After reading an article from German PHP Magazin about DOM based XSS attacks, I came up with the idea of building this online tool for scanning Web pages for potential DOM based cross-site scripting (XSS) security vulnerabilities.
This tool is meant for site owners and Web masters to check their pages source code with DOM XSS sources and sinks being highlighted to facilitate code review.
DOM XSS Scanner does not try to assess the security of given pages and does not currently include scripts dynamically loaded from other scripts. Those scripts can be scanned by submitting their URLs manually.
Improve DOM XSS Scanner
The source code of DOM XSS Scanner is available on github. You can help improve the tool by contributing code, reporting bugs or proposing enhancements.
DOM XSS Scanner Coverage
Coverage of the DOM XSS Scanner tool elsewhere on the Web:
DOM XSS Scanner Building Blocks
DOM XSS Scanner is an application written in Python and JavaScript.
Building DOM XSS Scanner was straightforward thanks to the following great open source libraries:- Beautiful Soup Python HTML/XML parser
- jQuery JavaScript Library
- 960 CSS Grid System
- HTML5 Boilerplate and included libraries
- The webapp Framework with Django Templates
This site uses icons from the WP WooThemes Ultimate Icon Set and runs on Google App Engine.
DOMXSSscanner.com has Google Analytics tracking enabled, if you wish you can opt out of Google Analytics using the available browser extensions.
blog comments powered by Disqus