FinDOM-XSS – Fast DOM Based XSS Vulnerability Scanner
DOM XSS stands for Document Object Model-based Cross-site Scripting. DOM-based vulnerabilities occur within the content processing stage performed on the client, typically in client-side JavaScript. In a DOM-based XSS attack, the malicious string is not parsed by the victim’s browser until the website’s authentic JavaScript is executed.
To perform a DOM-based XSS attack, you would like to store data into an origin in order that it’s delivered to a sink and causes the execution of arbitrary JavaScript code. FinDOM-XSS is an automatic tool developed within the Shell Script which aims to seek out the possible and/ potential DOM-based XSS vulnerability in a fast manner. FinDOM-XSS tool is available on GitHub, it’s free and open-source. This tool works with a single target as well as multiple targets at the same time.
Installation of FinDOM-XSS Tool in Kali Linux OS
Step 1: Use the following command to install the tool in your Kali Linux operating system.
git clone https://github.com/dwisiswant0/findom-xss.git
Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.
cd findom-xss
Step 3: List the contents of the directory
ls
Step 4: Now use the following command to run the tool.
./findom-xss.sh
Working with FinDOM-XSS Tool in Kali Linux OS
Example 1: Run the tool on a target
./findom-xss.sh http://w3wiki.net
In this example, we are running the tool against the domain http://w3wiki.net.
We have got the potential DOM on http://w3wiki.net through which XSS can be executed.
Results are saved in the text file:
Example 2: Run the tool against Multiple targets
cat urls.txt | ./findom-xss.sh
In this example, we are running the tool against multiple targets which are saved in the urls.txt file.
We have got potential DOM on http://w3wiki.net.
We have got potential DOM on http://bugcrowd.com.
No Potential DOM is been detected on http://facebook.com.