Enhance documentation with detailed guides for scanning URLs and raw requests, and add section headers for clarity

Signed-off-by: HAHWUL <[email protected]>

Author: hahwul

docs/page/installation.md

@@ -6,54 +6,72 @@ toc: true
 layout: page
 ---
 
+# Installation Guide
+
+This guide provides detailed instructions on how to install Dalfox using various methods. Choose the method that best suits your environment.
+
 ## Using Homebrew
-Homebrew is the package manager for MacOS(or linux). On devices using homebrew, you can easily install/update using the brew command.
+Homebrew is a package manager for macOS (or Linux). On devices using Homebrew, you can easily install or update Dalfox using the `brew` command.
 
-### Install homebrew
+### Install Homebrew
+If you haven't installed Homebrew yet, you can install it by running the following command in your terminal:
 ```shell
 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
 ```
 
-### Install dalfox
+### Install Dalfox
+Once Homebrew is installed, you can install Dalfox by running:
 ```shell
 brew install dalfox
-
-# https://formulae.brew.sh/formula/dalfox
 ```
+For more details, you can visit the [Homebrew Formula page for Dalfox](https://formulae.brew.sh/formula/dalfox).
 
 ## Using Snapcraft
-Snapcraft is one of the packaging managers for Linux. Unlike app and yum, it can be used independently of the deployment OS version.
+Snapcraft is a package manager for Linux. Unlike `apt` and `yum`, it can be used independently of the deployment OS version.
 
 ### Install Snapcraft
-Please check this documents [https://snapcraft.io/docs/installing-snapd](https://snapcraft.io/docs/installing-snapd)
+To install Snapcraft, please refer to the official documentation: [Installing snapd](https://snapcraft.io/docs/installing-snapd).
 
-### Install dalfox
-```
+### Install Dalfox
+Once Snapcraft is installed, you can install Dalfox by running:
+```shell
 sudo snap install dalfox
 ```
 
-## From source
+## From Source
+If you prefer to build Dalfox from the source, you can do so using the `go` command.
+
+### Prerequisites
+Ensure you have Go installed on your system. You can download it from the [official Go website](https://golang.org/dl/).
 
+### Install Dalfox
+To install the latest version of Dalfox from the source, run:
 ```bash
 go install github.com/hahwul/dalfox/v2@latest
-
-# The actual release might slightly differ. This is because go install references the main branch.
 ```
+Note: The actual release might slightly differ as `go install` references the main branch.
 
 ## Using Docker
-Dalfox provides docker images by version. It can be used lightly with less capacity.
+Dalfox provides Docker images by version. This method allows you to use Dalfox with minimal setup.
+
+### Pull the Latest Docker Image
+To pull the latest Docker image of Dalfox, run:
 ```bash
 docker pull hahwul/dalfox:latest
 ```
 
-if you installed it, using like this command
+### Run Dalfox Using Docker
+You can run Dalfox using Docker with the following command:
 ```bash
 docker run -it hahwul/dalfox:latest /app/dalfox url https://www.hahwul.com
 ```
 
-or live in docker
-
+### Interactive Docker Shell
+For an interactive shell within the Docker container, run:
 ```bash
 docker run -it hahwul/dalfox:latest /bin/bash
+```
+Once inside the container, you can run Dalfox:
+```bash
 ./dalfox
 ```

docs/page/modes/file-mode.md

@@ -8,6 +8,8 @@ toc: true
 layout: page
 ---
 
+# File mode
+
 `file` mode is a mode for scanning multiple URLs or for scanning based on a raw request file in Burp Suite/ZAP. Input is filename.
 
 ```shell

docs/page/modes/payload-mode.md

@@ -8,6 +8,8 @@ toc: true
 layout: page
 ---
 
+# Payload Mode
+
 `payload` mode is a mode for easy testing of XSS. Generate and Enumerate XSS Payloads and wordlists
 
 ```bash

docs/page/modes/pipe-mode.md

@@ -8,6 +8,8 @@ toc: true
 layout: page
 ---
 
+# Pipeline Mode
+
 `pipe` mode is the mode for scanning multiple URLs. I receive input as system I/O, so you can connect with other tools through pipeline.
 ```shell
 dalfox pipe

docs/page/modes/server-mode.md

@@ -7,6 +7,9 @@ nav_order: 4
 toc: true
 layout: page
 ---
+
+# Server Mode 
+
 `server` mode is a REST API mode that takes into account scalability. Using this mode, dalfox acts as a REST API server and can perform scanning using a web request.
 
 ```bash

docs/page/modes/sxss-mode.md

@@ -7,6 +7,9 @@ nav_order: 4
 toc: true
 layout: page
 ---
+
+# Stored XSS Mode
+
 `sxss` mode is a mode for easy identification of Stored XSS. The default behavior is the same as url mode, but you can specify a separate URL to validate, and you can generate a dynamic verification URL with the --sequence option in case the verification URL changes.
 
 ```bash

docs/page/modes/url-mode.md

@@ -8,6 +8,8 @@ toc: true
 layout: page
 ---
 
+# URL Mode
+
 `url` mode is the mode for detecting XSS for a single URL.
 
 ```shell

docs/page/output-handling.md

@@ -6,20 +6,25 @@ toc: true
 layout: page
 ---
 
-## Use dalfox output to other tools via Pipeline
+# Output Handling
+
+This guide provides detailed instructions on how to handle the output from Dalfox. You can use various methods to save, filter, and process the output according to your needs.
+
+## Use Dalfox Output to Other Tools via Pipeline
+You can pipe the output of Dalfox to other tools for further processing. For example, you can use `grep` to filter the output and `xargs` to open URLs in a browser.
 
 ```bash
 dalfox url http://testphp.vulnweb.com/listproducts.php | grep "\[V\]" | cut -d " " -f2 | xargs -I % open %
 ```
 
-## Save only PoC code with Stdout
+## Save Only PoC Code with Stdout
+You can save the Proof of Concept (PoC) code directly to a file using standard output redirection.
 
 ```bash
 dalfox url http://testphp.vulnweb.com/listproducts.php > output
 ```
 
-Output file
-
+### Output File Example
 ```bash
 # cat output
 [POC][G][BUILT-IN/dalfox-error-mysql2/GET] http://testphp.vulnweb.com/listproducts.php
@@ -29,13 +34,14 @@ Output file
 [POC][V][GET] http://testphp.vulnweb.com/listproducts.php?cat=%3CsCriPt+class%3Ddalfox%3Eprompt%2845%29%3C%2Fscript%3E
 ```
 
-## Save only PoC code with `-o` flag
-Command
+## Save Only PoC Code with `-o` Flag
+You can also use the `-o` flag to save the PoC code to a file.
+
 ```bash
 dalfox url http://testphp.vulnweb.com/listproducts.php -o output
 ```
 
-Output file
+### Output File Example
 ```bash
 # cat output
 [POC][G][BUILT-IN/dalfox-error-mysql2/GET] http://testphp.vulnweb.com/listproducts.php
@@ -45,14 +51,14 @@ Output file
 [POC][V][GET] http://testphp.vulnweb.com/listproducts.php?cat=%3CsCriPt+class%3Ddalfox%3Eprompt%2845%29%3C%2Fscript%3E
 ```
 
-## Save all log (with `--output-all` flag)
+## Save All Logs with `--output-all` Flag
+To save all logs, including detailed analysis information, use the `--output-all` flag.
 
-Command
 ```bash
 dalfox url http://testphp.vulnweb.com/listproducts.php -o alllog.txt --output-all
 ```
 
-Output file
+### Output File Example
 ```bash
 # cat alllog.txt
 [*] Using single target mode
@@ -66,23 +72,24 @@ Output file
 ...snip...
 ```
 
-## Save only special PoC Code
-Supported
-* g(`grep`)
-* r(`reflected`)
-* v(`verified`)
+## Save Only Special PoC Code
+You can filter and save only specific types of PoC code using the `--only-poc` flag. Supported types are:
+* `g` (grep)
+* `r` (reflected)
+* `v` (verified)
 
-Case
-* g: `[POC][G][BUILT-IN/dalfox-error-mysql1/GET] http://testphp.vulnweb.com/listproducts.php?cat=dalfox%2C`
-* r: `[POC][R][GET] http://testphp.vulnweb.com/listproducts.php?cat=%3CdETAILS%250aopen%250aonToGgle%250a%3D%250aa%3Dprompt%2Ca%28%29%3E`
-* v: `[POC][V][GET] http://testphp.vulnweb.com/listproducts.php?cat=%3CiFrAme%2Fsrc%3DjaVascRipt%3Aalert%281%29+class%3Ddalfox%3E%3C%2FiFramE%3E`
-
-Command (only grep and verified poc)
+### Command Example
+To save only grep and verified PoC code:
 ```bash
 dalfox url http://testphp.vulnweb.com/listproducts.php --only-poc=g,v
 ```
 
 ## Save Traffic in HAR File
+You can save the HTTP traffic in a HAR (HTTP Archive) file for further analysis.
+
 ```bash
 dalfox url http://testphp.vulnweb.com/listproducts.php --har-file-path=log.har
-```
+```
+
+### HAR File Example
+The HAR file can be opened with tools like [HAR Viewer](http://www.softwareishard.com/har/viewer/) for detailed inspection of the HTTP requests and responses.

docs/page/overview.md

@@ -4,42 +4,19 @@ nav_order: 1
 layout: page
 ---
 
-DalFox is a powerful open-source tool designed for automation, making it ideal for efficiently scanning and analyzing parameters to detect XSS vulnerabilities. Its advanced testing engine and unique features streamline the process of identifying and verifying security flaws.
+# Overview
 
-As for the name, Dal([달](https://en.wiktionary.org/wiki/달)) is the Korean word for "moon," while Fox stands for "Finder Of XSS" (🦊).
+DalFox is a powerful open-source tool designed for automated detection of XSS vulnerabilities. With its advanced testing engine and comprehensive feature set, DalFox simplifies the process of scanning, analyzing parameters, and verifying vulnerabilities. Whether you are performing quick scans or detailed analyses, DalFox provides a streamlined experience tailored to the needs of security professionals and researchers.
 
 ![](/images/screen.png)
 
-Mode: `url` `sxss` `pipe` `file` `server` `payload`
+The name "DalFox" has a unique origin:
+- **Dal ([달](https://en.wiktionary.org/wiki/달))**: The Korean word for "moon."
+- **Fox**: An acronym for "Finder Of XSS" 🦊.
 
-| Class         | Key Feature                   | Description                                                  |
-| ------------- | ----------------------------- | ------------------------------------------------------------ |
-| Discovery     | Parameter analysis            | - Find reflected param<br />- Find alive/bad special chars, event handler and attack code <br />- Identification of injection points(HTML/JS/Attribute) <br /> `inHTML-none` `inJS-none` `inJS-double` `inJS-single` `inJS-backtick` `inATTR-none` `inATTR-double` `inATTR-single` |
-|               | Static analysis               | - Check bad-header like CSP, XFO, etc.. with req/res base    |
-|               | BAV analysis                  | - Testing BAV(Basic Another Vulnerability) ,  e.g `sqli` `ssti` `open-redirects`, `crlf`, `esii`    |
-|               | Parameter Mining              | - Find new param with Dictionary attack (default is [GF-Patterns](https://github.com/1ndianl33t/Gf-Patterns))<br />- Support custom dictionary file (`--mining-dict-word`)<br />- Find new param with DOM<br />- Use remote wordlist to mining (`--remote-wordlists`) |
-|               | Built-in Grepping             | - It Identify the basic info leak of SSTi, Credential, SQL Error, and so on |
-|               | WAF Detection and Evasion     | - Detect to WAF(Web Application Firewall). <br />- if found waf and using special flag, evasion using slow request<br />- `--waf-evasion` |
-| Scanning      | XSS Scanning                  | - Reflected XSS / Stored XSS / DOM XSS<br />- DOM base verifying<br />- Headless base verifying<br />- Blind XSS testing with param, header(`-b` , `--blind` options)<br />- Only testing selected parameters (`-p`, `--param`)<br />- Only testing parameter analysis (`--only-discovery`) |
-|               | Friendly Pipeline             | - Single url mode (`dalfox url`)<br />- From file mode (`dalfox file urls.txt`)<br />- From IO(pipeline) mode (`dalfox pipe`)<br />- From raw http request file mode (`dalfox file raw.txt --rawdata`) |
-|               | Optimization query of payloads | - Check the injection point through abstraction and generated the fit payload.<br />- Eliminate unnecessary payloads based on badchar |
-|               | Encoder                       | - All test payloads(built-in, your custom/blind) are tested in parallel with the encoder.<br />- To Double URL Encoder<br />- To HTML Hex Encoder |
-|               | Sequence                      | - Auto-check the special page for stored xss (`--trigger`) <br />- Support (`--sequence`) options for Stored XSS , only `sxss` mode |
-| HTTP          | HTTP Options                  | - Overwrite HTTP Method (`-X`, `--method`)<br />- Follow redirects (`--follow-redirects`)<br />- Add header (`-H`, `--header`)<br />- Add cookie (`-C`, `--cookie`)<br />- Add User-Agent (`--user-agent`)<br />- Set timeout (`--timeout`)<br />- Set Delay (`--delay`)<br />- Set Proxy (`--proxy`)<br />- Set ignore return codes (`--ignore-return`)<br />- Load cookie from raw request (`--cookie-from-raw`) |
-| Concurrency   | Worker                        | - Set worker's number(`-w`, `--worker`)                      |
-|               | N * hosts                     | - Use multicast mode (`--multicast`) , only `file` / `pipe` mode |
-| Output        | Output                        | - Only the PoC code and useful information is write as Stdout<br />- Save output (`-o`, `--output`) |
-|               | Format                        | - JSON / Plain (`--format`)                                  |
-|               | Printing                      | - Silence mode (`--silence`)<br />- You may choose not to print the color (`--no-color`)<br />- You may choose not to print the spinner (`--no-spinner`)<br />- You may choose show only special poc code (`--only-poc`) |
-|               | Report                        | - Show detail report (`--report` and `--report-format=<plain/json>`)|
-| Extensibility | REST API                      | - API Server and Swagger (`dalfox server`)                   |
-|               | Payload Mode                  | - Generate and Enumerate Payloads for XSS Testing (`dalfox payload`) |
-|               | Found Action                  | - Lets you specify the actions to take when detected. <br />- Notify, for example (`--found-action`) |
-|               | Custom Grepping               | - Can grep with custom regular expressions on response<br />- If duplicate detection, it performs deduplication (`--grep`) |
-|               | Custom Payloads               | - Use custom payloads list file (`--custom-payload`) <br />- Custom alert value (`--custom-alert-value`) <br />- Custom alert type (`--custom-alert-type`)|
-|               | Remote Payloads               | - Use remote payloads from portswigger, payloadbox, etc.. (`--remote-payloads`)                  |
-| Package       | Package manager                | - [pkg.go.dev](https://pkg.go.dev/github.com/hahwul/dalfox/v2)<br/>- [homebrew with tap](https://github.com/hahwul/homebrew-dalfox)<br />- [snapcraft](https://snapcraft.io/dalfox)                                  |
-|               | Docker ENV                    | - [docker hub](https://hub.docker.com/repository/docker/hahwul/dalfox)<br />- [github package of docker](https://github.com/hahwul/dalfox/packages)     |
-|               | Other                         | - [github action](https://github.com/marketplace/actions/xss-scan-with-dalfox) |
-
-And the various options required for the testing :D
+Key highlights of DalFox include:
+- **Flexible Scanning Modes**: Supports URL-based scans, file-based inputs, pipelines, and server modes.
+- **Comprehensive Analysis**: Detects reflected, stored, and DOM-based XSS, along with parameter mining and static analysis.
+- **Extensibility**: Offers custom payloads, remote wordlists, and API integrations for tailored testing.
+- **Performance Optimization**: Features such as payload abstraction, bad character filtering, and parallel encoding improve efficiency.
+- **Detailed Reporting**: Outputs can be formatted as plain text or JSON, with options for in-depth reports.

docs/page/running.md

@@ -4,4 +4,6 @@ nav_order: 4
 has_children: true
 toc: true
 layout: page
----
+---
+
+# Running