Awesome Open Source
Awesome Open Source


ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Current features

Some features ezXSS has

  • Easy to use dashboard with statics, payloads, view/share/search reports and more
  • Payload generator
  • Instant email alert on payload
  • Custom javascript payload
  • Custom payload links to distinguish insert points
  • Enable/Disable screenshots
  • Prevent double payloads from saving or alerting
  • Block domains
  • Share reports with a direct link, via email or with other ezXSS users
  • Easily manage and view (multiple) reports
  • Secure your login with extra protection (2FA)
  • Killswitch
  • The following information is collected on a vulnerable page:
    • The URL of the page
    • IP Address
    • Any page referer (or share referer)
    • The User-Agent
    • All Non-HTTP-Only Cookies
    • All Locale Storage
    • All Session Storage
    • Full HTML DOM source of the page
    • Page origin
    • Time of execution
    • Screenshot of the page
  • its just ez :-)


  • A host with PHP 7.1 or up
  • A domain name (consider a short one)
  • An SSL if you want to test on https websites (consider Cloudflare or Let's Encrypt for a free SSL)


ezXSS is ez to install with Apache, NGINX or Docker

visit the wiki for installation instructions.


For a demo visit with password demo1234. Please note that some features might be disabled in the demo version.


Dashboard Settings Payload Reports Login

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
php (15,556
penetration-testing (219
test (187
bugbounty (138
alert (105
xss (86
easy-to-use (78
payload (57
easy (43
bug (19

Find Open Source By Browsing 7,000 Topics Across 59 Categories