Dalfox – command-line security tool

Dalfox is a command-line security tool for identifying cross-site scripting vulnerabilities in web applications.

It focuses on automation and helps testers and developers assess targets from single URLs, files, pipelines, and server-style workflows, while also offering flexible request handling and report-friendly output.

This is free and open source software.

Key Features

• Supports multiple operating modes including URL, SXSS, Pipe, File, Server, and Payload.
• Includes parameter analysis, static analysis, BAV testing, and parameter mining.
• Detects reflected, stored, and DOM-based XSS with optimization and DOM/headless verification.
• Provides flexible HTTP request options including custom headers, cookies, methods, and proxy support.
• Offers JSON and plain text output modes, along with detailed reporting options.
• Extends through a REST API, custom payloads, and remote wordlists.
• Cross-platform support – runs on Linux, macOS, and Windows.

Website: github.com/hahwul/dalfox
Support:
Developer: HAHWUL
License: MIT License

Dalfox is written in Rust. Learn Rust with our recommended free books and free tutorials.

Related Software

Read our verdict in the software roundup.

Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category. This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form.