DOMdig is a specialized scanner designed to detect and exploit DOM-based Cross-Site Scripting (XSS) vulnerabilities in Single Page Applications (SPAs). The tool employs multiple analysis techniques to identify potential security flaws: - Static analysis of HTML and JavaScript code to examine the application structure - Dynamic analysis to observe application behavior during runtime - Fuzz testing to systematically test for potential vulnerabilities DOMdig focuses specifically on DOM-based XSS vulnerabilities, which occur when client-side scripts process user input in an unsafe manner. The tool can be utilized by security researchers, developers, and penetration testers to assess and improve application security posture. The scanner is designed to work with modern web applications that rely heavily on client-side JavaScript execution and dynamic content manipulation.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.
An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.
A technology lookup and lead generation tool that identifies the technology stack of any website and provides features for market research, competitor analysis, and data enrichment.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.