SkillAgentSearch skills...

Dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

GenerateConvertImprove

Install / Use

/learn @hahwul/Dalfox
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

<div align="center"> <br> <img src="docs/images/logo.png" alt="dalfox" width="400px;"> </div> <p align="center"> <a href="https://github.com/hahwul/dalfox/releases/latest"><img src="https://img.shields.io/github/v/release/hahwul/dalfox?style=for-the-badge&logoColor=%2330365e&label=dalfox&labelColor=%2330365e&color=%2330365e"></a> <a href="https://dalfox.hahwul.com/page/overview/"><img src="https://img.shields.io/badge/documents---.svg?style=for-the-badge&labelColor=%2330365e&color=%2330365e"></a> <a href="https://x.com/intent/follow?screen_name=hahwul"><img src="https://img.shields.io/twitter/follow/hahwul?style=for-the-badge&logo=x&labelColor=%2330365e&color=%2330365e"></a> <a href="https://github.com/hahwul/dalfox/blob/main/CONTRIBUTING.md"><img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=for-the-badge&labelColor=%2330365e&color=%2330365e"></a> </p>

Dalfox is a powerful open-source tool that focuses on automation, making it ideal for quickly scanning for XSS flaws and analyzing parameters. Its advanced testing engine and niche features are designed to streamline the process of detecting and verifying vulnerabilities.

Key features

  • Modes: URL, SXSS, Pipe, File, Server, Payload
  • Discovery: Parameter analysis, static analysis, BAV testing, parameter mining
  • XSS Scanning: Reflected, Stored, DOM-based, with optimization and DOM/headless verification
  • HTTP Options: Custom headers, cookies, methods, proxy, and more
  • Output: JSON/Plain formats, silence mode, detailed reports
  • Extensibility: REST API, custom payloads, remote wordlists

And the various options required for the testing :D

Installation

Homebrew (macOS/Linux)

brew install dalfox

# https://formulae.brew.sh/formula/dalfox

Snapcraft (Ubuntu)

sudo snap install dalfox

Nixpkgs (NixOS)

A package is available for Nix or NixOS users. Keep in mind that the latest releases might only be present in the unstable channel.

nix-shell -p dalfox

From Source

go install github.com/hahwul/dalfox/v2@latest

See Installation guide for details.

Usage

dalfox [mode] [target] [flags]
  • Single URL: dalfox url http://example.com -b https://callback
  • File Mode: dalfox file urls.txt --custom-payload mypayloads.txt
  • Pipeline: cat urls.txt | dalfox pipe -H "AuthToken: xxx"

Check the Usage and Running documents for more examples.

Contributing

if you want to contribute to this project, please see CONTRIBUTING.md and Pull-Request with cool your contents.

About the Name

As for the name, Dal() is the Korean word for "moon," while "Fox" stands for "Finder Of XSS" or 🦊

Related Skills

healthcheck

337.4k

Host security hardening and risk-tolerance configuration for OpenClaw deployments

node-connect

337.4k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

xurl

337.4k

A CLI tool for making authenticated requests to the X (Twitter) API. Use this skill when you need to post tweets, reply, quote, search, read posts, manage followers, send DMs, upload media, or interact with any X API v2 endpoint.

prose

337.4k

OpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.

hahwul

View profile

View on GitHub
GitHub Stars4.9k
CategoryDevelopment
Updated2h ago
Forks516
hahwul/dalfox

Languages

Go

Security Score

100/100

Audited on Mar 26, 2026

No findings