Post a Reply

ezXSS - An Easy Way For Penetration Testers And Bug Bounty Hunters To Test (Blind) Cross Site Script

  1. 9 months ago
    Edited 9 months ago by Men in Black


    ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

    Current features

    Some features ezXSS has

    • Easy to use dashboard with statics, payloads, view/share/search reports and more
    • Payload generator
    • Instant email alert on payload
    • Custom javascript payload
    • Enable/Disable screenshots
    • Prevent double payloads from saving or alerting
    • Block domains
    • Share reports with a direct link or with other ezXSS users
    • Easily manage and view reports in the dashboard
    • Secure your login with extra protection (2FA)
    • The following information is collected on a vulnerable page:
    • The URL of the page
    • IP Address
    • Any page referer (or share referer)
    • The User-Agent
    • All Non-HTTP-Only Cookies
    • All Locale Storage
    • All Session Storage
    • Full HTML DOM source of the page
    • Page origin
    • Time of execution
    • Screenshot of the page
    • its just ez :-)


    • A host with PHP 7.1 or up
    • A domain name (consider a short one)
    • An SSL if you want to test on https websites (consider Cloudflare or Let's Encrypt for a free SSL)


    ezXSS is ez to install

    • Clone the repository and put the files in the document root
    • Create an empty database and provide your database information in 'src/Database.php'
    • Visit /manage/install in your browser and setup a password and email
    • Done! That was ez right?


    For a demo visit with password demo1234. Please note that some features might be disabled in the demo version.







    Download ezXSS


or Sign Up to reply!