ezXSS

ezXSS is an easy way to test (blind) XSS.

Current features

Some features ezXSS has

• Easy to use dashboard with statics, payloads, view reports, search reports and more
• Payload generator
• Email alert on payload
• Full page screenshot
• Prevent double payloads from saving or alerting
• Share reports with other ezXSS users
• Easily manage and view reports in the system
• Search for reports in no time
• Secure your system account with extra protection (2FA)
• The following information is collected on a vulnerable page:
  • The URL of the page
  • IP Address
  • Any page referer
  • The User-Agent
  • All Non-HTTP-Only Cookies
  • Full HTML DOM source of the page
  • Page origin
  • Time of execution
• its just ez :-)

Required

• PHP 5.5 or up
• A domain name (consider a short one)
• An SSL (consider Cloudflare or Let's Encrypt for a free SSL)

Installation

ezXSS is ez to install

• Download the 'files' folder and put all the files inside your root
• Create an empty database and provide your database information in '/manage/src/Database.php'
• Go to /manage/install in your browser and setup a password and email
• Done! That was ez right?

Todo

Some things I am planning to add/change in a future version. This list is sorted on how important/fast it is going to be added.

Adding in a future version:

• There is one file left that is not OOP
• Better searching with regex
• Save custom JS for later
• Adding more payloads
• Better share method
• Adding some extra security
• 'Remember me' session
• Page grabbing (& on regex)
• Page alerts or Google Chrome alerts on new report
• Live JS - send JS code LIVE while the person is on the page
• Callback API for alerts on Telegram etc.
• You got ideas?

Why?

If you want to host xsshunter yourself you need a linux server and a Mailgun account. I wanted to create a just PHP version which you can even host on shared hostings or localhost. ezXSS has almost all features that xsshunter has and even more (and adding).

Screenshots