ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
MIT License
Bot releases are hidden (Show)
I am happy to announce the release of ezXSS v4.2, marking a significant milestone in XSS attacks and web security. Building on the foundation laid by v4.0's complete recoded codebase and v4.1's introduction of persistent XSS sessions with reverse proxy, v4.2 brings improvements in performance, compatibility, and usability.
A lot of changes and a lot of big improvements. Updating to this version is highly recommended as you might not receive all reports you should receive with your current version. All information about installing, updating and using ezXSS can be found on the GitHub wiki: https://github.com/ssl/ezXSS/wiki
What's New in v4.2?
Changelog Highlights:
Given the substantial feature expansion from ezXSS v3.x, the transition might be quite extensive. All these functionalities are elaborated in our wiki. With over 3000 lines of code enhancements since v4.1, v4.2 is the definitive, production-ready package designed to test your web applications against XSS vulnerabilities.
Your feedback and contributions have been important in shaping ezXSS into the robust tool it is today. Thanks everyone for using ezXSS and please consider supporting the project by submitting new code, feature requests, issue reporting or by donating through Github Sponsors <3.
Published by ssl over 1 year ago
Introducing ezXSS v4.1, a extensive upgrade that takes the excellence of ezXSS v4.0 to the next level. With a plethora of features focusing on XSS payload persistence, reverse proxying, log storage, and much more, this version aims to enhance the experience and efficiency significantly. This version includes at least the following new features and improvements:
Given the substantial feature expansion from ezXSS v3.x, the transition might be quite extensive. To ensure a good understanding, we have elaborated on all these functionalities in our wiki. Visit github.com/ssl/ezXSS/wiki for a comprehensive guide to all the latest enhancements. Thanks everyone for using ezXSS and please consider supporting the project by submitting new code, feature requests, issue reporting or by donating through Github Sponsors <3.
Published by ssl over 1 year ago
I am excited to announce the release of ezXSS v4.0, a major update to the XSS tool. This version includes at least the following new features and improvements:
It is highly recommended to update to ezXSS v4.0, as version 3.x will no longer be supported due to its old codebase. If you are currently running an older version of ezXSS, please make sure to first update to version >3.10 before upgrading to v4.0. Also, after updating, the default username will be "admin".
Thank you for your continued support and I hope you enjoy using the new and improved ezXSS v4.0!
Published by ssl over 3 years ago
The official release of ezXSS v3.10. This update brings some great new features and fixes.
What is new in ezXSS v3.10?
Published by ssl almost 4 years ago
ezXSS v3.9 is a big update in terms of performance, styling and functionality. In case you working with company's that don't like you to collect all information that ezXSS can collect, you can now select what you want to collect and what not.
Also, there is a new theme called 'Green' which gives a new experience to ezXSS. I endorse people to create their own themes and create a pull request for it! (Have a look and copy at green.css
).
Published by ssl about 4 years ago
This version brings some small but handy features and bug fixes.
Published by ssl about 4 years ago
ezXSS v3.7 makes it possible to run ezXSS in Docker, and fixes some small things.
If updating from 3.6 to 3.7; remove config.ini and rename the new .env.example to .env.
Thanks for using ezXSS!
Published by ssl about 4 years ago
Thanks for using ezXSS! 3.6 brings some new features and bug fixes.
In order to update ezXSS 3.x to 3.6 you need to rename config.ini.example to config.ini and fill in your database information. Your database information is no longer stored in the Database.php.
Changelog:
Fixed #56, bug on deleting reports on page 2 or up
Fixed and added #55, custom send mail from
Added config file
Renamed some things
Fixed some other small bugs
Published by ssl about 4 years ago
v3.5 makes it possible to use multiple payload (links). Add a custom string after your payload link to distinguish insert points.
If you need a complete custom script you can now add a javascript file to the templates folder and ezXSS will serve this. See /custom (/templates/custom.js) for an example.
Published by ssl about 4 years ago
ezXSS 3.4 makes it possible to select multiple reports and delete or archive them. It also adds the ability to share, delete or archive a report within the report page.
I will try to add more small feature requests before a possible 4.0 release. If you have any let me know. Thanks again for using ezXSS!
Published by ssl about 4 years ago
ezXSS 3.3 is a small update before the 4.0 release. I've refactored some code and added a kill switch.
It would probably still take some time before 4.0 will be released. More 3.x releases can be expected.
Thanks for using ezXSS!
Published by ssl over 4 years ago
ezXSS 3.2 is now available! This release fixes some bugs and security issues. ezXSS 3.1 and 3.0 are affected by these bugs, which are fixed in version 3.2. You should update to prevent information disclosure.
Changelog:
Thanks to @54Pany and @geeknik
Published by ssl almost 5 years ago
Quick update.
3.1 Changelog:
Will be working on v4.0 soon with a new codebase. Open for ideas and feedback.
Published by ssl over 5 years ago
Thanks for using ezXSS. After I quit working on this project for more than a year, the new release is here.
Update log ezXSS 3.0:
If you have any feedback, suggestions or found a bug please let me know.
Execute this SQL to update from 2.x to 3.0:
INSERT INTO `settings` (`id`, `setting`, `value`) VALUES (NULL, 'screenshot', '0');
ALTER TABLE `reports` ADD `screenshot` LONGTEXT NULL DEFAULT NULL AFTER `archive`, ADD `localstorage` LONGTEXT NULL DEFAULT NULL AFTER `archive`, ADD `sessionstorage` LONGTEXT NULL DEFAULT NULL AFTER `archive`, ADD `shareid` VARCHAR(50) NOT NULL AFTER `id`;
UPDATE `reports` SET `shareid` = concat(
lpad(conv(floor(rand()*pow(36,8)), 10, 36), 8, 0),
lpad(conv(floor(rand()*pow(36,8)), 10, 36), 8, 0),
lpad(conv(floor(rand()*pow(36,8)), 10, 36), 8, 0),
lpad(conv(floor(rand()*pow(36,8)), 10, 36), 8, 0)
);
Published by ssl over 6 years ago
Hey! Because of massive interests in ezXSS, I decided to release a small update.
I am currently busy with ezXSS 3.0, stay tuned!
Published by ssl almost 7 years ago
The great release with great new functions. It is here.
This version contains:
If you find any bugs or have a great idea, let me know! Next version with API and a new feature you would love (suggested by @dev) coming soon!
Published by ssl almost 7 years ago
ezXSS is a bit optimized. Some templates are removed and integrated into the framework.
Screenshots are temporary removed. I noticed that on some sites the callback was not called because of an issue with making the screenshot. Will try to fix this soon.
Please leave any positive or negative feedback, it helps!
Published by ssl over 7 years ago
The release of the first official ezXSS! Welcome to 2.0.
This version has a lot of new features and fixes, some of the main things:
Please leave any positive or negative feedback, it helps!
Published by ssl over 7 years ago
It is here, ezXSS version 1.6
What is fixed?
What is added?
The next version will include even more great functions! Including ez installation and updating.
Published by ssl over 7 years ago
Here it is: ezXSS v1.5
What is changed?
Soon I will release v1.6 with allot of new features.