dalfox v2.9.1 releases: Parameter Analysis and XSS Scanning tool
What is DalFox
Just, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a Ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The basic concept is to analyze parameters, find XSS, and examine them based on Selenium.
I talk about naming. Dal(달) is the Korean pronunciation of moon and fox was made into Fox(Find Of XSS).
Key features
Mode: url sxss pipe file server
Class | Key Feature | Description |
---|---|---|
Discovery | Parameter analysis | – Find reflected param – Find alive/bad special chars, event handler and attack code – Identification of injection points(HTML/JS/Attribute) inHTML-none inJS-none inJS-double inJS-single inJS-backtick inATTR-none inATTR-double inATTR-single |
Static analysis | – Check bad-header like CSP, XFO, etc.. with req/res base | |
BAV analysis | – Testing BAV(Basic Another Vulnerability) , e.g sqli ssti open-redirects |
|
Parameter Mining | – Find new param with Dictonary attack (default is GF-Patterns) – Support custom dictonary file ( --mining-dict-word )– FInd new param with DOM |
|
Built-in Grepping | – It Identify the basic info leak of SSTi, Credential, SQL Error, and so on | |
Scanning | XSS Scanning | – Reflected xss / stored xss – DOM base verifying – Blind XSS testing with param, header( -b , --blind options)– Only testing selected parameters ( -p , --param )– Only testing parameter analysis ( --only-discovery ) |
Friendly Pipeline | – Single url mode (dalfox url )– From file mode ( dalfox file urls.txt )– From IO(pipeline) mode ( dalfox pipe )– From raw http request file mode ( dalfox file raw.txt --rawdata ) |
|
Optimizaion query of payloads | – Check the injection point through abstraction and generated the fit payload. – Eliminate unnecessary payloads based on badchar |
|
Encoder | – All test payloads(build-in, your custom/blind) are tested in parallel with the encoder. – To Double URL Encoder – To HTML Hex Encoder |
|
Sequence | – Auto-check the special page for stored xss (--trigger )– Support ( --sequence ) options for Stored XSS , only sxss mode |
|
HTTP | HTTP Options | – Overwrite HTTP Method (-X , --method )– Follow redirects ( --follow-redirects )– Add header ( -H , --header )– Add cookie ( -C , --cookie )– Add User-Agent ( --user-agent )– Set timeout ( --timeout )– Set Delay ( --delay )– Set Proxy ( --proxy )– Set ignore return codes ( --ignore-return ) |
Concurrency | Worker | – Set worker’s number(-w , --worker ) |
N * hosts | – Use multicast mode (--multicast ) , only file / pipe mode |
|
Output | Output | – Only the PoC code and useful information is write as Stdout – Save output ( -o , --output ) |
Format | – JSON / Plain (--format ) |
|
Printing | – Silence mode (--silence )– You may choose not to print the color ( --no-color )– You may choose not to print the spinner ( --no-spinner ) |
|
Extensibility | REST API | – API Server and Swagger (dalfox server ) |
Found Action | – Lets you specify the actions to take when detected. – Notify, for example ( --found-action ) |
|
Custom Grepping | – Can grep with custom regular expressions on response – If duplicate detection, it performs deduplication ( --grep ) |
|
Custom Payloads | – Use custom payloads list file (--custom-payload ) |
|
Package | Package manager | – homebrew with tap – snapcraft |
Docker ENV | – docker hub – github package of docker |
Changelog v2.9.1
- 7458557 fixed typo
- 000d2dc chore: update contributors [skip ci]
- 888a922 chore: update contributors [skip ci]
- 4eee518 chore: update contributors [skip ci]
- bc87c48 chore: update contributors [skip ci]
- d4ad424 chore: update contributors [skip ci]
- 0847a6c chore: slice loop replace
- 2058bb8 change deprected config in goreleaser
- 0db30fc Update docs
- 7d91b63 Update docs
- 3344c92 Tap v2.9.1
- more…
Install
go get -u github.com/hahwul/dalfox
Usage
Running from single url
$ dalfox -url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff
Running from file
$ dalfox -iL urls_fileRunning from io(pipeline)
$ cat urls_file | dalfox -pipe
Other tips, See the wiki for detailed instructions!
Copyright (c) 2020 hahwul
Source: https://github.com/hahwul/