dalfox

dalfox mode [target] [options]

dalfox is a powerful open-source XSS (Cross-Site Scripting) vulnerability scanner and parameter analyzer. It specializes in finding reflected XSS, stored XSS, and DOM-based XSS vulnerabilities through automated testing.
The tool performs parameter analysis to identify injection points, then tests with a comprehensive payload database. It supports blind XSS detection using external callback servers and can integrate with other security tools through piped input.
dalfox includes features like DOM rendering analysis, WAF detection and evasion, and intelligent payload mutation. It's designed for penetration testers and security researchers conducting authorized security assessments.

MODE

Operation mode: url, file, pipe, sxss.

URL or file containing URLs to scan.

Use custom payload file.

Blind XSS callback URL.

Output file path.

Output format: plain, json, xml.

Set cookies for requests.

Add custom header.

HTTP proxy to use.

Number of concurrent workers.

Suppress all output except results.

Display help information.

Only use on systems you have explicit authorization to test. False positives may occur; verify findings manually. High request rates may trigger rate limiting or bans. Some XSS types require browser-based verification.

dalfox was created by hahwul and released in 2020. The name stands for "Finder Of XSS" with "dal" meaning moon in Korean. It was designed as a fast, flexible alternative to existing XSS scanners, with emphasis on automation and accuracy.

nikto(1), sqlmap(1), nuclei(1), httpx(1)