dalfox - Trickest Platform Documentation

Details

Category: Vulnerabilities

Publisher: trickest

Created Date: 9/7/2021

Container: quay.io/trickest/dalfox:62d1f2e

Source URL: https://github.com/hahwul/dalfox

Parameters

sxss

string

required

Command: sxss - Use Stored XSS mode

debug

boolean

Command: --debug - Debug mode

param

string

Command: --param - Only testing selected parameters

string

Command: --cookie - Add custom cookie

payload

boolean

required

Command: payload - Payload mode, make and enum payloads

workers

string

Command: --worker - Number of worker (default 100)

no-color

boolean

Command: --no-color - Not use colorize

only-poc

string

Command: --only-poc - Shows only the PoC code for the specified pattern (g: grep / r: reflected / v: verified)

skip-bav

boolean

Command: --skip-bav - Skipping BAV(Basic Another Vulnerability) analysis

post-data

string

Command: --data - Using POST Method and add Body data

use-proxy

string

Command: --proxy - Send all request to proxy server. Example: http://127.0.0.1:8080

mining-dom

boolean

Command: --mining-dom - Find new parameter in DOM (attribute/js value) (default true)

no-spinner

boolean

Command: --no-spinner - Not use spinner

output-all

boolean

Command: --output-all - All log write mode

single-url

string

required

Command: url - Use single target mode

config-file

file

Command: --config - Using config from file

deep-domxss

boolean

Command: --deep-domxss - DOM XSS Testing with more payloads on headless [so slow]

http-method

string

Command: --method - Force overriding HTTP Method. Example: PUT (default GET)

mining-dict

boolean

Command: --mining-dict - Find new parameter with dictionary attack, default is Gf-Patterns=>XSS (default true)

target-list

file

required

Command: file - Use file mode(targets list or rawdata)

timeout-sec

string

Command: --timeout - Second of timeout (default 10)

found-action

file

Command: --found-action - If found weak/vuln, action(cmd) to next. Example: './notify.sh'

custom-header

string

Command: --header - Add custom headers

skip-grepping

boolean

Command: --skip-grepping - Skipping built-in grepping

skip-headless

boolean

Command: --skip-headless - Skipping headless browser base scanning[DOM XSS and inJS verify]

stdout-format

string

Command: --format - Stdout output format. Supported plain / json

file-mode-http

boolean

Command: --http - Using force http on rawdata mode

only-discovery

boolean

Command: --only-discovery - Only testing parameter analysis

cookie-from-raw

file

Command: --cookie-from-raw - Load cookie from burp raw http request. Example: request.txt

custom-payloads

file

Command: --custom-payload - Add custom payloads from file

remote-payloads

string

Command: --remote-payloads - Using remote payload for XSS testing. Supported: portswigger/payloadbox. Example: portswigger,payloadbox

skip-mining-all

boolean

Command: --skip-mining-all - Skipping ALL parameter mining

skip-mining-dom

boolean

Command: --skip-mining-dom - Skipping DOM base parameter mining

blind-xss-domain

string

Command: --blind - Add your blind xss domain. Example: hahwul.xss.ht

custom-grep-file

file

Command: --grep - Using custom grepping file.Example: ./samples/sample_grep.json

follow-redirects

boolean

Command: --follow-redirects - Following redirection

mining-dict-word

file

Command: --mining-dict-word - Custom wordlist file for param mining. Example: word.txt

remote-wordlists

string

Command: --remote-wordlists - Using remote wordlists for param mining. Supported: burp/assetnote. Example: burp

skip-mining-dict

boolean

Command: --skip-mining-dict - Skipping Dict base parameter mining

custom-alert-type

string

Command: --custom-alert-type - Change alert value type. Example: none / str,none (default none)

custom-user-agent

string

Command: --user-agent - Add custom UserAgent

delay-miliseconds

string

Command: --delay - Milliseconds between send to same host (1000==1s)

file-mode-rawdata

file

Command: --rawdata - Using req rawdata from Burp/ZAP

skip-xss-scanning

boolean

Command: --skip-xss-scanning - Skipping XSS Scanning

sxss-mode-trigger

string

Command: --trigger - Checking this url after inject sxss code. Example: https://~~/profile

custom-alert-value

string

Command: --custom-alert-value - Change alert value. Example: document.cookie (default 1)

sxss-mode-sequence

string

Command: --sequence - Set sequence to first number. Example: https://~/view?no=SEQNC 3 (default -1)

ignore-status-codes

string

Command: --ignore-return - Ignore scanning from return code. Example: 302,403,404

do-not-print-all-logs

boolean

Command: --silence - Not printing all logs

payload-mode-entity-gf

boolean

Command: --entity-gf - Enumerate a gf-patterns xss params

payload-mode-enum-attr

boolean

Command: --enum-attr - Enumerate a in-attr xss payloads

payload-mode-enum-html

boolean

Command: --enum-html - Enumerate a in-html xss payloads

payload-mode-enum-injs

boolean

Command: --enum-injs - Enumerate a in-js xss payloads

payload-mode-make-bulk

boolean

Command: --make-bulk - Make bulk payloads for stored xss

use-only-custom-payload

boolean

Command: --only-custom-payload - Only testing custom payload (required parameter custom-payloads)

payload-mode-encoder-url

boolean

Command: --encoder-url - Encoding output

payload-mode-enum-common

boolean

Command: --enum-common - Enumerate a common xss payloads

payload-mode-remote-payloadbox

boolean

Command: --remote-payloadbox - Enumerate a payloadbox's xss payloads

payload-mode-entity-useful-tags

boolean

Command: --entity-useful-tags - Enumerate a useful tags for xss

payload-mode-remote-portswigger

boolean

Command: --remote-portswigger - Enumerate a portswigger xss cheatsheet payloads

payload-mode-entity-event-handler

boolean

Command: --entity-event-handler - Enumerate a event handlers for xss

payload-mode-entity-special-chars

boolean

Command: --entity-special-chars - Enumerate a special chars for xss

Library

Details

Parameters