Name:dalfox
Category:Vulnerabilities
Publisher:trickest
Created:9/7/2021
Container:quay.io/trickest/dalfox:v2.9.3
Output Type:
License:Unknown

Parameters

sxss
string
required
sxssUse Stored XSS mode
debug
boolean
--debugDebug mode
param
string
--paramOnly testing selected parameters
cookie
string
--cookieAdd custom cookie
report
boolean
--reportShow detail report
payload
boolean
required
payloadPayload mode, make and enum payloads
workers
string
--workerNumber of worker (default 100)
no-color
boolean
--no-colorNot use colorize
only-poc
string
--only-pocShows only the PoC code for the specified pattern (g: grep / r: reflected / v: verified)
skip-bav
boolean
--skip-bavSkipping BAV(Basic Another Vulnerability) analysis
post-data
string
--dataUsing POST Method and add Body data
use-proxy
string
--proxySend all request to proxy server. Example: http://127.0.0.1:8080
mining-dom
boolean
--mining-domFind new parameter in DOM (attribute/js value) (default true)
no-spinner
boolean
--no-spinnerNot use spinner
output-all
boolean
--output-allAll log write mode
single-url
string
required
urlUse single target mode
config-file
file
--configUsing config from file
deep-domxss
boolean
--deep-domxssDOM XSS Testing with more payloads on headless [so slow]
http-method
string
--methodForce overriding HTTP Method. Example: PUT (default GET)
mining-dict
boolean
--mining-dictFind new parameter with dictionary attack, default is Gf-Patterns=>XSS (default true)
target-list
file
required
fileUse file mode(targets list or rawdata)
timeout-sec
string
--timeoutSecond of timeout (default 10)
found-action
file
--found-actionIf found weak/vuln, action(cmd) to next. Example: './notify.sh'
ignore-param
string
--ignore-paramIgnore this parameter when scanning. Example: --ignore-param api_token --ignore-param csrf_token
custom-header
string
--headerAdd custom headers
report-format
string
--report-formatFormat of --report flag [plain/json] (default plain)
skip-grepping
boolean
--skip-greppingSkipping built-in grepping
skip-headless
boolean
--skip-headlessSkipping headless browser base scanning[DOM XSS and inJS verify]
stdout-format
string
--formatStdout output format. Supported plain / json
file-mode-http
boolean
--httpUsing force http on rawdata mode
only-discovery
boolean
--only-discoveryOnly testing parameter analysis
cookie-from-raw
file
--cookie-from-rawLoad cookie from burp raw http request. Example: request.txt
custom-payloads
file
--custom-payloadAdd custom payloads from file
remote-payloads
string
--remote-payloadsUsing remote payload for XSS testing. Supported: portswigger/payloadbox. Example: portswigger,payloadbox
skip-mining-all
boolean
--skip-mining-allSkipping ALL parameter mining
skip-mining-dom
boolean
--skip-mining-domSkipping DOM base parameter mining
blind-xss-domain
string
--blindAdd your blind xss domain. Example: hahwul.xss.ht
custom-grep-file
file
--grepUsing custom grepping file.Example: ./samples/sample_grep.json
follow-redirects
boolean
--follow-redirectsFollowing redirection
mining-dict-word
file
--mining-dict-wordCustom wordlist file for param mining. Example: word.txt
remote-wordlists
string
--remote-wordlistsUsing remote wordlists for param mining. Supported: burp/assetnote. Example: burp
skip-mining-dict
boolean
--skip-mining-dictSkipping Dict base parameter mining
custom-alert-type
string
--custom-alert-typeChange alert value type. Example: none / str,none (default none)
custom-user-agent
string
--user-agentAdd custom UserAgent
delay-miliseconds
string
--delayMilliseconds between send to same host (1000==1s)
file-mode-rawdata
file
--rawdataUsing req rawdata from Burp/ZAP
skip-xss-scanning
boolean
--skip-xss-scanningSkipping XSS Scanning
sxss-mode-trigger
string
--triggerChecking this url after inject sxss code. Example: https://~~/profile
custom-alert-value
string
--custom-alert-valueChange alert value. Example: document.cookie (default 1)
sxss-mode-sequence
string
--sequenceSet sequence to first number. Example: https://~/view?no=SEQNC 3 (default -1)
ignore-status-codes
string
--ignore-returnIgnore scanning from return code. Example: 302,403,404
do-not-print-all-logs
boolean
--silenceNot printing all logs
payload-mode-entity-gf
boolean
--entity-gfEnumerate a gf-patterns xss params
payload-mode-enum-attr
boolean
--enum-attrEnumerate a in-attr xss payloads
payload-mode-enum-html
boolean
--enum-htmlEnumerate a in-html xss payloads
payload-mode-enum-injs
boolean
--enum-injsEnumerate a in-js xss payloads
payload-mode-make-bulk
boolean
--make-bulkMake bulk payloads for stored xss
use-only-custom-payload
boolean
--only-custom-payloadOnly testing custom payload (required parameter custom-payloads)
payload-mode-encoder-url
boolean
--encoder-urlEncoding output
payload-mode-enum-common
boolean
--enum-commonEnumerate a common xss payloads
payload-mode-remote-payloadbox
boolean
--remote-payloadboxEnumerate a payloadbox's xss payloads
payload-mode-entity-useful-tags
boolean
--entity-useful-tagsEnumerate a useful tags for xss
payload-mode-remote-portswigger
boolean
--remote-portswiggerEnumerate a portswigger xss cheatsheet payloads
payload-mode-entity-event-handler
boolean
--entity-event-handlerEnumerate a event handlers for xss
payload-mode-entity-special-chars
boolean
--entity-special-charsEnumerate a special chars for xss