dalfox


dalfox

Looking for the Go (v2.x) version? Dalfox v3 is a complete rewrite in Rust. The Go codebase is preserved on the v2 branch and continues to receive security backports. See SECURITY.md for the support policy.

Dalfox is a powerful open-source tool that focuses on automation, making it ideal for quickly scanning for XSS flaws and analyzing parameters. Its advanced testing engine and niche features are designed to streamline the process of detecting and verifying vulnerabilities.

Key features

  • Subcommands: scan (URL / file / pipe / raw-HTTP, auto-detected), server, payload, mcp
  • Discovery: Parameter analysis, static analysis, BAV testing, parameter mining
  • XSS Scanning: Reflected, Stored (SXSS), DOM-based, with optimization and DOM/AST verification
  • WAF: Fingerprinting with confidence scoring, bypass tracking, and tunable --waf-min-confidence
  • HTTP Options: Custom headers, cookies, methods, proxy, and more
  • Output: JSON/JSONL/Plain/Markdown/SARIF/TOML formats, silence mode, detailed reports
  • Extensibility: REST API, MCP stdio server, custom payloads, remote wordlists

And the various options required for the testing :D

Installation

Homebrew (macOS/Linux)

brew install dalfox

# https://formulae.brew.sh/formula/dalfox

Snapcraft (Ubuntu)

sudo snap install dalfox

Arch Linux (AUR)

yay -S dalfox
# or
paru -S dalfox

See the Installation guide for manual build instructions.

Nixpkgs (NixOS)

A package is available for Nix or NixOS users. Keep in mind that the latest releases might only be present in the unstable channel.

nix-shell -p dalfox

Nix Flakes

For Nix users with flakes enabled:

# Run directly
nix run github:hahwul/dalfox -- scan https://example.com

# Install
nix profile install github:hahwul/dalfox

# Development environment
nix develop github:hahwul/dalfox

See Installation guide for details.

Prebuilt binaries (including statically-linked musl variants for Linux) are available on the GitHub Releases page.

Usage

dalfox [mode] [target] [flags]
  • Single URL: dalfox scan http://example.com -b https://callback
  • File Mode: dalfox scan urls.txt --custom-payload mypayloads.txt
  • Pipeline: cat urls.txt | dalfox scan --headers "AuthToken: xxx"

Check the Usage and Running documents for more examples.

Contributing

if you want to contribute to this project, please see CONTRIBUTING.md and Pull-Request with cool your contents.

About the Name

The name comes from 'Dal' () 🌙, the Korean word for 'moon', combined with 'Fox' 🦊.