Details

Category: Vulnerabilities

Publisher: trickest

Created Date: 9/7/2021

Container: quay.io/trickest/dalfox:62d1f2e

Source URL: https://github.com/hahwul/dalfox

Parameters

sxss
string
required
Command: sxss - Use Stored XSS mode
debug
boolean
Command: --debug - Debug mode
param
string
Command: --param - Only testing selected parameters
cookie
string
Command: --cookie - Add custom cookie
payload
boolean
required
Command: payload - Payload mode, make and enum payloads
workers
string
Command: --worker - Number of worker (default 100)
no-color
boolean
Command: --no-color - Not use colorize
only-poc
string
Command: --only-poc - Shows only the PoC code for the specified pattern (g: grep / r: reflected / v: verified)
skip-bav
boolean
Command: --skip-bav - Skipping BAV(Basic Another Vulnerability) analysis
post-data
string
Command: --data - Using POST Method and add Body data
use-proxy
string
Command: --proxy - Send all request to proxy server. Example: http://127.0.0.1:8080
mining-dom
boolean
Command: --mining-dom - Find new parameter in DOM (attribute/js value) (default true)
no-spinner
boolean
Command: --no-spinner - Not use spinner
output-all
boolean
Command: --output-all - All log write mode
single-url
string
required
Command: url - Use single target mode
config-file
file
Command: --config - Using config from file
deep-domxss
boolean
Command: --deep-domxss - DOM XSS Testing with more payloads on headless [so slow]
http-method
string
Command: --method - Force overriding HTTP Method. Example: PUT (default GET)
mining-dict
boolean
Command: --mining-dict - Find new parameter with dictionary attack, default is Gf-Patterns=>XSS (default true)
target-list
file
required
Command: file - Use file mode(targets list or rawdata)
timeout-sec
string
Command: --timeout - Second of timeout (default 10)
found-action
file
Command: --found-action - If found weak/vuln, action(cmd) to next. Example: './notify.sh'
custom-header
string
Command: --header - Add custom headers
skip-grepping
boolean
Command: --skip-grepping - Skipping built-in grepping
skip-headless
boolean
Command: --skip-headless - Skipping headless browser base scanning[DOM XSS and inJS verify]
stdout-format
string
Command: --format - Stdout output format. Supported plain / json
file-mode-http
boolean
Command: --http - Using force http on rawdata mode
only-discovery
boolean
Command: --only-discovery - Only testing parameter analysis
cookie-from-raw
file
Command: --cookie-from-raw - Load cookie from burp raw http request. Example: request.txt
custom-payloads
file
Command: --custom-payload - Add custom payloads from file
remote-payloads
string
Command: --remote-payloads - Using remote payload for XSS testing. Supported: portswigger/payloadbox. Example: portswigger,payloadbox
skip-mining-all
boolean
Command: --skip-mining-all - Skipping ALL parameter mining
skip-mining-dom
boolean
Command: --skip-mining-dom - Skipping DOM base parameter mining
blind-xss-domain
string
Command: --blind - Add your blind xss domain. Example: hahwul.xss.ht
custom-grep-file
file
Command: --grep - Using custom grepping file.Example: ./samples/sample_grep.json
follow-redirects
boolean
Command: --follow-redirects - Following redirection
mining-dict-word
file
Command: --mining-dict-word - Custom wordlist file for param mining. Example: word.txt
remote-wordlists
string
Command: --remote-wordlists - Using remote wordlists for param mining. Supported: burp/assetnote. Example: burp
skip-mining-dict
boolean
Command: --skip-mining-dict - Skipping Dict base parameter mining
custom-alert-type
string
Command: --custom-alert-type - Change alert value type. Example: none / str,none (default none)
custom-user-agent
string
Command: --user-agent - Add custom UserAgent
delay-miliseconds
string
Command: --delay - Milliseconds between send to same host (1000==1s)
file-mode-rawdata
file
Command: --rawdata - Using req rawdata from Burp/ZAP
skip-xss-scanning
boolean
Command: --skip-xss-scanning - Skipping XSS Scanning
sxss-mode-trigger
string
Command: --trigger - Checking this url after inject sxss code. Example: https://~~/profile
custom-alert-value
string
Command: --custom-alert-value - Change alert value. Example: document.cookie (default 1)
sxss-mode-sequence
string
Command: --sequence - Set sequence to first number. Example: https://~/view?no=SEQNC 3 (default -1)
ignore-status-codes
string
Command: --ignore-return - Ignore scanning from return code. Example: 302,403,404
do-not-print-all-logs
boolean
Command: --silence - Not printing all logs
payload-mode-entity-gf
boolean
Command: --entity-gf - Enumerate a gf-patterns xss params
payload-mode-enum-attr
boolean
Command: --enum-attr - Enumerate a in-attr xss payloads
payload-mode-enum-html
boolean
Command: --enum-html - Enumerate a in-html xss payloads
payload-mode-enum-injs
boolean
Command: --enum-injs - Enumerate a in-js xss payloads
payload-mode-make-bulk
boolean
Command: --make-bulk - Make bulk payloads for stored xss
use-only-custom-payload
boolean
Command: --only-custom-payload - Only testing custom payload (required parameter custom-payloads)
payload-mode-encoder-url
boolean
Command: --encoder-url - Encoding output
payload-mode-enum-common
boolean
Command: --enum-common - Enumerate a common xss payloads
payload-mode-remote-payloadbox
boolean
Command: --remote-payloadbox - Enumerate a payloadbox's xss payloads
payload-mode-entity-useful-tags
boolean
Command: --entity-useful-tags - Enumerate a useful tags for xss
payload-mode-remote-portswigger
boolean
Command: --remote-portswigger - Enumerate a portswigger xss cheatsheet payloads
payload-mode-entity-event-handler
boolean
Command: --entity-event-handler - Enumerate a event handlers for xss
payload-mode-entity-special-chars
boolean
Command: --entity-special-chars - Enumerate a special chars for xss