Output Handling
This guide provides comprehensive instructions on how to capture, filter, and process the output from Dalfox. Understanding these output handling techniques will help you efficiently interpret results and integrate Dalfox into your security workflows.
Understanding Dalfox Output Types
Dalfox generates several types of output during scanning:
- Progress information: Status updates about the scanning process
- Proof of Concept (PoC) findings: Actual vulnerabilities discovered
- Analysis data: Details about parameters, injection points, and vulnerability verification
- HTTP traffic: Raw request and response data
Basic Output Handling Techniques
Redirecting Output to Files
The simplest way to save Dalfox output is by using standard output redirection:
dalfox url http://example.com/vulnerable.php > results.txt
This captures all console output to the specified file.
Using the Built-in Output Flag
For more controlled output saving, use the -o
or --output
flag:
dalfox url http://example.com/vulnerable.php -o results.txt
This approach is recommended as it ensures proper handling of terminal control characters.
Advanced Output Filtering
Processing Output with Unix Tools
Dalfox output can be piped to other tools for filtering and processing:
# Extract only verified XSS vulnerabilities
dalfox url http://example.com/vulnerable.php | grep "\[V\]" > verified_xss.txt
# Extract PoC URLs and open them in a browser
dalfox url http://example.com/vulnerable.php | grep "\[POC\]" | cut -d " " -f 2 | xargs -I % open %
# Count different types of findings
dalfox url http://example.com/vulnerable.php | grep "\[POC\]" | cut -d "[" -f 3 | cut -d "]" -f 1 | sort | uniq -c
Filtering by PoC Type
Dalfox allows you to filter findings by vulnerability type with the --only-poc
flag:
# Show only verified (V) and grep-based (G) findings
dalfox url http://example.com/vulnerable.php --only-poc=g,v
Available PoC types:
g
: Grep-based findings (potential vulnerabilities identified through response pattern matching)r
: Reflected findings (parameters successfully reflected in responses)v
: Verified findings (confirmed vulnerabilities through headless browser verification)
Comprehensive Logging Options
Capturing Complete Scan Logs
To save all scan information, including detailed analysis steps:
dalfox url http://example.com/vulnerable.php -o full_scan.log --output-all
Example of a comprehensive log:
[*] Using single target mode
[*] Target URL: http://example.com/vulnerable.php
[*] Valid target [ code:200 / size:4819 ]
[*] Using dictionary mining option [list=GF-Patterns] 📚⛏
[*] Using DOM mining option 📦⛏
[*] Start static analysis.. 🔍
[*] Start parameter analysis.. 🔍
[*] Start BAV analysis / [sqli, ssti, OpenRedirect] 🔍
[I] Found reflected parameter: q
[V] Triggered XSS Payload: q=<script>alert(1)</script>
[POC][V][GET] http://example.com/vulnerable.php?q=%3Cscript%3Ealert%281%29%3C%2Fscript%3E
Including Raw HTTP Data
To include raw HTTP requests and responses in your output:
# Include requests
dalfox url http://example.com/vulnerable.php --output-request
# Include responses
dalfox url http://example.com/vulnerable.php --output-response
# Include both
dalfox url http://example.com/vulnerable.php --output-request --output-response
Output Format Options
JSON Output
For programmatic processing or integration with other tools, use JSON output:
dalfox url http://example.com/vulnerable.php --format json -o results.json
This generates structured JSON data that can be easily parsed by scripts or imported into other security tools.
Detailed Report Generation
For comprehensive reporting:
dalfox url http://example.com/vulnerable.php --report --report-format json -o detailed_report.json
HTTP Archive (HAR) Integration
Generating HAR Files
HAR files contain detailed information about HTTP transactions and can be analyzed in various tools:
dalfox url http://example.com/vulnerable.php --har-file-path=scan.har
Analyzing HAR Files
The generated HAR file can be analyzed with:
- HAR Viewer
- Chrome/Firefox Developer Tools (Import HAR)
- Specialized HTTP analysis tools
Example HAR viewer screenshot:
Integration with Other Security Tools
Automated Workflows
Dalfox can be integrated into CI/CD pipelines or other security automation:
# Scan and notify on findings
dalfox url http://example.com/vulnerable.php --found-action './notify_slack.sh'
# Scan multiple targets from Burp Suite
dalfox file targets.txt --format json -o findings.json
Continuous Monitoring Examples
# Daily scan with timestamped output
echo "$(date +%F)_scan.log"
dalfox url http://example.com/vulnerable.php -o "$(date +%F)_scan.log"
Troubleshooting Output Issues
If you encounter problems with output handling:
- Terminal encoding issues: Use
--no-color
to disable ANSI color codes - Output truncation: Check terminal buffer settings or use file output
- Special character problems: Use JSON output format for consistent encoding
For more information on output formats and report interpretation, see the JSON Format Documentation and PoC Format Documentation.