Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 40 million developers.Sign up
Thanks for using ezXSS. After I quit working on this project for more than a year, the new release is here.
Update log ezXSS 3.0:
- Recoded the entire application
- Fixed & cleaned some styling issues
- Added back screenshots and option to disable
- Added Local Storage and Session Storage in payload
- Added direct share link for reports
- And many more small features and improvements
If you have any feedback, suggestions or found a bug please let me know.
Execute this SQL to update from 2.x to 3.0:
INSERT INTO `settings` (`id`, `setting`, `value`) VALUES (NULL, 'screenshot', '0'); ALTER TABLE `reports` ADD `screenshot` LONGTEXT NULL DEFAULT NULL AFTER `archive`, ADD `localstorage` LONGTEXT NULL DEFAULT NULL AFTER `archive`, ADD `sessionstorage` LONGTEXT NULL DEFAULT NULL AFTER `archive`, ADD `shareid` VARCHAR(50) NOT NULL AFTER `id`; UPDATE `reports` SET `shareid` = concat( lpad(conv(floor(rand()*pow(36,8)), 10, 36), 8, 0), lpad(conv(floor(rand()*pow(36,8)), 10, 36), 8, 0), lpad(conv(floor(rand()*pow(36,8)), 10, 36), 8, 0), lpad(conv(floor(rand()*pow(36,8)), 10, 36), 8, 0) );
Hey! Because of massive interests in ezXSS, I decided to release a small update.
- Fixed an issue with reports not showing up
- If you still have this issue, please check #10
- Fixed an small parsing issue
I am currently busy with ezXSS 3.0, stay tuned!
The great release with great new functions. It is here.
This version contains:
- Fixed all small bugs and typos I could find.
- You are now able to block a domain
- Added a notepad to the dashboard. In case you need to save some info!
- Share page is removed and now integrated on the reports page with a modal.
- Archive reports that you don't want to see, but also don't want to delete.
- Search page is removed and now fully integrated on the reports page.
- Searching is now optimized, find things even better.
- Added more payloads.
- Added the setting to change your domain name for payloads.
- Added API key. The API is not done, so you can not use it yet.
If you find any bugs or have a great idea, let me know! Next version with API and a new feature you would love (suggested by @dev) coming soon!
ezXSS is a bit optimized. Some templates are removed and integrated into the framework.
- Screenshots removed
- Fixed an share issue
Screenshots are temporary removed. I noticed that on some sites the callback was not called because of an issue with making the screenshot. Will try to fix this soon.
Please leave any positive or negative feedback, it helps!
The release of the first official ezXSS! Welcome to 2.0.
This version has a lot of new features and fixes, some of the main things:
- A total new design, hopefully you like it :-)
- The email design is also changed
- Installation is now easier
- Searching on the reports page
- The way you delete reports is changed, and screenshots of reports are now also deleted
- Removed username from logging in (password only)
- Option to add Google's 2FA to the login
- New favicon
- A lot of small features added, updated or deleted
- Cleaned up allot of code again
Please leave any positive or negative feedback, it helps!
It is here, ezXSS version 1.6
What is fixed?
- Fixed an HTTPS issue for some servers
- Fixed/removed the index.js for some servers
- Cleaned some CSS
- Secret key is removed from sharing (I even found out you could bypass the secret key)
- Filter tab removed to dashboard
- Changed some design things in "All reports" and "Search"
What is added?
- Check more statics on the dashboard
- Download latest ezXSS version from the dashboard
The next version will include even more great functions! Including ez installation and updating.
Here it is: ezXSS v1.5
What is changed?
- Cleaned up some code
- Now you can delete a report
- Share a report easier with auto fill
- Fixed an password changing issue where you could change the password without an correct current password
- New CDN for jquery and bootstrap
- Some small fixes
Soon I will release v1.6 with allot of new features.
I'm happy to release ezXSS version 1.4. Added some great features and removed bad things.
- Change DOM part setting and timezone on the Settings page
- Removed https or http on Origin
- Changed the max chars to show on All reports page to prevent long URI's.
- Removed some unnecessary code
- Option to filter reports that they do not save or alert if identical to a other report.
- Added a new feature to share a report with a other ezXSS owner using domainname and a secretkey
- All CSS and font's are now hosted on Github.
- Some other small fixes
This is the first release that can be used in production. If you have any problems or ideas let me know.
Some bug fixes and lightweight callback file.
- The JS callback file is minified from 301765 to 43944 total characters. Load time can be up to 5 times faster.
- Some bug fixes and typo fixes.
Next version will have (and currently in build):
- Remove all not-used CSS because CSS is currently bigger than everything else combined
- Add feature to share a report with a other ezXSS user with domain+secretkey
- Option to block a domain because you get too many reports or not interested in the domain
- Option that if report is 100% the same as a other report, do not safe/re-alert.
- Max chars on report page for url (responsive fix)
- Cleanup code in Components
- Cleanup code overal, there is some bad-practice code thats need to be fixed
Some bug fixes and a new feature.
- Screenshots now upload on your host
- Screenshot preview is send in the mail
- On PHP7+ not all reports got saved because of a big image, this is now fixed with the new features.
- /manage page is now HTTPS only, and cookies are HTTP only protected.
- Last report stats on dashboard bugged if it was more then x seconds, this is fixed.
If you have any suggestions please let me know. Have fun with this new version :-)!