ezXSS is an easy way to test (blind) Cross Site Scripting.
Some features ezXSS has
- Easy to use dashboard with statics, payloads, view/share/search reports and more
- Payload generator
- Instant email alert on payload
- Custom javascript for extra testing
- Prevent double payloads from saving or alerting
- Share reports with other ezXSS users
- Easily manage and view reports in the system
- Search for reports in no time
- Secure your system account with extra protection (2FA)
- The following information is collected on a vulnerable page:
- The URL of the page
- IP Address
- Any page referer (or share referer)
- The User-Agent
- All Non-HTTP-Only Cookies
- Full HTML DOM source of the page
- Page origin
- Time of execution
- its just ez :-)
- PHP 5.5 or up
- A domain name (consider a short one)
- An SSL if you want to test on https websites (consider Cloudflare or Let's Encrypt for a free SSL)
ezXSS is ez to install
- Download the 'files' folder and put all the files inside your root
- Create an empty database and provide your database information in '/manage/src/Database.php'
- Go to /manage/install in your browser and setup a password and email
- Done! That was ez right?
Some things I am planning to add/change in future versions.
I'm currently busy with ezXSS 3.0.
- Cleaner dashboard
- Enable/Disable screenshots
- Finishing the API
- Adding SMS/Slack/Telegram notifications
- Fully OOP based
- Page grabbing
- Live JS - send JS code LIVE while the person is on the page
- You got ideas?
