
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
github.com/ssl/ezxss
ezXSS is an easy way for penetration testers and bug
bounty hunters to test (blind) Cross Site Scripting.
ezXSS is ez to install with Apache, NGINX or Docker
visit the wiki for installation instructions.
Interested in using ezXSS but don't want to install it yet? Worry not! You can access and start using ezXSS with a free account on ez.pe. Simply sign up and get started without any installation hassle.
Additionally, if you'd like to explore and test the tool before committing, there is a demo environment with admin account available at demo.ezxss.com/manage.
Please note that some features might be disabled or limited in both the free account on ez.pe and the demo environment. These limitations are in place to maintain the integrity and security of the platforms. However, you can still get a good grasp of the tool's capabilities and decide after to install it yourself.
Maintenance of this project is made possible by all the contributors and sponsors. I've personally worked for over 8 years on this project, taking hundreds of hours from my time. Please kindly consider becoming a sponsor, so I can continue maintaining and improving ezXSS as well as creating and releasing new projects. Current sponsors and (past) sponsors/contributors with a big impact on the project:
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.