Security Tools

Ra.2 is a nice DOM based XSS scanning tool that is used to detect DOM based cross site scripting vulnerabilities on web applications.


It is not a standalone tool but a Firefox addoon. It uses very simple yet effective mechanism to detect XSS vulnerabilities. It is not guarantee that it will detect all vulnerabilities on the page, but it tries to detect most of the vulnerabilities.

As it is the browser add-on, it can also detect vulnerabilities on the pages that requires authentication. It uses custom collected list of XSS vectors.

These are the main features of the tool

1. False positive free by design: Vulnerable URLs are saved in DB, if and only if, our payload is executed successfully by the browser. Hence marked exploitable. If isn't false-positive, it's a bug! Report us :-)
2. Large collection of injection vectors, includes “modified” R’Snake’s vectors as well.
3. Supports transforming Unicode characters for testing content aware application.
4. Automatically handles JavaScript obfuscation/compression, as it relies on native interpreter.
5. Fast and light-weight.
6. Pretty easy learning curve. Point-n-Click.