Dalfox is a tool for scanning and analyzing XSS parameters. The basic idea is to analyze parameters, find XSS and examine them based on Selenium.
Speaking of the name of the program, Dal (달) is the Korean accent of the moon and the fox which is Fox (Find Of XSS).
Basic features
- Parameter analysis
- Static Analysis
- Payloads optimization query
- XSS Scan and DOM Database Verification.
- All test payloads are tested in parallel with the encoder.
- Support for duplicate URL encoder
- Support for HTML Hex Encoder
- Friendly Pipeline (single url, from file, from IO)
- And the various options required for testing
- built-in / customized grepping to find another vulnerability
Installation
go get -u github.com/hahwul/dalfox |
Use
Run from a single URL
$ dalfox -url http://testphp.vulnweb.com/listproducts.php \?cat \=123\& artist \=123\& asdf \=ff |
Execution from file
$ dalfox -iL urls_file |
Information on the use and installation of the program, you will find here.
Read them Technology News from all over the world, with the validity of iGuRu.gr
Follow us on Google News
Comment Policy:
IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators