Post a Reply
31 views

ezXSS - An Easy Way For Penetration Testers And Bug Bounty Hunters To Test (Blind) Cross Site Script

  1. 2 weeks ago
    Edited 2 weeks ago by Men in Black

    ezXSS_2.png

    ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

    Current features

    Some features ezXSS has

    • Easy to use dashboard with statics, payloads, view/share/search reports and more
    • Payload generator
    • Instant email alert on payload
    • Custom javascript payload
    • Enable/Disable screenshots
    • Prevent double payloads from saving or alerting
    • Block domains
    • Share reports with a direct link or with other ezXSS users
    • Easily manage and view reports in the dashboard
    • Secure your login with extra protection (2FA)
    • The following information is collected on a vulnerable page:
    • The URL of the page
    • IP Address
    • Any page referer (or share referer)
    • The User-Agent
    • All Non-HTTP-Only Cookies
    • All Locale Storage
    • All Session Storage
    • Full HTML DOM source of the page
    • Page origin
    • Time of execution
    • Screenshot of the page
    • its just ez :-)

    Required

    • A host with PHP 7.1 or up
    • A domain name (consider a short one)
    • An SSL if you want to test on https websites (consider Cloudflare or Let's Encrypt for a free SSL)

    Installation

    ezXSS is ez to install

    • Clone the repository and put the files in the document root
    • Create an empty database and provide your database information in 'src/Database.php'
    • Visit /manage/install in your browser and setup a password and email
    • Done! That was ez right?

    Demo

    For a demo visit http://demo.ezxss.com/manage/login with password demo1234. Please note that some features might be disabled in the demo version.

    Screenshots


    ezXSS_2.png

    ezXSS_1.png

    ezXSS_3.png

    ezXSS_4.png

    ezXSS_5.png

    Download ezXSS
    ezXSS-master.zip

 

or Sign Up to reply!