ezXSS — For Testing (Blind) Cross Site Scripting
ezXSS is a tool that eases the way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Current features
Some features ezXSS has
An easy to use dashboard with statics, payloads, view/share/search reports and moreA payload generatorAn instant email alert on payloadA custom javascript payloadAn Enable/Disable screenshotsAn avenue for preventing double payloads from saving or alertingA block domainsTo share/distribute reports with a direct link or with other ezXSS usersEasily manage and view reports in the dashboardSecure your login with extra protection (2FA)The following information is collected on a vulnerable page:The URL of the pageIP AddressAny page referer (or share referer)The User-AgentAll Non-HTTP-Only CookiesAll Locale StorageAll Session StorageFull HTML DOM source of the pagePage originTime of executionScreenshot of the pageits just easy :-)
Required
A host with PHP 7.1 or upA domain name (consider a short one)There must be an SSL if you want to test on https websites (consider Cloudflare or Let’s Encrypt for a free SSL)
Installation
ezXSS is easy to install
Should duplicate the repository and put the files in the document rootShould create an empty database and provide your database information in ‘src/Database.php’Visit /manage/install in your browser and setup a password and emailDone! That was easy right?
Demo
For a demo visit demo.ezxss.com/manage with password demo1234. Please note that some features might be disabled in the demo version.