Skip to content
/ ezXSS Public
forked from ssl/ezXSS

ezXSS is an easy way to test (blind) XSS

Notifications You must be signed in to change notification settings

why/ezXSS

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
 
 
 
 

Repository files navigation

ezXSS

ezXSS is an easy way to test (blind) XSS.

Current features

Some features ezXSS has

  • Easy to use dashboard with statics, payloads, view reports, search reports and more
  • Payload generator on dashboard
  • Email alert on payload
  • Full page screenshot
  • The following information is collected everytime a probe fires on a vulnerable page: (c xsshunter)
    • The vulnerable page's URI
    • Origin of Execution
    • The Victim's IP Address (and proxy IPs)
    • The Page Referer
    • The Victim's User Agent
    • All Non-HTTP-Only Cookies
    • The Page's Full HTML DOM
    • Full Screenshot of the Affected Page
  • its just ez :-)

Installation

ezXSS is ez to install

  • Download the 'files' folder and put all the files inside your root (without the 'files' folder)
  • Create an empty database and provide your database information in '/manage/src/Database.php' (also set isSet on true)
  • Go to yoursite.com/install.php and setup a username, password and alert email
  • Make sure the install.php file is deleted and the XSS works, try the XSS on w3schools or codepen.
  • Login to your account via yoursite.com/manage/login to view stats, reports, seach reports, get payloads and update settings.

Todo

Some things I am planning to add/change in a future version. This list is sorted on how important/fast it is going to be added.

  • Planning to recode the whole JS file to a small lightweight version.
  • Remove all not-used CSS because CSS is currently bigger than everything else combined
  • Cleanup code in Components
  • Cleanup code overal, there is some bad-practice code thats need to be fixed
  • Page alerts
  • Live JS - send JS code LIVE while the person is on the page
  • Page grabbing (& on regex)
  • You got ideas?

Why?

If you want to host xsshunter yourself you need a linux server and a Mailgun account. I wanted to create a just PHP version which you can even host on shared hostings or localhost. ezXSS has the most important features that xsshunter has (and more ezXSS-only adding). The idea and the JS file of ezXSS is based on xsshunter, all other files are self made.

Screenshots

View report

About

ezXSS is an easy way to test (blind) XSS

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • CSS 57.2%
  • PHP 20.7%
  • HTML 19.2%
  • JavaScript 2.4%
  • ApacheConf 0.5%