dalfox

sxssUse Stored XSS mode

--debugDebug mode

--paramOnly testing selected parameters

--cookieAdd custom cookie

--reportShow detail report

payloadPayload mode, make and enum payloads

--use-bavSkipping BAV(Basic Another Vulnerability) analysis

--workerNumber of worker (default 100)

--no-colorNot use colorize

--only-pocShows only the PoC code for the specified pattern (g: grep / r: reflected / v: verified)

--dataUsing POST Method and add Body data

--proxySend all request to proxy server. Example: http://127.0.0.1:8080

--mining-domFind new parameter in DOM (attribute/js value) (default true)

--no-spinnerNot use spinner

--output-allAll log write mode

urlUse single target mode

--configUsing config from file

--deep-domxssDOM XSS Testing with more payloads on headless [so slow]

--methodForce overriding HTTP Method. Example: PUT (default GET)

--mining-dictFind new parameter with dictionary attack, default is Gf-Patterns=>XSS (default true)

fileUse file mode(targets list or rawdata)

--timeoutSecond of timeout (default 10)

--found-actionIf found weak/vuln, action(cmd) to next. Example: './notify.sh'

--ignore-paramIgnore this parameter when scanning. Example: --ignore-param api_token --ignore-param csrf_token

--headerAdd custom headers

--report-formatFormat of --report flag [plain/json/jsonl] (default plain)

--skip-greppingSkipping built-in grepping

--skip-headlessSkipping headless browser base scanning[DOM XSS and inJS verify]

--formatStdout output format. Supported plain / json

--httpUsing force http on rawdata mode

--only-discoveryOnly testing parameter analysis

--output-requestInclude raw HTTP requests in the results

--cookie-from-rawLoad cookie from burp raw http request. Example: request.txt

--custom-payloadAdd custom payloads from file

--output-responseInclude raw HTTP responses in the results

--remote-payloadsUsing remote payload for XSS testing. Supported: portswigger/payloadbox. Example: portswigger,payloadbox

--skip-mining-allSkipping ALL parameter mining

--skip-mining-domSkipping DOM base parameter mining

--blindAdd your blind xss domain. Example: hahwul.xss.ht

--grepUsing custom grepping file.Example: ./samples/sample_grep.json

--follow-redirectsFollowing redirection

--mining-dict-wordCustom wordlist file for param mining. Example: word.txt

--remote-wordlistsUsing remote wordlists for param mining. Supported: burp/assetnote. Example: burp

--skip-mining-dictSkipping Dict base parameter mining

--custom-alert-typeChange alert value type. Example: none / str,none (default none)

--user-agentAdd custom UserAgent

--delayMilliseconds between send to same host (1000==1s)

--rawdataUsing req rawdata from Burp/ZAP

--skip-xss-scanningSkipping XSS Scanning

--triggerChecking this url after inject sxss code. Example: https://~~/profile

--custom-alert-valueChange alert value. Example: document.cookie (default 1)

--sequenceSet sequence to first number. Example: https://~/view?no=SEQNC 3 (default -1)

--ignore-returnIgnore scanning from return code. Example: 302,403,404

--silenceNot printing all logs

--entity-gfEnumerate a gf-patterns xss params

--enum-attrEnumerate a in-attr xss payloads

--enum-htmlEnumerate a in-html xss payloads

--enum-injsEnumerate a in-js xss payloads

--make-bulkMake bulk payloads for stored xss

--only-custom-payloadOnly testing custom payload (required parameter custom-payloads)

--encoder-urlEncoding output

--enum-commonEnumerate a common xss payloads

--remote-payloadboxEnumerate a payloadbox's xss payloads

--entity-useful-tagsEnumerate a useful tags for xss

--remote-portswiggerEnumerate a portswigger xss cheatsheet payloads

--entity-event-handlerEnumerate a event handlers for xss

--entity-special-charsEnumerate a special chars for xss