Skip to content
Related Articles

Related Articles

Improve Article
Save Article
Like Article

FinDOM-XSS – Fast DOM Based XSS Vulnerability Scanner

  • Last Updated : 23 Sep, 2021

DOM XSS stands for Document Object Model-based Cross-site Scripting. DOM-based vulnerabilities occur within the content processing stage performed on the client, typically in client-side JavaScript. In a DOM-based XSS attack, the malicious string is not parsed by the victim’s browser until the website’s authentic JavaScript is executed. 

To perform a DOM-based XSS attack, you would like to store data into an origin in order that it’s delivered to a sink and causes the execution of arbitrary JavaScript code. FinDOM-XSS is an automatic tool developed within the Shell Script which aims to seek out the possible and/ potential DOM-based XSS vulnerability in a fast manner. FinDOM-XSS tool is available on GitHub, it’s free and open-source. This tool works with a single target as well as multiple targets at the same time.

Installation of FinDOM-XSS Tool in Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/dwisiswant0/findom-xss.git

FinDOM-XSS - Fast DOM Based XSS Vulnerability Scanner

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd findom-xss

Step 3: List the contents of the directory

ls

Step 4: Now use the following command to run the tool.

./findom-xss.sh

Working with FinDOM-XSS Tool in Kali Linux OS

Example 1: Run the tool on a target

./findom-xss.sh http://geeksforgeeks.org

In this example, we are running the tool against the domain http://geeksforgeeks.org.

FinDOM-XSS - Fast DOM Based XSS Vulnerability Scanner

We have got the potential DOM on http://geeksforgeeks.org through which XSS can be executed.

FinDOM-XSS - Fast DOM Based XSS Vulnerability Scanner

Results are saved in the text file:

FinDOM-XSS - Fast DOM Based XSS Vulnerability Scanner

Example 2: Run the tool against Multiple targets

cat urls.txt | ./findom-xss.sh

In this example, we are running the tool against multiple targets which are saved in the urls.txt file.

FinDOM-XSS - Fast DOM Based XSS Vulnerability ScannerFinDOM-XSS - Fast DOM Based XSS Vulnerability Scanner

We have got potential DOM on http://geeksforgeeks.org.

FinDOM-XSS - Fast DOM Based XSS Vulnerability Scanner

We have got potential DOM on http://bugcrowd.com.

FinDOM-XSS - Fast DOM Based XSS Vulnerability Scanner

No Potential DOM is been detected on http://facebook.com.

FinDOM-XSS - Fast DOM Based XSS Vulnerability Scanner

My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!