ezXSS v4.2 releases: help find and exploit blind cross-site scripting (XSS) vulnerabilities

ezXSS

ezXSS

ezXSS is a tool that is designed to help find and exploit cross-site scripting (XSS) vulnerabilities. One of the key features of ezXSS is its ability to identify and exploit blind XSS vulnerabilities, which can be difficult to find using traditional methods.

Once an ezXSS payload is placed, the user must wait until it is triggered, at which point ezXSS will store and alert the user all the information of the vulnerable page. These reports can then be used to further identify and track important data. Payloads can even be updated to make the XSS persistent, allowing to track the infected user over all visited pages and open a reverse proxy.

Features

  • Easy to use dashboard with settings, statistics, payloads, view/share/search reports
  • 🆕 Persistent XSS sessions with reverse proxy aslong as the browser is active
  • Manage unlimited users with permissions to personal payloads & their reports
  • Instant alerts via mail, Telegram, Slack, Discord or custom callback URL
  • Custom extra javascript payloads
  • Custom payload links to distinguish insert points
  • Extract additional pages, block, whitelist and other filters
  • Secure your login with Two-factor (2FA)
  • The following information can be collected on a vulnerable page:
    • The URL of the page
    • IP Address
    • Any page referer (or share referer)
    • The User-Agent
    • All Non-HTTP-Only Cookies
    • All Locale Storage
    • All Session Storage
    • Full HTML DOM source of the page
    • Page origin
    • Time of execution
    • Payload URL
    • Screenshot of the page
    • Extract additional defined pages
  • Triggers in all browsers, starting from Chrome 3+, IE 8+, Firefox 4+, Opera 10.5+, Safari 4+
  • much much more, and, its just ez 🙂

Changelog v4.2

What’s New in v4.2?

  • Enhanced Performance: Up to 80% improvement in speed across the dashboard and reports, thanks to optimized data handling, compressing data and query improvements.
  • More Compatibility: Payloads now trigger across a wider range of browsers, including older versions (IE8+, Chrome 3+, Firefox 4+, Safari 4+).
  • Simplified Docker Installation: Updated Docker support with automatic certificate installation simplifies setup.
  • One-Click Update: Seamlessly upgrade to v4.2 from as far back as v2.0
  • New Features: Introducing the ezXSS Payload Tester, customizing storing methods, a “shortboost!” button and much more.

Changelog Highlights:

  • Major speed optimizations for dashboard and report interactions.
  • Extended payload compatibility with older browsers and protocols.
  • Docker enhancements for effortless installation and certification.
  • New option to store screenshot either in the database or as file on the server
  • New option to store big reports/session data as plaintext or compressed
  • Comprehensive updates to user agent lists, data fetching via API, logging, and more data table integration.
  • New payload features, including a copy-to-clipboard button and more example payloads.
  • New theme, alongside other design and usability improvements across the platform.
  • Significant bug fixes in report generation, cookie copying, persistent pages, queries and much more.

Installation & Use

Copyright (c) 2018 Elyesa (ezXSS)

Source: https://github.com/ssl/