Dear Nmap Dev Team, I would like to introduce you to the http-extensive-domxss script, which offers advanced features for detecting DOM-based Cross-Site Scripting (XSS) vulnerabilities. Below are the key features and improvements this script can detect:
- Detection of DOM-based XSS vulnerabilities in HTML forms. - Detection of DOM-based XSS in JavaScript code. - Detection of DOM-based XSS in Java applets. - Detection of DOM-based XSS in anchor (a) tags. - Advanced patterns, including patterns for JavaScript function calls and sink points, to identify potential vulnerabilities more accurately. - The ability to capture and display the request and response details for detected vulnerabilities, providing a more comprehensive view of each potential issue. You can access the script and learn more about it on its GitHub page: http://github.com/haroonawanofficial/NmapSecurityToolkit/blob/main/advanced-dom-extensions-xss.nse If you have any questions or need further information, please don't hesitate to reach out. This tool offers a significant advancement in XSS vulnerability scanning compared to previous DOMXSS tools. You can test it on "testphp.vulnweb.com" to see its effectiveness. Best regards, Haroon Ahmad Awan
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at https://seclists.org/nmap-dev/
