5.8K
Dalfox Est mirabile Parameter Analysis et XSS instrumentum intuens.
Dalfox typically significat,
Dal = luna (Coreanica pronunciation ) ; Vulpes = Find of XSS.
Contents
Dalfox Features:
- Parameter Analysis (invenire reflectitur parametri, invenies liberum / malus characteres, Lepidium sativum punctum iniectio)
- Static Analysis (Reprehendo malum-header sicut CSP, X-Frame-options, etc.. cum basi petitionem / responsio basi)
- Optimization query ex payloads
- Reprehendo punctum iniectio per abstractionem et generatur apta payload.
- Eliminare necesse payloads secundum malum integer
- XSS ENARRATIO(Reflexus + Condita) et dom Base Verificare
- Omnes test payloads(constructum-in-, tua consuetudo / caeca) probata sunt in parallela cum encoder.
- Support ad Duplex URL Encoder
- Support ad HTML Hex Encoder
- amica Pipeline (unum URL, ex lima, ex IO *)
- Et variae optiones requiruntur ad probationem
- constructum- in / mos adprehendit ad alia vulnerability
- si inveni, post actio
- etc..
Electio Editoris:
- Macof - Ultima Inundatio tool | Tutorial[2020]
- NWAnime - Best Alternatives of NWAnime [2020]
- CCMAKER - Download ultima Adobe piratica Kit[2020]
- LOSMOVIES - Best Movie Gratis Website Alive
Quomodo install Dalfox?
Sunt summae tres modi ut Dalfox install.
Quis uti potes eorum.
1. Ite-Install
- Primo simpliciter clone repositio.
$ git clone https://github.com/hahwul/dalfox
- Instrue in viam cloned Dalfox
$ go install
- per dalfox
$ ~/go/bin/dalfox2. Ite-gete
- vade ut dalfox!
$ go get -u github.com/hahwul/dalfox
- per dalfox
$ ~/go/bin/dalfox3. Dimittis versionem
- Aperta pagina tardus emissio https://github.com/hahwul/dalfox/releases/latest
- Download file Download and extraho tabella quae apta tuo OS.
- Potes eam in directorio executionis ponere et eo utere. e.g*
$ cp dalfox /usr/bin/Usus Dalfox:
_..._
.' .::::. __ _ _ ___ _ __ __
: :::::::: | \ / \ | | | __/ \\ V /
: :::::::: | o ) o || |_ | _( o )) (
'. '::::::' |__/|_n_||___||_| \_//_n_\
'-.::''
Parameter Analysis and XSS Scanning tool based on golang
Finder Of XSS and Dal is the Korean pronunciation of moon. @hahwul
Usage:
dalfox [command]
Available Commands:
file Use file mode(targets list or rawdata)
help Help about any command
pipe Use pipeline mode
sxss Use Stored XSS mode
update Update DalFox (Binary patch)
url Use single target mode
version Show version
Flags:
-b, --blind string Add your blind xss (e.g -b hahwul.xss.ht)
--config string Using config from file
-C, --cookie string Add custom cookie
--custom-payload string Add custom payloads from file
-d, --data string Using POST Method and add Body data
--delay int Milliseconds between send to same host (1000==1s)
--found-action string If found weak/vuln, action(cmd) to next
--grep string Using custom grepping file (e.g --grep ./samples/sample_grep.json)
-H, --header string Add custom headers
-h, --help help for dalfox
--ignore-return string Ignore scanning from return code (e.g --ignore-return 302,403,404)
--only-discovery Only testing parameter analysis
-o, --output string Write to output file
--output-format string -o/--output 's format (txt/json/xml)
-p, --param string Only testing selected parameters
--proxy string Send all request to proxy server (e.g --proxy http://127.0.0.1:8080)
--silence Not printing all logs
--timeout int Second of timeout (default 10)
--user-agent string Add custom UserAgent
-w, --worker int Number of worker (default 40)
$ dalfox [mode] [flags]
Una scopum modus
$ dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff -b https://hahwul.xss.ht
Plures scopum modus ex file
$ dalfox file urls_file --custom-payload ./mypayloads.txt
Pipeline modus
$ cat urls_file | dalfox pipe -H "AuthToken: bbadsfkasdfadsf87"Download Dalfox:
conclusio:
Dalfox mirabile est instrumentum uti potes.
Si invenisti valorem in hoc articulo. Fac deorsum explanare et studium bigae nostrae boost.
Etiam suggestiones vel interrogationes de hoc instrumento dare potes.
Bigas nostras quamprimum respondere conabitur.
