Shulou(Shulou.com)05/31 Report--

Editor to share with you what kind of tool DalFox is, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

DalFox is a powerful XSS parameter analysis and scanning tool, which is developed based on Golang. It can help researchers find XSS vulnerabilities by analyzing parameters, and verify XSS vulnerabilities based on DOM parsers.

Core function

1. Parameter analysis (looking for reflection parameters, finding problematic characters, identifying injection points)

2. Static analysis (detection of problematic Header, such as CSP, X-Frame-optiopns, etc.)

3. Optimize Payload query, generate check injection points through Payload, and eliminate unnecessary Payload

4. XSS scanning, supporting reflection type and storage type

5. All test Payload have passed the encoder test and support dual URL coding and HTML hexadecimal coding.

6. Friendly pipeline support (single URL, file and IO)

Tool installation

Currently, DalFox offers three installation methods, but I personally recommend using go installation.

Developer version (go-get or go-install) go-install

Clone the project source code locally using the following command:

$git clone https://github.com/hahwul/dalfox

Use the following command to complete the installation in the local DalFox project directory:

$go install

Use dalfox:

$~ / go/bin/dalfox

Go-get

Download and install DalFox using the following command:

$go get-u github.com/hahwul/dalfox

Use dalfox:

$~ / go/bin/dalfox

Release version

First, visit the Release page of the project's GitHub library to download the latest version of DalFox: [portal].

Download and extract the corresponding version of DalFox for your own operating system version.

You can also put it directly into an executable directory, such as:

$cp dalfox / usr/bin/

Tool use

$dalfox [mode] [flags]

Single target mode:

$dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff-b https://hahwul.xss.ht

Multi-target mode, read scan target from file:

$dalfox file urls_file-- custom-payload. / mypayloads.txt

Pipe mode:

$cat urls_file | dalfox pipe-H "AuthToken: bbadsfkasdfadsf87"

Screenshot of tool running

The above is all the content of this article "what is DalFox?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.