ssl / Ezxss
Licence: mit
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022
Projects that are alternatives of or similar to Ezxss
Payloadsallthethings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+3120.06%)
Mutual labels: penetration-testing, payload, bugbounty
Awesome Vulnerable Apps
Awesome Vulnerable Applications
Stars: ✭ 180 (-82.39%)
Mutual labels: penetration-testing, bugbounty, bug
Xss Payload List
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+156.07%)
Mutual labels: xss, payload, bugbounty
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (-71.23%)
Mutual labels: xss, penetration-testing, bugbounty
Pentest Guide
Penetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+28.77%)
Mutual labels: penetration-testing, payload, bugbounty
Payloads
Payload Arsenal for Pentration Tester and Bug Bounty Hunters
Stars: ✭ 421 (-58.81%)
Mutual labels: penetration-testing, bugbounty, payload
Xspear
Powerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (-42.95%)
Mutual labels: xss, bugbounty
Android Reports And Resources
A big list of Android Hackerone disclosed reports and other resources.
Stars: ✭ 590 (-42.27%)
Mutual labels: xss, bugbounty
Allaboutbugbounty
All about bug bounty (bypasses, payloads, and etc)
Stars: ✭ 758 (-25.83%)
Mutual labels: bugbounty, bug
Hackerone Reports
Top disclosed reports from HackerOne
Stars: ✭ 458 (-55.19%)
Mutual labels: xss, bugbounty
Brutal
Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )
Stars: ✭ 678 (-33.66%)
Mutual labels: penetration-testing, payload
Interlace
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (-25.64%)
Mutual labels: penetration-testing, bugbounty
Csp Builder
Build Content-Security-Policy headers from a JSON file (or build them programmatically)
Stars: ✭ 496 (-51.47%)
Mutual labels: easy-to-use, xss
Command Injection Payload List
🎯 Command Injection Payload List
Stars: ✭ 658 (-35.62%)
Mutual labels: payload, bugbounty
Chimera
Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
Stars: ✭ 463 (-54.7%)
Mutual labels: penetration-testing, payload
Sql Injection Payload List
🎯 SQL Injection Payload List
Stars: ✭ 716 (-29.94%)
Mutual labels: payload, bugbounty
Medusa
🐈Medusa是一个红队武器库平台,目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
Stars: ✭ 796 (-22.11%)
Mutual labels: xss, payload
Dalfox
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (-22.6%)
Mutual labels: xss, bugbounty
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (-4.7%)
Mutual labels: xss, bugbounty
ezXSS is an easy way for penetration testers and bug
bounty hunters to test (blind) Cross Site Scripting.
Features
- Easy to use dashboard with statistics, payloads, view/share/search reports
- Payload generator
- Instant alerts via mail, Telegram or custom callback URL
- Custom javascript payloads
- Custom payload links to distinguish insert points
- Block, whitelist and other filters
- Share reports with a direct link, via email or with other ezXSS users
- Secure your login with Two-factor (2FA)
- The following information can be collected on a vulnerable page:
- The URL of the page
- IP Address
- Any page referer (or share referer)
- The User-Agent
- All Non-HTTP-Only Cookies
- All Locale Storage
- All Session Storage
- Full HTML DOM source of the page
- Page origin
- Time of execution
- Payload URL
- Screenshot of the page
- Extract additional defined pages
- its just ez :-)
Required
- Server or hosting with PHP 7.1 or up
- Domain name (consider a short one)
- SSL Certificate if you want to test on https websites (consider Cloudflare or Let's Encrypt for a free SSL)
Installation
ezXSS is ez to install with Apache, NGINX or Docker
visit the wiki for installation instructions.
Live demo
For a demo visit demo.ezxss.com/manage with password demo1234. Please note that some features might be disabled in the demo version.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].