Working with FinDOM-XSS Tool in Kali Linux OS
Example 1: Run the tool on a target
./findom-xss.sh http://w3wiki.org
In this example, we are running the tool against the domain http://w3wiki.org.
We have got the potential DOM on http://w3wiki.org through which XSS can be executed.
Results are saved in the text file:
Example 2: Run the tool against Multiple targets
cat urls.txt | ./findom-xss.sh
In this example, we are running the tool against multiple targets which are saved in the urls.txt file.
We have got potential DOM on http://w3wiki.org.
We have got potential DOM on http://bugcrowd.com.
No Potential DOM is been detected on http://facebook.com.
FinDOM-XSS – Fast DOM Based XSS Vulnerability Scanner
DOM XSS stands for Document Object Model-based Cross-site Scripting. DOM-based vulnerabilities occur within the content processing stage performed on the client, typically in client-side JavaScript. In a DOM-based XSS attack, the malicious string is not parsed by the victim’s browser until the website’s authentic JavaScript is executed.
To perform a DOM-based XSS attack, you would like to store data into an origin in order that it’s delivered to a sink and causes the execution of arbitrary JavaScript code. FinDOM-XSS is an automatic tool developed within the Shell Script which aims to seek out the possible and/ potential DOM-based XSS vulnerability in a fast manner. FinDOM-XSS tool is available on GitHub, it’s free and open-source. This tool works with a single target as well as multiple targets at the same time.