ezXSS - An Easy Way For Penetration Testers And Bug Bounty Hunters To Test (Blind) XSS

Current features

Some features ezXSS has

• Easy to use dashboard with statics, payloads, view/share/search reports and more
• Payload generator
• Instant email alert on payload
• Custom javascript payload
• Enable/Disable screenshots
• Prevent double payloads from saving or alerting
• Block domains
• Share reports with a direct link or with other ezXSS users
• Easily manage and view reports in the dashboard
• Secure your login with extra protection (2FA)
• The following information is collected on a vulnerable page:
  • The URL of the page
  • IP Address
  • Any page referer (or share referer)
  • The User-Agent
  • All Non-HTTP-Only Cookies
  • All Locale Storage
  • All Session Storage
  • Full HTML DOM source of the page
  • Page origin
  • Time of execution
  • Screenshot of the page
• its just ez :-)

Required

• A host with PHP 7.1 or up
• A domain name (consider a short one)
• An SSL if you want to test on https websites (consider Cloudflare or Let's Encrypt for a free SSL)

Installation

ezXSS is easy to install

• Clone the repository and put the files in the document root
• Create an empty database and provide your database information in 'src/Database.php'
• Visit /manage/install in your browser and setup a password and email
• Done! That was easy right?

Demo

For a demo visit demo.ezxss.com/manage with password demo1234. Please note that some features might be disabled in the demo version.

Screenshots

Github Page: https://github.com/ssl/ezXSS