Search the Community

What is DalFox Just, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a Ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The basic concept is to analyze parameters, find XSS, and examine them based on Selenium. I talk about naming. Dal(달) is the Korean pronunciation of moon and fox was made into Fox(Find Of XSS). Changelog v2.6.1 741f6c0 update package 15bf693 tap v2.6.1 17be4d8 chore: update contributors [skip ci] 4ac6e1f Merge pull request #321 from hahwul/dev 5c1e792 Merge pull request #319 from hahwul/main fd65dc3 Merge pull request #317 from hahwul/dependabot/go_modules/github.com/swaggo/swag-1.7.6 90b5090 Merge pull request #316 from hahwul/dependabot/go_modules/github.com/chromedp/chromedp-0.7.6 2d832bb Merge branch ‘main’ of [Hidden Content] into main 2fb311a Bump github.com/swaggo/swag from 1.7.4 to 1.7.6 237def7 Bump github.com/chromedp/chromedp from 0.7.4 to 0.7.6 9b9f256 (#320) Update lib interface 0eabf85 (#318) Add PoCType in lib fdb9d74 (#315) Add gzip handling in SendReq function 9ab9e6f (#315) Add gzip handling in ParamterAnalysis [Hidden Content]

XSpear - Powerfull XSS Scanning And Parameter Analysis Tool Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser (with Selenium) Testing request/response for XSS protection bypass and reflected params Reflected Params Filtered test event handler HTML tag Special Char Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...) Dynamic/Static Analysis Find SQL Error pattern Analysis Security headers(CSP HSTS X-frame-options, XSS-protection etc.. ) Analysis Other headers..(Server version, Content-Type, etc...) Scanning from Raw file(Burp suite, ZAP Request) XSpear running on ruby code(with Gem library) Show table base cli-report and filtered rule, testing raw query(url) Testing at selected parameters Support output format cli json cli: summary, filtered rule(params), Raw Query Support Verbose level (quit / nomal / raw data) Support custom callback code to any test various attack vectors [HIDE][Hidden Content]]

WordPress PayPal Checkout Payment Gateway plugin version 1.6.8 suffers from a parameter tampering vulnerability that allows for price manipulation. View the full article