Skip to content
Permalink
Browse files

ezXSS 3.0

  • Loading branch information...
ssl committed May 23, 2019
1 parent 0444ed4 commit c9a7d4213e865d9b6f9120ccdd093670e90c765b

Large diffs are not rendered by default.

BIN +318 Bytes assets/img/favicon.ico
Binary file not shown.
@@ -0,0 +1,92 @@
function request(action, data) {
data["action"] = action;
return $.ajax({
type: "post",
dataType: "json",
url: "request",
data: data
});
}

$(document).ready(function() {

$("form.form").submit(function(Form) {
$("#alert").slideUp();
Form.preventDefault();
var inputs = {};
$("form#" + this.id + " :input").each(function() {
if (this.id) {
inputs[this.id] = this.value;
}
});
request(this.id, inputs).then(function(r) {
if (!r.redirect) {
$("#alert").html('<div class="alert" role="alert"><p class="close">×</p>' + r.echo + '</div>');
$("#alert").hide();
$("#alert").slideDown("slow");
} else {
window.location.href = r.redirect;
}
});
});

$(".delete").click(function() {
var id = $(this).attr('report-id');
request("delete-report", {id:id,csrf:csrf}).then(function(r) {
$("#"+id).fadeOut( "slow", function() {});
});
});

$(".archive").click(function() {
var id = $(this).attr('report-id');
var archive = 0;
if(location.toString().split('/').pop() == 'reports') {
var archive = 1;
}
request("archive-report", {id:id,archive:archive,csrf:csrf}).then(function(r) {
$("#"+id).fadeOut( "slow", function() {});
});
});

$(".share").click(function() {
$('#reportid').val( $(this).attr('report-id') );
$('#shareid').val("https://" + window.location.hostname + "/manage/report/" + $(this).attr('share-id') );
});

$('.left-nav-toggle a').on('click', function(event){
event.preventDefault();
$("body").toggleClass("nav-toggle");
});

$('.nav-second').on('show.bs.collapse', function () {
$('.nav-second.in').collapse('hide');
});

$('.panel-toggle').on('click', function(event){
event.preventDefault();
var hpanel = $(event.target).closest('div.panel');
var icon = $(event.target).closest('i');
var body = hpanel.find('div.panel-body');
var footer = hpanel.find('div.panel-footer');
body.slideToggle(300);
footer.slideToggle(200);

icon.toggleClass('fa-chevron-up').toggleClass('fa-chevron-down');
hpanel.toggleClass('').toggleClass('panel-collapse');
setTimeout(function () {
hpanel.resize();
hpanel.find('[id^=map-]').resize();
}, 50);
});

$('.panel-close').on('click', function(event){
event.preventDefault();
var hpanel = $(event.target).closest('div.panel');
hpanel.remove();
});
});


$("#alert").on("click", ".close", function() {
$("#alert").slideUp();
});
@@ -0,0 +1,43 @@
<?php
require_once __DIR__ . '/src/Autoload.php';
define('debug', false);
if(debug) {
error_reporting(E_ALL);
ini_set('display_errors', 1);
}
$requestUrl = explode('?', $_SERVER['REQUEST_URI'])[0];
if(strpos($requestUrl, '/manage/') === 0 || strpos($requestUrl, '/manage') === 0) {
$path = str_replace('/manage/', '', explode('?', $_SERVER['REQUEST_URI'])[0]);
if(explode('/', $path)[0] == 'report') {
$path = explode('/', $path)[0];
}
if($path == 'request') {
$request = new Request();
echo $request->json();
} else {
$route = new Route();
echo $route->template($path);
}
} else {
$route = new Route();
if($requestUrl == '/callback') {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
echo $route->callback(file_get_contents('php://input'));
}
}
if($requestUrl == '/') {
header('Content-Type: application/x-javascript');
echo $route->jsPayload();
}
}
@@ -1,62 +1,55 @@
# ezXSS
ezXSS is an easy way to test (blind) Cross Site Scripting.

![Alert](https://ssl.github.io/cdn/ezXSS/error.png) I'm currently busy with building ezXSS 3. The whole application will be re-coded.
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

## Current features
Some features ezXSS has

* Easy to use dashboard with statics, payloads, view/share/search reports and more
* Payload generator
* Instant email alert on payload
* Custom javascript for extra testing
* Custom javascript payload
* Enable/Disable screenshots
* Prevent double payloads from saving or alerting
* Share reports with other ezXSS users
* Easily manage and view reports in the system
* Search for reports in no time
* Secure your system account with extra protection (2FA)
* Block domains
* Share reports with a direct link or with other ezXSS users
* Easily manage and view reports in the dashboard
* Secure your login with extra protection (2FA)
* The following information is collected on a vulnerable page:
* The URL of the page
* IP Address
* Any page referer (or share referer)
* The User-Agent
* All Non-HTTP-Only Cookies
* All Locale Storage
* All Session Storage
* Full HTML DOM source of the page
* Page origin
* Time of execution
* Screenshot of the page
* its just ez :-)

## Required
* PHP 5.5 or up
* A host with PHP 5.5 or up
* A domain name (consider a short one)
* An SSL if you want to test on https websites (consider Cloudflare or Let's Encrypt for a free SSL)

## Installation
ezXSS is ez to install

* Download the 'files' folder and put all the files inside your root
* Create an empty database and provide your database information in '/manage/src/Database.php'
* Go to /manage/install in your browser and setup a password and email
* Clone the repository and put the files in the document root
* Create an empty database and provide your database information in 'src/Database.php'
* Visit /manage/install in your browser and setup a password and email
* Done! That was ez right?

## To do list
Some things I am planning to add/change in future versions.
## Demo
For a demo visit [demo.ezxss.com/manage](https://demo.ezxss.com/manage) with password *demo1234*. Please note that some features might be disabled in the demo version.

I'm currently busy with ezXSS 3.0.

* Cleaner dashboard
* Enable/Disable screenshots
* Finishing the API
* Adding SMS/Slack/Telegram notifications
* Fully OOP based
* Page grabbing
* Live JS - send JS code LIVE while the person is on the page
* You got ideas?
**If you want to buy me a beer: 1EzxssMj2wAj63LkNwRJfsjVgWxbPt2DbN**

## Screenshots

![Dashboard](https://i.imgur.com/0us9M4M.png)
![Settings](https://i.imgur.com/5BbdyYQ.png)
![Payload](https://i.imgur.com/5nKDqcQ.png)
![Reports](https://i.imgur.com/6TTXOw3.png)
![Login](https://i.imgur.com/I9W7jxU.png)
![Dashboard](https://i.imgur.com/79wSggJ.png)
![Settings](https://i.imgur.com/oybLHTn.png)
![Payload](https://i.imgur.com/Aibuvzz.png)
![Reports](https://i.imgur.com/xT1MmO1.png)
![Login](https://i.imgur.com/bEzskKo.png)
@@ -0,0 +1,8 @@
<?php
require_once __DIR__ . '/Route.php';
require_once __DIR__ . '/User.php';
require_once __DIR__ . '/Request.php';
require_once __DIR__ . '/Database.php';
require_once __DIR__ . '/Component.php';
require_once __DIR__ . '/Basic.php';

0 comments on commit c9a7d42

Please sign in to comment.
You can’t perform that action at this time.