Getting Started

Welcome Installation Update DalFox Usage and Modes Scanning Single URL Scanning Multiple URL

Advance Guides

Output Handling Use config file BAV Scanning From Raw Request Parameter Mining Custom payload and Custom alert Remote payloads In the Code In the Github Action

Modes

URL Mode Pipeline Mode File Mode Stored XSS Mode Server Mode (REST API) Payload Mode

Format and Spec

Format Of PoC Injectable point Result JSON Format Global Flags

Tips of Dalfox

OneLiner Integration with found-action For CI/CD Pipeline

Integration with found-action

Use found action

Found action(--found-action) is lets you specify the actions to take when detected.

	description
`@@query@@`	- attack query - e.g https://www.hahwul.com?q=”><script~~blahblah
`@@target@@`	- target site - e.g https://www.hahwul.com
`@@type@@`	- type of poc - value: `WEAK` / `VULN`

▶ dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff --found-action "echo '@@query@@' > data"

▶ cat data
http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%27%3E%3Csvg%2Fclass%3D%27dalfox%27onLoad%3Dalert%2845%29%3E

Modify shell application for found action

--found-action-shell flag is change shell application for found action. default values is bash.

▶ dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff --found-action "echo '@@query@@' > data" --found-action-shell=zsh

for example, in alpine linux

▶ dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff --found-action "echo '@@query@@' > data" --found-action-shell=sh

Reference

https://www.hahwul.com/2020/05/04/how-to-use-dalfoxs-fun-options/

Improve this page