Home

Awesome

<p align="center"> <img src="https://i.imgur.com/oPtfbDG.png"><br> ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.<br><br> <img src="https://img.shields.io/github/release/ssl/ezXSS?style=flat"> <img src="https://img.shields.io/github/issues/ssl/ezXSS?style=flat"> <img src="https://img.shields.io/github/forks/ssl/ezXSS?style=flat"> <img src="https://img.shields.io/github/stars/ssl/ezXSS?style=flat"> <img src="https://img.shields.io/github/license/ssl/ezXSS?style=flat"> </p> <hr> ezXSS is a tool that is designed to help find and exploit cross-site scripting (XSS) vulnerabilities. One of the key features of ezXSS is its ability to identify and exploit blind XSS vulnerabilities, which can be difficult to find using traditional methods. <br><br> Once an ezXSS payload is placed, the user must wait until it is triggered, at which point ezXSS will store and alert the user all the information of the vulnerable page. These reports can then be used to further identify and track important data. Payloads can even be updated to make the XSS persistent, allowing to track the infected user over all visited pages and open a reverse proxy.

Features

Required

Installation

ezXSS is ez to install with Apache, NGINX or Docker

visit the wiki for installation instructions.

Explore ezXSS hassle free

Interested in using ezXSS but don't want to install it yet? Worry not! You can access and start using ezXSS with a free account on ez.pe. Simply sign up and get started without any installation hassle.

Additionally, if you'd like to explore and test the tool before committing, there is a demo environment with admin account available at demo.ezxss.com/manage.

Please note that some features might be disabled or limited in both the free account on ez.pe and the demo environment. These limitations are in place to maintain the integrity and security of the platforms. However, you can still get a good grasp of the tool's capabilities and decide after to install it yourself.

Sponsors

Maintenance of this project is made possible by all the contributors and sponsors. I've personally worked for over 8 years on this project, taking hundreds of hours from my time. Please kindly consider becoming a sponsor, so I can continue maintaining and improving ezXSS as well as creating and releasing new projects. Current sponsors:

<p align="center"> <!-- sponsors --><a href="https://github.com/geeknik"><img src="https:&#x2F;&#x2F;github.com&#x2F;geeknik.png" width="60px" alt="geeknik" /></a>&nbsp;&nbsp;<a href="https://github.com/GlitchSecure"><img src="https:&#x2F;&#x2F;github.com&#x2F;GlitchSecure.png" width="60px" alt="GlitchSecure" /></a>&nbsp;&nbsp;<a href="https://github.com/vaadata"><img src="https:&#x2F;&#x2F;github.com&#x2F;vaadata.png" width="60px" alt="vaadata" /></a>&nbsp;&nbsp;<!-- sponsors --> <br><br><a href="https://github.com/sponsors/ssl">Become a sponsor</a> </p>