xss-dom
OfficialExploit DOM-based XSS vulnerabilities.
Software Engineering#xss#javascript#penetration testing#web security#vulnerability exploitation#dom xss
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps penetration testers identify and exploit DOM-based Cross-Site Scripting vulnerabilities, which exist entirely within client-side JavaScript and are often missed by traditional scanners.
Core Features & Use Cases
- Source Identification: Detects user-controlled data inputs from URLs, cookies, and storage.
- Sink Analysis: Identifies dangerous JavaScript functions where data can be executed or rendered unsafely.
- Exploitation: Guides the user in crafting and delivering payloads to exploit the identified vulnerabilities.
- Use Case: A penetration tester suspects a web application is vulnerable to DOM XSS. They use this skill to analyze the client-side JavaScript, trace data flow from a URL fragment to an
innerHTMLsink, and successfully execute analert()payload.
Quick Start
Use the xss-dom skill to analyze the target page at https://example.com/vulnerable.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: xss-dom Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#xss-dom Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.