ezXSS
ezXSS is an easy way to test (blind) XSS.
Current features
Some features ezXSS has
- Easy to use dashboard with statics, payloads, view reports, search reports and more
- Payload generator
- Email alert on payload
- Full page screenshot
- Prevent double payloads from saving or alerting
- Share reports with other ezXSS users
- Easily manage and view reports in the system
- Search for reports in no time
- Secure your system account with extra protection (2FA)
- The following information is collected on a vulnerable page:
- The URL of the page
- IP Address
- Any page referer
- The User-Agent
- All Non-HTTP-Only Cookies
- Full HTML DOM source of the page
- Page origin
- Time of execution
- its just ez :-)
Required
- PHP 5.5 or up
- A domain name (consider a short one)
- An SSL (consider Cloudflare or Let's Encrypt for a free SSL)
Installation
ezXSS is ez to install
- Download the 'files' folder and put all the files inside your root
- Create an empty database and provide your database information in '/manage/src/Database.php'
- Go to /manage/install in your browser and setup a password and email
- Done! That was ez right?
Todo
Some things I am planning to add/change in a future version. This list is sorted on how important/fast it is going to be added.
Adding in a future version:
- There is one file left that is not OOP
- Better searching with regex
- Save custom JS for later
- Adding more payloads
- Better share method
- Adding some extra security
- 'Remember me' session
- Page grabbing (& on regex)
- Page alerts or Google Chrome alerts on new report
- Live JS - send JS code LIVE while the person is on the page
- Callback API for alerts on Telegram etc.
- You got ideas?
Why?
If you want to host xsshunter yourself you need a linux server and a Mailgun account. I wanted to create a just PHP version which you can even host on shared hostings or localhost. ezXSS has almost all features that xsshunter has and even more (and adding).