https://github.com/hahwul/dalfox
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
https://github.com/hahwul/dalfox
bugbounty bugbounty-tool cicd-pipeline devsecops golang hacktoberfest security vulnerability xss xss-bruteforce xss-detection xss-exploit xss-scanner
Last synced: about 11 hours ago
JSON representation
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
- Host: GitHub
- URL: https://github.com/hahwul/dalfox
- Owner: hahwul
- License: mit
- Created: 2020-04-12T07:04:10.000Z (about 5 years ago)
- Default Branch: main
- Last Pushed: 2025-04-20T00:03:20.000Z (4 days ago)
- Last Synced: 2025-04-20T00:28:48.621Z (4 days ago)
- Topics: bugbounty, bugbounty-tool, cicd-pipeline, devsecops, golang, hacktoberfest, security, vulnerability, xss, xss-bruteforce, xss-detection, xss-exploit, xss-scanner
- Language: Go
- Homepage: https://dalfox.hahwul.com
- Size: 29.3 MB
- Stars: 4,187
- Watchers: 54
- Forks: 463
- Open Issues: 44
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE.txt
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-bugbounty-tools - dalfox - DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang (Exploitation / XSS Injection)
- awesome-rainmana - hahwul/dalfox - 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation. (Go)
- WebHackersWeapons - dalfox - source XSS scanner and utility focused on automation.||[`xss`](/categorize/tags/xss.md)|[](/categorize/langs/Go.md)| (Weapons / Tools)
- awesome-hacking-lists - hahwul/dalfox - 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation. (Go)
- StarryDivineSky - hahwul/dalfox
README
Dalfox is a powerful open-source tool that focuses on automation, making it ideal for quickly scanning for XSS flaws and analyzing parameters. Its advanced testing engine and niche features are designed to streamline the process of detecting and verifying vulnerabilities.
## Key features
* Modes: `URL`, `SXSS`, `Pipe`, `File`, `Server`, `Payload`
* Discovery: Parameter analysis, static analysis, BAV testing, parameter mining
* XSS Scanning: Reflected, Stored, DOM-based, with optimization and DOM/headless verification
* HTTP Options: Custom headers, cookies, methods, proxy, and more
* Output: JSON/Plain formats, silence mode, detailed reports
* Extensibility: REST API, custom payloads, remote wordlistsAnd the various options required for the testing :D
## Installation
### Homebrew (macOS/Linux)
```bash
brew install dalfox# https://formulae.brew.sh/formula/dalfox
```### Snapcraft (Ubuntu)
```bash
sudo snap install dalfox
```### From Source
```bash
go install github.com/hahwul/dalfox/v2@latest
```See [Installation guide](https://dalfox.hahwul.com/docs/installation/) for details.
## Usage
```bash
dalfox [mode] [target] [flags]
```* Single URL: `dalfox url http://example.com -b https://callback`
* File Mode: `dalfox file urls.txt --custom-payload mypayloads.txt`
* Pipeline: `cat urls.txt | dalfox pipe -H "AuthToken: xxx"`Check the [Usage](https://dalfox.hahwul.com/page/usage/) and [Running](https://dalfox.hahwul.com/page/running/) documents for more examples.
## Contributing
if you want to contribute to this project, please see [CONTRIBUTING.md](https://github.com/hahwul/dalfox/blob/main/CONTRIBUTING.md) and Pull-Request with cool your contents.[](https://github.com/hahwul/dalfox/graphs/contributors)
## About the Name
As for the name, Dal([달](https://en.wiktionary.org/wiki/달)) is the Korean word for "moon," while "Fox" stands for "Finder Of XSS" or 🦊