DOMdig
DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications.
Free415
Free415
DOMdig
DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications.
Data verified May 2026
ADYour product here. Reach security decision-makers.Launch a campaignDOMdig Description
DOMdig is a specialized scanner designed to detect and exploit DOM-based Cross-Site Scripting (XSS) vulnerabilities in Single Page Applications (SPAs). The tool employs multiple analysis techniques to identify potential security flaws: - Static analysis of HTML and JavaScript code to examine the application structure - Dynamic analysis to observe application behavior during runtime - Fuzz testing to systematically test for potential vulnerabilities DOMdig focuses specifically on DOM-based XSS vulnerabilities, which occur when client-side scripts process user input in an unsafe manner. The tool can be utilized by security researchers, developers, and penetration testers to assess and improve application security posture. The scanner is designed to work with modern web applications that rely heavily on client-side JavaScript execution and dynamic content manipulation.
DOMdig FAQ
Common questions about DOMdig including features, pricing, alternatives, and user reviews.
DOMdig is DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications. It is a Application Security solution designed to help security teams with Fuzzing, Dynamic Analysis, XSS.
DOMdig is a free Application Security tool. This makes it accessible for organizations of all sizes, from startups to enterprises. Visit https://github.com/fcavallarin/domdig/ for download and installation instructions.
Popular alternatives to DOMdig include:
1.Code Intelligence - AI-automated fuzz testing platform for detecting software vulnerabilities. (Commercial)
2.Rexsser - A Burp Suite plugin that extracts keywords from HTTP responses using regex patterns and tests for reflected XSS vulnerabilities within the target scope. (Free)
3.Xss-Sql-Fuzz - A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz (Free)
4.VulnSign Dynamic Application Security Testing - DAST tool for scanning web apps, microservices, and APIs for vulnerabilities (Commercial)
5.Fortra BeSTORM - Black box fuzzer and DAST tool for testing application security (Commercial)
Compare all DOMdig alternatives at https://cybersectools.com/alternatives/domdig
DOMdig is for security teams and organizations that need Fuzzing, Dynamic Analysis, XSS, XSS Scanner. It's particularly suitable for small to medium-sized teams looking for cost-effective solutions. Other Application Security tools can be found at https://cybersectools.com/categories/application-security
Have more questions? Browse our categories or search for specific tools.
