users
Easily manage and view reports in the dashboard
Secure your login with extra protection (2FA)
The following information is collected on a vulnerable page:
- The URL of the page
- IP Address
- Any page referer (or share referer)
- The User-Agent
- All Non-HTTP-Only Cookies
- All Locale Storage
- All Session Storage
- Full HTML DOM source of the page
- Page origin
- Time of execution
- Screenshot of the page
its just ez 🙂

Required

A host with PHP 7.1 or up
A domain name (consider a short one)
An SSL if you want to test on https websites (consider Cloudflare or Let’s Encrypt for a free SSL)

Installation

ezXSS is ez to install

Clone the repository and put the files in the document root
Create an empty database and provide your database information in ‘src/Database.php’
Visit /manage/install in your browser and setup a password and email
Done! That was ez right?

Demo

For a demo visit demo.ezxss.com/manage with password demo1234. Please note that some features might be disabled in the demo version.

Screenshots

Download

R K