• Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office
AnonyViet - English Version
  • Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office
No Result
View All Result
  • Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office
No Result
View All Result
AnonyViet - English Version
No Result
View All Result
Home Security

How to scan for XSS vulnerabilities automatically with Dalfox

AnonyViet by AnonyViet
February 15, 2023
in Security
0
0
SHARES
Share on FacebookShare on Twitter

Hello friends, in today’s article, I will show you how to use Dalfox tool to scan XSS vulnerabilities, this is a pretty cool and interesting tool, very useful for Pentester enthusiasts as well as Pentester enthusiasts. other Pentesters also like to use Dalfox. Before entering the article, I will briefly introduce the Dalfox tool and the concept of XSS vulnerability. Let’s get to the main point!

Note: This article is for educational and research purposes only. Please do not make illegal attacks. Anonyviet will not be responsible for any and all illegal acts caused by you!

Brief concept of XSS

Cross-Site Scripting (XSS) is a type of security attack where an attacker can insert malicious code into someone’s website and when the user visits that website, the malicious code will be executed on the other person’s machine. use that. XSS can lead to loss of credit, disclosure of private information, or attack on user machines.

Here’s how it works: The XSS vulnerability works by injecting malicious code into a web page or a web page input form. When a user visits a website or enters data into that form, malicious code will be executed on the user’s browser. Malicious code can get information from the user’s browser, send it to another server, or perform other tasks such as attacking the user’s machine or losing credit.

Dalfox – Pentest Web Application Tool

DalFox is a powerful open source XSS scanner, parametric analyzer and utility that accelerates the detection and verification of XSS errors. It comes with a powerful, feature-rich testing tool suitable for Pentester houses. The author of this tool is HAHWUL, is an engineer and a security researcher. In addition, Dalfox is also one of the most useful web application pentest tools available today and should be used by every pentester to find and fix security holes in the website.

How to install Dalfox tool

To use Dalfox, of course you need to install it :>, and installing Dalfox is also quite simple, you just need to do the following:

For Kali Linux: you just need to copy the Python code below, then save it with any name and the extension .py, here I save it as name.py, after pasting the code and saving the code, now you just need run the following command sudo apt install golang -y then run the Python script using the command python tênfile.py

And so, Dalfox will automatically install on your Kali Linux machine

#!/usr/bin/env python3

import os
import sys

def install_golang_module(module):
    modulename = module.split("/")[-1].lower()
    if not os.path.exists("/opt/" + modulename):
        print("Installing go module " + modulename)
        cmdseries = ["sudo -E GO111MODULE=on go get -v " + module,
                     "sudo ln -s /opt/" + modulename + "/bin/" + \
                     modulename + " /usr/local/bin/" + modulename]
        os.environ["GOPATH"] = "/opt/" + modulename
        for cmdstring in cmdseries:
            os.system(cmdstring)

if __name__ == '__main__':
    golang_modules_to_install = ['github.com/hahwul/dalfox']
    for module in golang_modules_to_install:
        install_golang_module(module)

For Windows: You just need to enter This linkdownload and extract it then just open the terminal and run it

How to use Dalfox?

To scan for XSS vulnerabilities on any website, we have the following command syntax:

dalfox url websitecoxss -b hawhul.xss.ht

For example:

dalfox url http://testphp.vulnweb.com:80/hpp/index.php?pp=FUZZ -b hawhul.xss.ht

And this is the result:

How to scan for XSS vulnerabilities automatically with Dalfox

In addition, Dalfox has a lot of different and interesting commands, you can find out for yourself at the page GitHub by Dalfox

How to use Dalfox + ParamSpider for automatic vulnerability scanning

For those of you who do not know about the ParamSpider tool, the tool Paramspider developed by Devansh Batham, this tool has the function of “parametric mining from the dark corners of the web”. Roughly speaking, it’s like Crawling potentially hacked urls.

How to install Paramspider:

git clone https://github.com/devanshbatham/ParamSpider.git

cd ParamSpider

pip install -r requirements.txt or pip3 install -r requirements.txt

python paramspider.py -d têndomain or  python3 paramspider.py -d têndomain

How to take Paramspider + Dalfox:

Command syntax python paramspider.py -d têndomain -o TênFileoutput.txt

For example:

python paramspider.py -d testphp.vulnweb.com -o vuln.xss

XSS SCAN

Output has the following form:

How to scan for XSS vulnerabilities automatically with Dalfox 3

Thus, we have the web urls, now switch to Dalfox to scan each url

The command syntax is as follows: dalfox file đườngdẫnchứa\TênFileoutput.txt -b hawhul.xss.ht

For example: dalfox file vuln.xss -b hawhul.xss.ht

scan xss website Dalfox

Here are the results that many of you expect:>

How to scan for XSS vulnerabilities automatically with Dalfox 4

So there are quite a lot of Payload Xss shown !!!

This article is the end, I hope you learn something from this article, if you encounter any website with XSS vulnerabilities, please report it to the web admin right away, maybe you can get money back, right? :))

Wishing you all a very nice day!

You can also read more articles 10 websites to help you practice XSS hacking skills

Tags: AutomaticallyDalfoxScanVulnerabilitiesXSS
Previous Post

Buy a TOTHOST 2G VPS with only 80K or top up 80K – get 200K

Next Post

10 Websites for Design Inspiration

AnonyViet

AnonyViet

Related Posts

Kali Linux 203.1 celebrates its 10th anniversary with a very hot Toolkit
Security

Kali Linux 203.1 celebrates its 10th anniversary with a very hot Toolkit

March 14, 2023
How to Copy Digital Certificates from One App to Another
Security

How to Copy Digital Certificates from One App to Another

March 10, 2023
Code phá hủy MBR ổ cứng – Tấn công và phòng chống
Security

Code phá hủy MBR ổ cứng – Tấn công và phòng chống

February 19, 2023
Break the computer with cmd, .bat . file
Security

Break the computer with cmd, .bat . file

February 2, 2023
[DEFACE] How To Deface with Formcraft
Security

[DEFACE] How To Deface with Formcraft

February 2, 2023
[DEFACE] How To Deface with WordPress Reflex Gallery
Security

[DEFACE] How To Deface with WordPress Reflex Gallery

February 2, 2023
Next Post
10 Websites for Design Inspiration

10 Websites for Design Inspiration

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent News

[Facebook] Latest TUT Rip

[Facebook] Latest TUT Rip

March 26, 2023
How to unlock the hidden FM Radio feature on your phone

How to unlock the hidden FM Radio feature on your phone

March 26, 2023
[Facebook] Summary of Facebook report spells

[Facebook] Summary of Facebook report spells

March 25, 2023
Tổng hợp các nhóm Hacker APT trên thế giới

Tổng hợp các nhóm Hacker APT trên thế giới

March 25, 2023
[Facebook] Latest TUT Rip

[Facebook] Latest TUT Rip

March 26, 2023
How to unlock the hidden FM Radio feature on your phone

How to unlock the hidden FM Radio feature on your phone

March 26, 2023
[Facebook] Summary of Facebook report spells

[Facebook] Summary of Facebook report spells

March 25, 2023
AnonyViet – English Version

AnonyViet

AnonyViet is a website share knowledge that you have never learned in school!

We are ready to welcome your comments, as well as your articles sent to AnonyViet.

Follow Us

Contact:

Email: anonyviet.com[@]gmail.com

Main Website: https://anonyviet.com

Recent News

[Facebook] Latest TUT Rip

[Facebook] Latest TUT Rip

March 26, 2023
How to unlock the hidden FM Radio feature on your phone

How to unlock the hidden FM Radio feature on your phone

March 26, 2023
No Result
View All Result
  • Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office

© 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.