Releases: ssl/ezXSS
ezXSS v4.2
I am happy to announce the release of ezXSS v4.2!
Building on the foundation laid by v4.0's complete recoded codebase and v4.1's introduction of persistent XSS sessions with reverse proxy, v4.2 brings improvements in performance, compatibility, and usability.
A lot of changes and a lot of big improvements. Updating to this version is highly recommended as you might not receive all reports you should receive with your current version. All information about installing, updating and using ezXSS can be found on the GitHub wiki: https://github.com/ssl/ezXSS/wiki
What's New in v4.2?
- Enhanced Performance: Up to 80% improvement in speed across the dashboard and reports, thanks to optimized data handling, compressing data and query improvements.
- More Compatibility: Payloads now trigger across a wider range of browsers, including older versions (IE8+, Chrome 3+, Firefox 4+, Safari 4+).
- Simplified Docker Installation: Updated Docker support with automatic certificate installation simplifies setup.
- One-Click Update: Seamlessly upgrade to v4.2 from as far back as v2.0
- New Features: Introducing the ezXSS Payload Tester, customizing storing methods, a "shortboost!" button and much more.
Changelog Highlights:
- Major speed optimizations for dashboard and report interactions.
- Extended payload compatibility with older browsers and protocols.
- Docker enhancements for effortless installation and certification.
- New option to store screenshot either in the database or as file on the server
- New option to store big reports/session data as plaintext or compressed
- Comprehensive updates to user agent lists, data fetching via API, logging, and more data table integration.
- New payload features, including a copy-to-clipboard button and more example payloads.
- New theme, alongside other design and usability improvements across the platform.
- Significant bug fixes in report generation, cookie copying, persistent pages, queries and much more.
Given the substantial feature expansion from ezXSS v3.x, the transition might be quite extensive. All these functionalities are elaborated in our wiki. With over 3000 lines of code enhancements since v4.1, v4.2 is the definitive, production-ready package designed to test your web applications against XSS vulnerabilities.
Your feedback and contributions have been important in shaping ezXSS into the robust tool it is today. Thanks everyone for using ezXSS and please consider supporting the project by submitting new code, feature requests, issue reporting or by donating through Github Sponsors <3.
ezXSS v4.1
Introducing ezXSS v4.1, a extensive upgrade that takes the excellence of ezXSS v4.0 to the next level. With a plethora of features focusing on XSS payload persistence, reverse proxying, log storage, and much more, this version aims to enhance the experience and efficiency significantly. This version includes at least the following new features and improvements:
- Persistent Sessions. An XSS trigger can now persist in the browser for as long as the user's tab remains open, and even continue if the user navigates to other pages on the site.
- To accompany the persistent sessions, a Reverse Proxy has been added. This powerful feature enables you to fully utilize the compromised user's browser and session to send requests to the website, an invaluable tool for red teaming.
- The option to execute JavaScript live on all connected sessions, providing real-time control and manipulation.
- Logs have been added. If activated, specific user actions will be logged in the database, providing valuable insights.
- The admin dashboard introduces new kinds of statistics, allowing a broader and more detailed view of activities.
- A new sign up page has been added. Although disabled by default, once enabled, it allows anyone to create their own account/payload.
- Numerous bug fixes have been implemented, notably in areas like alerts, Docker, (mobile) designing and more.
- Various minor improvements have also been added, enhancing the overall system performance.
Given the substantial feature expansion from ezXSS v3.x, the transition might be quite extensive. To ensure a good understanding, we have elaborated on all these functionalities in our wiki. Visit github.com/ssl/ezXSS/wiki for a comprehensive guide to all the latest enhancements. Thanks everyone for using ezXSS and please consider supporting the project by submitting new code, feature requests, issue reporting or by donating through Github Sponsors <3.
ezXSS v4.0
I am excited to announce the release of ezXSS v4.0, a major update to the XSS tool. This version includes at least the following new features and improvements:
- Completely re-coded, resulting in clean, readable code that is easy to understand and maintain
- Multi-user setup that allows for roles and payload separation
- Alerts via Slack and Discord in addition to existing support for email and Telegram
- Redesigned pages and fixed styling bugs
- More statistics on the dashboards
- Improved reports view and search
- Ability to render collected DOM pages
- Lots of smaller bug fixes
- and much much more amazing things!
It is highly recommended to update to ezXSS v4.0, as version 3.x will no longer be supported due to its old codebase. If you are currently running an older version of ezXSS, please make sure to first update to version >3.10 before upgrading to v4.0. Also, after updating, the default username will be "admin".
Thank you for your continued support and I hope you enjoy using the new and improved ezXSS v4.0!
ezXSS v3.10
The official release of ezXSS v3.10. This update brings some great new features and fixes.
What is new in ezXSS v3.10?
- Added Telegram alerts
- Added ability to send alerts to custom endpoint
- Ability to customize admin (manage) link
- Extract additional defined pages
- Allow wildcard in blocked and whitelist domains
- Faster user experience because of query improvements
- Updated the screenshot html2canvas library
- Updated the styling and placement of some pages
- Improved Docker installation and added first steps to Docker Hub (@Flightkick)
- Fixed some bugs
ezXSS v3.9
ezXSS v3.9 is a big update in terms of performance, styling and functionality. In case you working with company's that don't like you to collect all information that ezXSS can collect, you can now select what you want to collect and what not.
Also, there is a new theme called 'Green' which gives a new experience to ezXSS. I endorse people to create their own themes and create a pull request for it! (Have a look and copy at green.css
).
- New theme and ability to switch between themes
- Ability to select what to collect on payload
- Big (SQL) performance enhancement to all pages
- Cleaned up some code
- CSS stylesheet is now minified and self-hosted
- Cleaned up some styling
- Added timezone dropdown in settings
- Fixed some bugs
ezXSS v3.8
ezXSS v3.7
ezXSS v3.7 makes it possible to run ezXSS in Docker, and fixes some small things.
If updating from 3.6 to 3.7; remove config.ini and rename the new .env.example to .env.
- Added Docker support thanks to @glitchwitchsec
- Put local & session storage in textbox
- New update method that is future proof
- Fixed some bugs
- Renamed config.ini to .env
Thanks for using ezXSS!
ezXSS v3.6
Thanks for using ezXSS! 3.6 brings some new features and bug fixes.
In order to update ezXSS 3.x to 3.6 you need to rename config.ini.example to config.ini and fill in your database information. Your database information is no longer stored in the Database.php.
Changelog:
Fixed #56, bug on deleting reports on page 2 or up
Fixed and added #55, custom send mail from
Added config file
Renamed some things
Fixed some other small bugs
ezXSS v3.5
v3.5 makes it possible to use multiple payload (links). Add a custom string after your payload link to distinguish insert points.
If you need a complete custom script you can now add a javascript file to the templates folder and ezXSS will serve this. See /custom (/templates/custom.js) for an example.
- Fixed a bug in settings #53
- Added version check and updater
- Added custom payload link
- Added custom payload js file
- Fixed some bugs
ezXSS v3.4
ezXSS 3.4 makes it possible to select multiple reports and delete or archive them. It also adds the ability to share, delete or archive a report within the report page.
- Added Feature request: Add ability to share, delete, archive report from inside the actual report feature #40
- Added Feature request: Make it easier to delete more than 1 report at a time feature #39
- Fixed some other things
I will try to add more small feature requests before a possible 4.0 release. If you have any let me know. Thanks again for using ezXSS!