ssl/ezXSS
Stars: 1664
Forks: 328
Pull Requests: 40
Issues: 92
Watchers: 51
Last Updated: 2023-08-02 14:44:43
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
License: MIT License
Languages: PHP, JavaScript, HTML, CSS, Dockerfile, Shell, Python
ezXSS is an easy way for penetration testers and bug
bounty hunters to test (blind) Cross Site Scripting.
Features
- Easy to use dashboard with settings, statistics, payloads, view/share/search reports
- 🆕 Persistent XSS sessions with reverse proxy aslong as the browser is active
- Unlimited users with permissions to personal payloads & their reports
- Instant alerts via mail, Telegram, Slack, Discord or custom callback URL
- Custom javascript payloads
- Custom payload links to distinguish insert points
- Extract additional pages, block, whitelist and other filters
- Secure your login with Two-factor (2FA)
- The following information can be collected on a vulnerable page:
- The URL of the page
- IP Address
- Any page referer (or share referer)
- The User-Agent
- All Non-HTTP-Only Cookies
- All Locale Storage
- All Session Storage
- Full HTML DOM source of the page
- Page origin
- Time of execution
- Payload URL
- Screenshot of the page
- Extract additional defined pages
- much much more, and, its just ez :-)
Required
- Server or webhosting with PHP 7.1 or up
- Domain name (consider a short one or check out shortboost)
- SSL Certificate to test on https websites (consider Cloudflare or Let's Encrypt for a free SSL)
Installation
ezXSS is ez to install with Apache, NGINX or Docker
visit the wiki for installation instructions.
Explore ezXSS hassle free
Interested in using ezXSS but not keen on installing it? Worry not! You can access and start using ezXSS with a free account on ez.pe. Simply sign up and get started without any installation hassle.
Additionally, if you'd like to explore and test the tool before committing, there is a demo environment with admin account available at demo.ezxss.com/manage.
Please note that some features might be disabled or limited in both the free account on ez.pe and the demo environment. These limitations are in place to maintain the integrity and security of the platforms. However, you can still get a good grasp of the tool's capabilities and decide after to install it yourself.
OPEN ISSUES
See all- Provide example docker-compose for using the Docker Hub image by @Flightkick
- Fix msmtprc in Docker Hub image by @Flightkick
- ERROR: Service 'ezxss' failed to build : Build failed by @0ps
- Failed to open stream: Permission denied with error 500 on /callback by @fuomag9
- Feature Request: Multiple Users/Subdomains by @GlitchWitch
- No report received by @luchua-bc
- No SSL instructions for Docker by @Tedixx
- Environment variables (Docker) by @ThomasOrlita
- Reset password by @p0intsec
- Invalid "msmtp" group error in docker by default by @lmaxyz
RELEASES
See all- ezXSS v1.0 by @ssl
- ezXSS v1.2 by @ssl
- ezXSS v1.3 by @ssl
- ezXSS v1.4 by @ssl
- ezXSS v1.5 by @ssl
- ezXSS v1.6 by @ssl
- ezXSS v2.0 by @ssl
- ezXSS v2.1 by @ssl
- ezXSS v2.2 by @ssl
- ezXSS v2.3 by @ssl
- ezXSS v3.0 by @ssl
- ezXSS v3.1 by @ssl
- ezXSS v3.2 by @ssl
- ezXSS v3.3 by @ssl
- ezXSS v3.4 by @ssl
- ezXSS v3.5 by @ssl
- ezXSS v3.6 by @ssl
- ezXSS v3.7 by @ssl
- ezXSS v3.8 by @ssl
- ezXSS v3.9 by @ssl
- ezXSS v3.10 by @ssl
- ezXSS v4.1 by @ssl
- ezXSS v4.0 by @ssl