Dalfox is a tool for scanning and analyzing XSS parameters. The basic idea is to analyze parameters, find XSS and examine them based on Selenium.
Speaking of naming the proletter, Dal (달) is the Korean pronunciation of the moon and the fox is Fox (Find Of XSS).
Basic features
- Parameter analysis
- Static Analysis
- Question optimizations payloads
- XSS Scan and DOM Database Verification.
- All test payloads are tested in parallel with the encoder.
- Support for duplicate URL encoder
- Support for HTML Hex Encoder
- Friendly Pipeline (single url, from file, from IO)
- And the various options required for testing
- built-in / customized grepping to find another vulnerability
Installation
go get -u github.com/hahwul/dalfox
Use
Run from a single URL
$ dalfox -url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff
Execution from file
$ dalfox -iL urls_file
Information about the use and the installation of the program, you will find here.