Dalfox is a scanning tool and analysisof XSS parameters. The basic idea is to parse parameters, find XSS and examine them with base the Selenium.
Speaking of the name of the program, Dal (달) is the Korean accent of the moon and the fox which is Fox (Find Of XSS).
Basic features
- Parameter analysis
- Static Analysis
- Payloads optimization query
- XSS scanning and base verification sun.
- All test payloads are tested in parallel with the encoder.
- Support for duplicate URL encoder
- Support for HTML Hex Encoder
- Friendly Pipeline (single url, from archive, by IO)
- And the various options required for essay
- built-in/custom grepping to find another vulnerability
Installation
go get -u github.com/hahwul/dalfox
Use
Run from a single URL
$ dalfox -url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff
Execution from file
$ dalfox -iL urls_file
Information about the use and the installation of the program, you will find here.