Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/dwisiswant0/findom-xss

A fast DOM based XSS vulnerability scanner with simplicity.
https://github.com/dwisiswant0/findom-xss

bugbounty bugbountytips findom-xss pentest pentesting xss xss-scanner

Last synced: 7 days ago
JSON representation

A fast DOM based XSS vulnerability scanner with simplicity.

Lists

README 

        
# FinDOM-XSS



[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/dwisiswanto/findom-xss/issues)



FinDOM-XSS is a tool that allows you to finding for possible and/ potential DOM based XSS vulnerability in a fast manner.



findom-xss



---



### Installation



```

$ git clone https://github.com/dwisiswant0/findom-xss.git --recurse-submodules

```



**Dependencies:** [LinkFinder](https://github.com/GerbenJavado/LinkFinder)



### Usage



To run the tool on a target, just use the following command.

```

$ ./findom-xss.sh https://domain.tld/about-us.html

```



This will run the tool against `domain.tld`.



URLs can also be piped to findom-xss and scan on them. For example:

```

$ cat urls.txt | ./findom-xss.sh

```



The second argument can be used to specify an output file.

```

$ ./findom-xss.sh https://domain.tld/about-us.html /path/to/output.txt

```



By default, output will be stored in the `results/` directory in the repository with `domain.tld.txt` name.



### License



**FinDOM-XSS** is licensed under the Apache. Take a look at the [LICENSE](https://github.com/dwisiswant0/findom-xss/blob/master/LICENSE) for more information.



### Thanks



- [@dark_warlord14](https://twitter.com/dark_warlord14) - Inspired by the JSScanner tool, that's why this tool was made.

- [@aslanewre](https://twitter.com/aslanewre) - With possible patterns.

- [All Contributors](../../graphs/contributors)