dalfox
DalFox is a fast, powerful parameter analysis and XSS scanner, based on a golang/DOM parser.
Details
Category: Vulnerabilities
Publisher: trickest
Created Date: 9/7/2021
Container: quay.io/trickest/dalfox:62d1f2e
Source URL: https://github.com/hahwul/dalfox
Parameters
sxss
string
requiredCommand:
sxss
- Use Stored XSS modedebug
boolean
Command:
--debug
- Debug modeparam
string
Command:
--param
- Only testing selected parameterscookie
string
Command:
--cookie
- Add custom cookiepayload
boolean
requiredCommand:
payload
- Payload mode, make and enum payloadsworkers
string
Command:
--worker
- Number of worker (default 100)no-color
boolean
Command:
--no-color
- Not use colorizeonly-poc
string
Command:
--only-poc
- Shows only the PoC code for the specified pattern (g: grep / r: reflected / v: verified)skip-bav
boolean
Command:
--skip-bav
- Skipping BAV(Basic Another Vulnerability) analysispost-data
string
Command:
--data
- Using POST Method and add Body datause-proxy
string
Command:
--proxy
- Send all request to proxy server. Example: http://127.0.0.1:8080mining-dom
boolean
Command:
--mining-dom
- Find new parameter in DOM (attribute/js value) (default true)no-spinner
boolean
Command:
--no-spinner
- Not use spinneroutput-all
boolean
Command:
--output-all
- All log write modesingle-url
string
requiredCommand:
url
- Use single target modeconfig-file
file
Command:
--config
- Using config from filedeep-domxss
boolean
Command:
--deep-domxss
- DOM XSS Testing with more payloads on headless [so slow]http-method
string
Command:
--method
- Force overriding HTTP Method. Example: PUT (default GET)mining-dict
boolean
Command:
--mining-dict
- Find new parameter with dictionary attack, default is Gf-Patterns=>XSS (default true)target-list
file
requiredCommand:
file
- Use file mode(targets list or rawdata)timeout-sec
string
Command:
--timeout
- Second of timeout (default 10)found-action
file
Command:
--found-action
- If found weak/vuln, action(cmd) to next. Example: './notify.sh'custom-header
string
Command:
--header
- Add custom headersskip-grepping
boolean
Command:
--skip-grepping
- Skipping built-in greppingskip-headless
boolean
Command:
--skip-headless
- Skipping headless browser base scanning[DOM XSS and inJS verify]stdout-format
string
Command:
--format
- Stdout output format. Supported plain / jsonfile-mode-http
boolean
Command:
--http
- Using force http on rawdata modeonly-discovery
boolean
Command:
--only-discovery
- Only testing parameter analysiscookie-from-raw
file
Command:
--cookie-from-raw
- Load cookie from burp raw http request. Example: request.txtcustom-payloads
file
Command:
--custom-payload
- Add custom payloads from fileremote-payloads
string
Command:
--remote-payloads
- Using remote payload for XSS testing. Supported: portswigger/payloadbox. Example: portswigger,payloadboxskip-mining-all
boolean
Command:
--skip-mining-all
- Skipping ALL parameter miningskip-mining-dom
boolean
Command:
--skip-mining-dom
- Skipping DOM base parameter miningblind-xss-domain
string
Command:
--blind
- Add your blind xss domain. Example: hahwul.xss.htcustom-grep-file
file
Command:
--grep
- Using custom grepping file.Example: ./samples/sample_grep.jsonfollow-redirects
boolean
Command:
--follow-redirects
- Following redirectionmining-dict-word
file
Command:
--mining-dict-word
- Custom wordlist file for param mining. Example: word.txtremote-wordlists
string
Command:
--remote-wordlists
- Using remote wordlists for param mining. Supported: burp/assetnote. Example: burpskip-mining-dict
boolean
Command:
--skip-mining-dict
- Skipping Dict base parameter miningcustom-alert-type
string
Command:
--custom-alert-type
- Change alert value type. Example: none / str,none (default none)custom-user-agent
string
Command:
--user-agent
- Add custom UserAgentdelay-miliseconds
string
Command:
--delay
- Milliseconds between send to same host (1000==1s)file-mode-rawdata
file
Command:
--rawdata
- Using req rawdata from Burp/ZAPskip-xss-scanning
boolean
Command:
--skip-xss-scanning
- Skipping XSS Scanningsxss-mode-trigger
string
Command:
--trigger
- Checking this url after inject sxss code. Example: https://~~/profilecustom-alert-value
string
Command:
--custom-alert-value
- Change alert value. Example: document.cookie (default 1)sxss-mode-sequence
string
Command:
--sequence
- Set sequence to first number. Example: https://~/view?no=SEQNC 3 (default -1)ignore-status-codes
string
Command:
--ignore-return
- Ignore scanning from return code. Example: 302,403,404do-not-print-all-logs
boolean
Command:
--silence
- Not printing all logspayload-mode-entity-gf
boolean
Command:
--entity-gf
- Enumerate a gf-patterns xss paramspayload-mode-enum-attr
boolean
Command:
--enum-attr
- Enumerate a in-attr xss payloadspayload-mode-enum-html
boolean
Command:
--enum-html
- Enumerate a in-html xss payloadspayload-mode-enum-injs
boolean
Command:
--enum-injs
- Enumerate a in-js xss payloadspayload-mode-make-bulk
boolean
Command:
--make-bulk
- Make bulk payloads for stored xssuse-only-custom-payload
boolean
Command:
--only-custom-payload
- Only testing custom payload (required parameter custom-payloads)payload-mode-encoder-url
boolean
Command:
--encoder-url
- Encoding outputpayload-mode-enum-common
boolean
Command:
--enum-common
- Enumerate a common xss payloadspayload-mode-remote-payloadbox
boolean
Command:
--remote-payloadbox
- Enumerate a payloadbox's xss payloadspayload-mode-entity-useful-tags
boolean
Command:
--entity-useful-tags
- Enumerate a useful tags for xsspayload-mode-remote-portswigger
boolean
Command:
--remote-portswigger
- Enumerate a portswigger xss cheatsheet payloadspayload-mode-entity-event-handler
boolean
Command:
--entity-event-handler
- Enumerate a event handlers for xsspayload-mode-entity-special-chars
boolean
Command:
--entity-special-chars
- Enumerate a special chars for xss