search

ssl / ezXSS

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
https://ezxss.com
MIT License
1.87k stars 330 forks source link

Feature request: Automatic spider #176

Open dicksnel opened 2 months ago

dicksnel commented 2 months ago

Hi, thanks for this great tool!

It would be great if ezXSS can automatically spider an entire app after the XSS is triggered. This works adding a hidden iframe and scanning the target page for all hyperlinks with the same domain. Then for each found URL, fetch it via XHR in the iframe and extract all response data / screenshot it like a usual target page.

The advantage of this is that an attacker can gain immediate insight in all URL's and pages that are available in for example an admin panel.

If this is something to consider including, I have working code available from our own tooling.

ssl commented 1 month ago

Hey Dick,

Thanks for the feature request. This for sure sounds like something we can add. I would love for you to share the working code and possibly some ideas how to implement this in ezXSS.

I can then look myself what would be the best way to implement this in the current system.

dicksnel commented 1 month ago

@ssl great, I'll get back with some example code after my holidays!