loading
loading
Vulnerabilities
Find potential DOM-based XSS across a URL list, fast.
overview
findom-xss hunts for DOM-based cross-site scripting across a file of URLs. It looks for client-side source and sink patterns that signal a page is mixing attacker-controllable input into the DOM without sanitization, and returns a focused set of candidates instead of a page-by-page manual review.
DOM XSS lives in JavaScript, so it never shows up in the server response a classic scanner inspects. findom-xss leans into that gap: it reasons about the URLs and the script-side handling behind them, surfacing places where a value flows from a source like location or document.referrer into a sink like innerHTML or eval.
In a Trickest workflow it takes one file input, a line-by-line list of URLs, and writes a folder and a file of results. Feed it crawler or passive-collector output so it runs against real in-scope endpoints, then route findings into confirmation or a report.
use cases
Point findom-xss at a file of crawled or archived URLs and let it flag pages whose client-side code mishandles input, turning a broad surface into a short candidate list.
DOM XSS never appears in the server response, so a reflected-XSS scanner walks past it. Run findom-xss alongside those tools to cover the JavaScript sink-and-source path they cannot see.
Take endpoints from katana or a passive collector, write them to a file, and pass that straight into findom-xss so it scans only live, in-scope URLs.
Use findom-xss as the cheap first pass, then send its shortlist to a heavier scanner or a manual reviewer to confirm exploitability and craft a working payload.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| urls-file | FILE | · | File with line by line urls to scan. |
Showing key inputs. FinDOM-XSS exposes 1 inputs in total.
example
# scan a line-by-line URL list for potential DOM-based XSSfindom-xss.sh urls.txthttps://example.com/search?q=https://example.com/app#/profilehttps://app.example.com/dashboard?ref=https://example.com/product?id=1&callback=https://staging.example.com/widget?name=https://example.com/docs?page=https://cdn.example.com/static/app.js (sink: innerHTML)https://example.com/legacy?redir=guidance
Reach for FinDOM-XSS when you have a list of URLs and want a fast pass for DOM-based XSS specifically, the client-side variant that server-response scanners miss. For reflected and parameter-based XSS with payload confirmation, use dalfox. For a quick reflected-character check before deeper scanning, use kxss.
Fast Go parameter-analysis and XSS scanner with a DOM parser. Broader coverage and payload confirmation, heavier to run.
Finds unfiltered special characters reflected from URLs. A lightweight pre-filter for reflected XSS, not DOM-focused.
Damn Small XSS Scanner. Tiny scanner covering GET and POST parameters, simpler scope than a dedicated DOM finder.
faq
related
A Go script for bypassing 403 forbidden responses.
An open-source tool that automates detecting and exploiting command injection.
Detect and abuse vulnerable implementations of stateless sessions.
A Python tool to find Cross-Origin Resource Sharing misconfigurations.
A tool to find HTTP splitting vulnerabilities.
Multi-threaded, IPv6-aware username enumeration via CVE-2018-15473.
A target feeds katana, which crawls it into a list of URLs. That list goes to FinDOM-XSS, which scans each one for potential DOM-based XSS and writes the candidate findings out for review.
Facts on this page come from the live Trickest tool library.