dalfox: Parameter analysis and XSS scan tool

Dalfox is a tool for scanning and analyzing XSS parameters. The basic idea is to analyze parameters, find XSS and examine them based on Selenium.

Speaking of the name of the program, Dal (달) is the Korean accent of the moon and the fox which is Fox (Find Of XSS).

Basic features

  • Parameter analysis
  • Static Analysis
  • Payloads optimization query
  • XSS Scan and DOM Database Verification.
  • All test payloads are tested in parallel with the encoder.
    • Support for duplicate URL encoder
    • Support for HTML Hex Encoder
  • Friendly Pipeline (single url, from file, from IO)
  • And the various options required for testing
    • built-in / customized grepping to find another vulnerability


go get -u github.com/hahwul/dalfox


Run from a single URL

    $ dalfox -url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff

Execution from file

$ dalfox -iL urls_file

Information on the use and installation of the program, you will find here.

iGuRu.gr The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).