ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
I am happy to announce the release of ezXSS v4.2, marking a significant milestone in XSS attacks and web security. Building on the foundation laid by v4.0's complete recoded codebase and v4.1's introduction of persistent XSS sessions with reverse proxy, v4.2 brings improvements in performance, compatibility, and usability.
A lot of changes and a lot of big improvements. Updating to this version is highly recommended as you might not receive all reports you should receive with your current version. All information about installing, updating and using ezXSS can be found on the GitHub wiki: https://github.com/ssl/ezXSS/wiki
What's New in v4.2?
Changelog Highlights:
Given the substantial feature expansion from ezXSS v3.x, the transition might be quite extensive. All these functionalities are elaborated in our wiki. With over 3000 lines of code enhancements since v4.1, v4.2 is the definitive, production-ready package designed to test your web applications against XSS vulnerabilities.
Your feedback and contributions have been important in shaping ezXSS into the robust tool it is today. Thanks everyone for using ezXSS and please consider supporting the project by submitting new code, feature requests, issue reporting or by donating through Github Sponsors <3.
Introducing ezXSS v4.1, a extensive upgrade that takes the excellence of ezXSS v4.0 to the next level. With a plethora of features focusing on XSS payload persistence, reverse proxying, log storage, and much more, this version aims to enhance the experience and efficiency significantly. This version includes at least the following new features and improvements:
Given the substantial feature expansion from ezXSS v3.x, the transition might be quite extensive. To ensure a good understanding, we have elaborated on all these functionalities in our wiki. Visit github.com/ssl/ezXSS/wiki for a comprehensive guide to all the latest enhancements. Thanks everyone for using ezXSS and please consider supporting the project by submitting new code, feature requests, issue reporting or by donating through Github Sponsors <3.
I am excited to announce the release of ezXSS v4.0, a major update to the XSS tool. This version includes at least the following new features and improvements:
It is highly recommended to update to ezXSS v4.0, as version 3.x will no longer be supported due to its old codebase. If you are currently running an older version of ezXSS, please make sure to first update to version >3.10 before upgrading to v4.0. Also, after updating, the default username will be "admin".
Thank you for your continued support and I hope you enjoy using the new and improved ezXSS v4.0!
The official release of ezXSS v3.10. This update brings some great new features and fixes.
What is new in ezXSS v3.10?
ezXSS v3.9 is a big update in terms of performance, styling and functionality. In case you working with company's that don't like you to collect all information that ezXSS can collect, you can now select what you want to collect and what not.
Also, there is a new theme called 'Green' which gives a new experience to ezXSS. I endorse people to create their own themes and create a pull request for it! (Have a look and copy at green.css
).
This version brings some small but handy features and bug fixes.
ezXSS v3.7 makes it possible to run ezXSS in Docker, and fixes some small things. If updating from 3.6 to 3.7; remove config.ini and rename the new .env.example to .env.
Thanks for using ezXSS!
Thanks for using ezXSS! 3.6 brings some new features and bug fixes.
In order to update ezXSS 3.x to 3.6 you need to rename config.ini.example to config.ini and fill in your database information. Your database information is no longer stored in the Database.php.
Changelog:
Fixed #56, bug on deleting reports on page 2 or up Fixed and added #55, custom send mail from Added config file Renamed some things Fixed some other small bugs
v3.5 makes it possible to use multiple payload (links). Add a custom string after your payload link to distinguish insert points.
If you need a complete custom script you can now add a javascript file to the templates folder and ezXSS will serve this. See /custom (/templates/custom.js) for an example.
ezXSS 3.4 makes it possible to select multiple reports and delete or archive them. It also adds the ability to share, delete or archive a report within the report page.
I will try to add more small feature requests before a possible 4.0 release. If you have any let me know. Thanks again for using ezXSS!