// arsenal·Web AppSecIntermediateFOSS

Dalfox

Powerful XSS scanning + parameter analysis tool in Go.

Web AppSec

$ dalfox --help

Dalfox

// what it is

Description

Hahwul's fast XSS scanner with payload mutation, BAV (basic-auth verification), pipeline mode, and Burp/CI integration. Bug-bounty community's preferred CI scanner for XSS.

// use cases

What people use it for

XSS in CI pipelines
Mass XSS scanning of a URL list

// commands

The commands you'll type

Pipe URL list

$ cat urls.txt | dalfox pipe

// facts

category: Web AppSec
platforms: LIN · WIN · MAC
license: FOSS
difficulty: Intermediate

// links

// related in Web AppSec

Web AppSecIntermediate

Burp Suite

PortSwigger's intercepting HTTP proxy — the de facto web app testing platform.

OWASP ZAP

The free, OWASP-stewarded alternative to Burp.

Nikto

Loud-but-fast web server scanner — checks for thousands of misconfigurations.

FOSS

LIN·WIN·MAC

open entry →