{"id":26146,"date":"2022-07-27T11:33:32","date_gmt":"2022-07-27T11:33:32","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=26146"},"modified":"2022-07-27T11:33:34","modified_gmt":"2022-07-27T11:33:34","slug":"domdig","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/domdig\/","title":{"rendered":"DOMDig : DOM XSS Scanner For Single Page Applications"},"content":{"rendered":"\n<p><strong>DOMDig<\/strong> is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications (SPA) recursively.<br>Unlike other scanners, DOMDig can crawl any webapplication (including gmail) by keeping track of DOM modifications and XHR\/fetch\/websocket requests and it can simulate a real user interaction by firing events. During this process, XSS payloads are put into input fields and their execution is tracked in order to find injection points and the related URL modifications.<br>It is based on&nbsp;htcrawl, a node library powerful enough to easily crawl a gmail account.<\/p>\n\n\n\n<h2 class=\"has-text-align-center has-vivid-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/fcavallarin\/domdig#key-features\"><\/a>KEY FEATURES<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Runs inside a real browser (Chromium)<\/li><li>Recursive DOM crawling engine<\/li><li>Handles XHR, fetch, JSONP and websockets requests<\/li><li>Supports cookies, proxy, custom headers, http auth and more<\/li><li>Scriptable login sequences<\/li><\/ul>\n\n\n\n<h2 class=\"has-text-align-center has-vivid-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/fcavallarin\/domdig#getting-started\"><\/a>GETTING STARTED<\/h2>\n\n\n\n<h3 class=\"has-light-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/fcavallarin\/domdig#installation\"><\/a>Installation<\/h3>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>git clone https:\/\/github.com\/fcavallarin\/domdig.git<br>cd domdig &amp;&amp; npm i &amp;&amp; cd ..<br>node domdig\/domdig.js<\/strong><\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>Example<\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>node domdig.js -c &#8216;foo=bar&#8217; -p http:127.0.0.1:8080 https:\/\/htcap.org\/scanme\/domxss.php<\/strong><\/p>\n\n\n\n<h3 class=\"has-light-green-cyan-background-color has-background wp-block-heading\">Login Sequence<\/h3>\n\n\n\n<p>A login sequence (or initial sequence) is a json object containing a list of actions to take before the scan starts. Each element of the list is an array where the first element is the name of the action to take and the remaining elements are &#8220;parameters&#8221; to those actions. Actions are:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>write &lt;selector&gt; &lt;text&gt;<\/li><li>click &lt;selector&gt;<\/li><li>clickToNavigate &lt;selector&gt;<\/li><li>sleep &lt;seconds&gt;<\/li><\/ul>\n\n\n\n<h4 class=\"has-light-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/fcavallarin\/domdig#example-1\"><\/a>Example<\/h4>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>[<br>[&#8220;write&#8221;, &#8220;#username&#8221;, &#8220;demo&#8221;],<br>[&#8220;write&#8221;, &#8220;#password&#8221;, &#8220;demo&#8221;],<br>[&#8220;clickToNavigate&#8221;, &#8220;#btn-login&#8221;]<br>]<\/strong><\/p>\n\n\n\n<h3 class=\"has-light-green-cyan-background-color has-background wp-block-heading\">Payloads file<\/h3>\n\n\n\n<p>Payloads can be loaded from json file (-P option) as array of strings. To build custom payloads, the string&nbsp;<code><strong>window.___xssSink({0})<\/strong><\/code>&nbsp;must be used as the function to be executed (instead of the classic&nbsp;<code><strong>alert(1)<\/strong><\/code>)<\/p>\n\n\n\n<h4 class=\"has-light-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/fcavallarin\/domdig#example-2\"><\/a>Example<\/h4>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>[<br>&#8216;;window.___xssSink({0});&#8217;,<br>&#8216;<img decoding=\"async\" src=\"a\">&#8216;<br>]<\/strong><\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-16018d1d wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/fcavallarin\/domdig\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications (SPA) recursively.Unlike other scanners, DOMDig can crawl any webapplication (including gmail) by keeping track of DOM modifications and XHR\/fetch\/websocket requests and it can simulate a real user interaction by firing events. During this process, XSS [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":26176,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg45zod210fKCGVcegNdjNwyngidYK1G5j4UQHwEcwuBtXBEukcM9EiU_nYxzA1uBPaOJFS8EKC0RE9JT_U9myva2Y-JMua5hFD2ST1fD-a1ri5pJWIuoZGoopWjPgD_k6zcKVUwdQua7wwg0QWxUqMy-HZ2PK1Hh3CXXqeE9ariUgPS9YlvwVufexU\/s728\/Cross-Site-Scripting-XSS-Attacks%20(1).png","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[5472,5471,2945],"class_list":["post-26146","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-dom-xss","tag-domdig","tag-scanner"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>DOMDig : DOM XSS Scanner For Single Page Applications<\/title>\n<meta name=\"description\" content=\"DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications (SPA) recursively.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/domdig\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DOMDig : DOM XSS Scanner For Single Page Applications\" \/>\n<meta property=\"og:description\" content=\"DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications (SPA) recursively.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/domdig\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2022-07-27T11:33:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-07-27T11:33:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg45zod210fKCGVcegNdjNwyngidYK1G5j4UQHwEcwuBtXBEukcM9EiU_nYxzA1uBPaOJFS8EKC0RE9JT_U9myva2Y-JMua5hFD2ST1fD-a1ri5pJWIuoZGoopWjPgD_k6zcKVUwdQua7wwg0QWxUqMy-HZ2PK1Hh3CXXqeE9ariUgPS9YlvwVufexU\/s728\/Cross-Site-Scripting-XSS-Attacks%20(1).png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg45zod210fKCGVcegNdjNwyngidYK1G5j4UQHwEcwuBtXBEukcM9EiU_nYxzA1uBPaOJFS8EKC0RE9JT_U9myva2Y-JMua5hFD2ST1fD-a1ri5pJWIuoZGoopWjPgD_k6zcKVUwdQua7wwg0QWxUqMy-HZ2PK1Hh3CXXqeE9ariUgPS9YlvwVufexU\/s728\/Cross-Site-Scripting-XSS-Attacks%20(1).png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/domdig\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/domdig\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"DOMDig : DOM XSS Scanner For Single Page Applications\",\"datePublished\":\"2022-07-27T11:33:32+00:00\",\"dateModified\":\"2022-07-27T11:33:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/domdig\/\"},\"wordCount\":297,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/domdig\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg45zod210fKCGVcegNdjNwyngidYK1G5j4UQHwEcwuBtXBEukcM9EiU_nYxzA1uBPaOJFS8EKC0RE9JT_U9myva2Y-JMua5hFD2ST1fD-a1ri5pJWIuoZGoopWjPgD_k6zcKVUwdQua7wwg0QWxUqMy-HZ2PK1Hh3CXXqeE9ariUgPS9YlvwVufexU\/s728\/Cross-Site-Scripting-XSS-Attacks%20(1).png\",\"keywords\":[\"DOM XSS\",\"DOMDig\",\"Scanner\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/domdig\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/domdig\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/domdig\/\",\"name\":\"DOMDig : DOM XSS Scanner For Single Page Applications\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/domdig\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/domdig\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg45zod210fKCGVcegNdjNwyngidYK1G5j4UQHwEcwuBtXBEukcM9EiU_nYxzA1uBPaOJFS8EKC0RE9JT_U9myva2Y-JMua5hFD2ST1fD-a1ri5pJWIuoZGoopWjPgD_k6zcKVUwdQua7wwg0QWxUqMy-HZ2PK1Hh3CXXqeE9ariUgPS9YlvwVufexU\/s728\/Cross-Site-Scripting-XSS-Attacks%20(1).png\",\"datePublished\":\"2022-07-27T11:33:32+00:00\",\"dateModified\":\"2022-07-27T11:33:34+00:00\",\"description\":\"DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications (SPA) recursively.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/domdig\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/domdig\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg45zod210fKCGVcegNdjNwyngidYK1G5j4UQHwEcwuBtXBEukcM9EiU_nYxzA1uBPaOJFS8EKC0RE9JT_U9myva2Y-JMua5hFD2ST1fD-a1ri5pJWIuoZGoopWjPgD_k6zcKVUwdQua7wwg0QWxUqMy-HZ2PK1Hh3CXXqeE9ariUgPS9YlvwVufexU\/s728\/Cross-Site-Scripting-XSS-Attacks%20(1).png\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg45zod210fKCGVcegNdjNwyngidYK1G5j4UQHwEcwuBtXBEukcM9EiU_nYxzA1uBPaOJFS8EKC0RE9JT_U9myva2Y-JMua5hFD2ST1fD-a1ri5pJWIuoZGoopWjPgD_k6zcKVUwdQua7wwg0QWxUqMy-HZ2PK1Hh3CXXqeE9ariUgPS9YlvwVufexU\/s728\/Cross-Site-Scripting-XSS-Attacks%20(1).png\",\"width\":\"728\",\"height\":\"364\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DOMDig : DOM XSS Scanner For Single Page Applications","description":"DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications (SPA) recursively.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/domdig\/","og_locale":"en_US","og_type":"article","og_title":"DOMDig : DOM XSS Scanner For Single Page Applications","og_description":"DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications (SPA) recursively.","og_url":"https:\/\/kalilinuxtutorials.com\/domdig\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2022-07-27T11:33:32+00:00","article_modified_time":"2022-07-27T11:33:34+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg45zod210fKCGVcegNdjNwyngidYK1G5j4UQHwEcwuBtXBEukcM9EiU_nYxzA1uBPaOJFS8EKC0RE9JT_U9myva2Y-JMua5hFD2ST1fD-a1ri5pJWIuoZGoopWjPgD_k6zcKVUwdQua7wwg0QWxUqMy-HZ2PK1Hh3CXXqeE9ariUgPS9YlvwVufexU\/s728\/Cross-Site-Scripting-XSS-Attacks%20(1).png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg45zod210fKCGVcegNdjNwyngidYK1G5j4UQHwEcwuBtXBEukcM9EiU_nYxzA1uBPaOJFS8EKC0RE9JT_U9myva2Y-JMua5hFD2ST1fD-a1ri5pJWIuoZGoopWjPgD_k6zcKVUwdQua7wwg0QWxUqMy-HZ2PK1Hh3CXXqeE9ariUgPS9YlvwVufexU\/s728\/Cross-Site-Scripting-XSS-Attacks%20(1).png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/domdig\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/domdig\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"DOMDig : DOM XSS Scanner For Single Page Applications","datePublished":"2022-07-27T11:33:32+00:00","dateModified":"2022-07-27T11:33:34+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/domdig\/"},"wordCount":297,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/domdig\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg45zod210fKCGVcegNdjNwyngidYK1G5j4UQHwEcwuBtXBEukcM9EiU_nYxzA1uBPaOJFS8EKC0RE9JT_U9myva2Y-JMua5hFD2ST1fD-a1ri5pJWIuoZGoopWjPgD_k6zcKVUwdQua7wwg0QWxUqMy-HZ2PK1Hh3CXXqeE9ariUgPS9YlvwVufexU\/s728\/Cross-Site-Scripting-XSS-Attacks%20(1).png","keywords":["DOM XSS","DOMDig","Scanner"],"articleSection":["Kali Linux"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/domdig\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/domdig\/","url":"https:\/\/kalilinuxtutorials.com\/domdig\/","name":"DOMDig : DOM XSS Scanner For Single Page Applications","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/domdig\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/domdig\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg45zod210fKCGVcegNdjNwyngidYK1G5j4UQHwEcwuBtXBEukcM9EiU_nYxzA1uBPaOJFS8EKC0RE9JT_U9myva2Y-JMua5hFD2ST1fD-a1ri5pJWIuoZGoopWjPgD_k6zcKVUwdQua7wwg0QWxUqMy-HZ2PK1Hh3CXXqeE9ariUgPS9YlvwVufexU\/s728\/Cross-Site-Scripting-XSS-Attacks%20(1).png","datePublished":"2022-07-27T11:33:32+00:00","dateModified":"2022-07-27T11:33:34+00:00","description":"DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications (SPA) recursively.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/domdig\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/domdig\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg45zod210fKCGVcegNdjNwyngidYK1G5j4UQHwEcwuBtXBEukcM9EiU_nYxzA1uBPaOJFS8EKC0RE9JT_U9myva2Y-JMua5hFD2ST1fD-a1ri5pJWIuoZGoopWjPgD_k6zcKVUwdQua7wwg0QWxUqMy-HZ2PK1Hh3CXXqeE9ariUgPS9YlvwVufexU\/s728\/Cross-Site-Scripting-XSS-Attacks%20(1).png","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg45zod210fKCGVcegNdjNwyngidYK1G5j4UQHwEcwuBtXBEukcM9EiU_nYxzA1uBPaOJFS8EKC0RE9JT_U9myva2Y-JMua5hFD2ST1fD-a1ri5pJWIuoZGoopWjPgD_k6zcKVUwdQua7wwg0QWxUqMy-HZ2PK1Hh3CXXqeE9ariUgPS9YlvwVufexU\/s728\/Cross-Site-Scripting-XSS-Attacks%20(1).png","width":"728","height":"364"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg45zod210fKCGVcegNdjNwyngidYK1G5j4UQHwEcwuBtXBEukcM9EiU_nYxzA1uBPaOJFS8EKC0RE9JT_U9myva2Y-JMua5hFD2ST1fD-a1ri5pJWIuoZGoopWjPgD_k6zcKVUwdQua7wwg0QWxUqMy-HZ2PK1Hh3CXXqeE9ariUgPS9YlvwVufexU\/s728\/Cross-Site-Scripting-XSS-Attacks%20(1).png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":20960,"url":"https:\/\/kalilinuxtutorials.com\/cumulus\/","url_meta":{"origin":26146,"position":0},"title":"Cumulus : Web Application Weakness Monitoring, It Would Be Working By Add Just 3 Codelines","author":"R K","date":"December 27, 2021","format":false,"excerpt":"Cumulus is a service that helps you monitor and fix security weakness in realtime. The issues will be reported on web dashboard. It's very simple and powerful. Key features Just install SDK to web front, can be found security weakness on service SDK detect weakness from Inner Layer, dynamically (ex_\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEj30Mh8RBVHhefwm4icubzdxl7FUH5exuRrwBAgg0Gz6tZbW7AsUjUs4BnmfTjAJQZa-EI6_XqW2wsQjuTRvxNOL7YDictSmvBT7NeQTuSRwVaJ6pin9v-MRSZDxgk_why-IAVPWDfAaiW3qwhkNfJXC901TxrAbfG-3oL4APcGrFhstB1f8wsNdt6h=s728","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEj30Mh8RBVHhefwm4icubzdxl7FUH5exuRrwBAgg0Gz6tZbW7AsUjUs4BnmfTjAJQZa-EI6_XqW2wsQjuTRvxNOL7YDictSmvBT7NeQTuSRwVaJ6pin9v-MRSZDxgk_why-IAVPWDfAaiW3qwhkNfJXC901TxrAbfG-3oL4APcGrFhstB1f8wsNdt6h=s728 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEj30Mh8RBVHhefwm4icubzdxl7FUH5exuRrwBAgg0Gz6tZbW7AsUjUs4BnmfTjAJQZa-EI6_XqW2wsQjuTRvxNOL7YDictSmvBT7NeQTuSRwVaJ6pin9v-MRSZDxgk_why-IAVPWDfAaiW3qwhkNfJXC901TxrAbfG-3oL4APcGrFhstB1f8wsNdt6h=s728 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEj30Mh8RBVHhefwm4icubzdxl7FUH5exuRrwBAgg0Gz6tZbW7AsUjUs4BnmfTjAJQZa-EI6_XqW2wsQjuTRvxNOL7YDictSmvBT7NeQTuSRwVaJ6pin9v-MRSZDxgk_why-IAVPWDfAaiW3qwhkNfJXC901TxrAbfG-3oL4APcGrFhstB1f8wsNdt6h=s728 2x"},"classes":[]},{"id":28872,"url":"https:\/\/kalilinuxtutorials.com\/xss-automation\/","url_meta":{"origin":26146,"position":1},"title":"XSS Automation &#8211; Tool to Identify and Exploit cross-site scripting (XSS) Vulnerabilities","author":"Linumonk","date":"April 11, 2023","format":false,"excerpt":"The XSS-Scanner is a tool designed to detect cross-site scripting (XSS) vulnerabilities, widely recognized as among the most common and severe web application security weaknesses. These vulnerabilities are so significant that they are given their chapter in the OWASP Top 10 project and are actively sought after by many bug\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"XSS Automation","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiNnJe1ympybrsW3ER17qkUjwcvYEjEH_bFbmsNCHOKCHZIjt8xBXDYUlNBXli-YU3jjbldqHT3EdfYK4gSHh_KsxJ44XpuW6DMS1zeUaZWS9d9HtVMk5XjaX7nK_HOzWmQvnmGh-afgPr7Co6w9nt9GEMjNeveourDlxBLz30R4OvlPRK1s5Wgs67OVw\/s16000\/XSS%20Automation%20Tool.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiNnJe1ympybrsW3ER17qkUjwcvYEjEH_bFbmsNCHOKCHZIjt8xBXDYUlNBXli-YU3jjbldqHT3EdfYK4gSHh_KsxJ44XpuW6DMS1zeUaZWS9d9HtVMk5XjaX7nK_HOzWmQvnmGh-afgPr7Co6w9nt9GEMjNeveourDlxBLz30R4OvlPRK1s5Wgs67OVw\/s16000\/XSS%20Automation%20Tool.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiNnJe1ympybrsW3ER17qkUjwcvYEjEH_bFbmsNCHOKCHZIjt8xBXDYUlNBXli-YU3jjbldqHT3EdfYK4gSHh_KsxJ44XpuW6DMS1zeUaZWS9d9HtVMk5XjaX7nK_HOzWmQvnmGh-afgPr7Co6w9nt9GEMjNeveourDlxBLz30R4OvlPRK1s5Wgs67OVw\/s16000\/XSS%20Automation%20Tool.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiNnJe1ympybrsW3ER17qkUjwcvYEjEH_bFbmsNCHOKCHZIjt8xBXDYUlNBXli-YU3jjbldqHT3EdfYK4gSHh_KsxJ44XpuW6DMS1zeUaZWS9d9HtVMk5XjaX7nK_HOzWmQvnmGh-afgPr7Co6w9nt9GEMjNeveourDlxBLz30R4OvlPRK1s5Wgs67OVw\/s16000\/XSS%20Automation%20Tool.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":4618,"url":"https:\/\/kalilinuxtutorials.com\/xsstrike-xss-scanner\/","url_meta":{"origin":26146,"position":2},"title":"XSStrike : Most Advanced XSS Scanner","author":"R K","date":"April 15, 2019","format":false,"excerpt":"XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12056,"url":"https:\/\/kalilinuxtutorials.com\/xss-scanner\/","url_meta":{"origin":26146,"position":3},"title":"XSS-Scanner : Scanner That Detects Cross-Site Scripting Vulnerabilities In Website","author":"R K","date":"January 8, 2021","format":false,"excerpt":"XSS-Scanner is a cross-site scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs. The scanner gets a link from the user and scan the\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":10999,"url":"https:\/\/kalilinuxtutorials.com\/findom-xss\/","url_meta":{"origin":26146,"position":4},"title":"FinDOM-XSS : A Fast DOM Based XSS Vulnerability Scanner With Simplicity","author":"R K","date":"July 22, 2020","format":false,"excerpt":"FinDOM-XSS is a tool that allows you to finding for possible and\/ potential DOM based XSS vulnerability in a fast manner. Installation $ git clone https:\/\/github.com\/dwisiswant0\/findom-xss.git Dependencies: LinkFinder Configuration Change the value of LINKFINDER variable (on line 3) with your main LinkFinder file. Usage To run the tool on a\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5093,"url":"https:\/\/kalilinuxtutorials.com\/xsscon\/","url_meta":{"origin":26146,"position":5},"title":"XSSCon : Simple XSS Scanner Tool","author":"R K","date":"May 23, 2019","format":false,"excerpt":"XSSCon is a simple XSS Scanner tool and a powerful XSS scanner made in python 3.7. Installing Requirements:\u00a0 BeautifulSoup4 pip install bs4 Requests pip install requests python 3.7 Commands: git clone https:\/\/github.com\/menkrep1337\/XSSCon chmod 755 -R XSSCon cd XSSCon python3 xsscon.py --help Also Read - Rogue : An Extensible Toolkit Providing\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/26146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=26146"}],"version-history":[{"count":7,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/26146\/revisions"}],"predecessor-version":[{"id":26175,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/26146\/revisions\/26175"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/26176"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=26146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=26146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=26146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}