After reading an article from German PHP Magazin about DOM based XSS attacks, I came up with the idea of building this online tool for scanning Web pages for potential DOM based cross-site scripting (XSS) security vulnerabilities.

This tool is meant for site owners and Web masters to check their pages source code with DOM XSS sources and sinks being highlighted to facilitate code review.

DOM XSS Scanner does not try to assess the security of given pages and does not currently include scripts dynamically loaded from other scripts. Those scripts can be scanned by submitting their URLs manually.

Improve DOM XSS Scanner

The source code of DOM XSS Scanner is available on github. You can help improve the tool by contributing code, reporting bugs or proposing enhancements.

DOM XSS Scanner Coverage

Coverage of the DOM XSS Scanner tool elsewhere on the Web:

DOM XSS Scanner Building Blocks

DOM XSS Scanner is an application written in Python and JavaScript.

Building DOM XSS Scanner was straightforward thanks to the following great open source libraries: