Security for everyone

HTTP Cross Domain Policy File Scanner

This script can be used to find permissive setups and domain names that are available for purchase in order to manipulate the app.


Short Info




Single Scan

Can be used by

Asset Owner

Estimated Time

15 sec

Scan only one

Domain, Ipv4

Parent Category

HTTP Cross Domain Policy File Scanner Detail

Checks the cross-domain policy file (/crossdomain.xml) and the client-acces-policy file (/clientaccesspolicy.xml) in web applications and lists the trusted domains. Overly permissive settings enable Cross Site Request Forgery attacks and may allow attackers to access sensitive data. This script is useful to detect permissive configurations and possible domain names available for purchase to exploit the application.

The script queries to lookup the domains. This functionality is turned off by default, to enable it set the script argument http-cross-domain-policy.domain-lookup.


cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture