Skip to content

Commit f42eb95

Browse files
committedNov 29, 2024·
Remove leading arrows from command examples in documentation for consistency
Signed-off-by: HAHWUL <[email protected]>
·
v2.12.0v2.10.0
1 parent 69dff5a commit f42eb95

20 files changed

+60
-57
lines changed
 

‎docs/_advanced/code.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ layout: page
88

99
## Get libary of dalfox
1010
```
11-
go get github.com/hahwul/dalfox/v2/lib
11+
go get github.com/hahwul/dalfox/v2/lib
1212
```
1313

1414
## Sample of code

‎docs/_advanced/custom-payload.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ layout: page
88

99
## Custom payload
1010
```
11-
dalfox url --custom-payload payload-list.txt
11+
dalfox url --custom-payload payload-list.txt
1212
```
1313

1414
## Custom alert
@@ -22,7 +22,7 @@ str: `"PAYLOAD"` / `'PAYLOAD'`
2222
### Case of study
2323
default (no option)
2424
```
25-
dalfox url http://testphp.vulnweb.com/listproducts.php\?artist\=123
25+
dalfox url http://testphp.vulnweb.com/listproducts.php\?artist\=123
2626
...snip...
2727
[V] Triggered XSS Payload (found DOM Object): cat=</ScriPt><sCripT class=dalfox>alert(1)</sCriPt>
2828
48 line: yntax to use near '=</ScriPt><sCripT class=dalfox>alert(1)</sCriPt>' at line 1
@@ -31,7 +31,7 @@ default (no option)
3131

3232
used options - only value
3333
```
34-
dalfox url http://testphp.vulnweb.com/listproducts.php\?artist\=123 --custom-alert-value 1337
34+
dalfox url http://testphp.vulnweb.com/listproducts.php\?artist\=123 --custom-alert-value 1337
3535
...snip...
3636
[V] Triggered XSS Payload (found DOM Object): cat='><sVg/onload=alert(1337) class=dalfox>
3737
48 line: syntax to use near ''><sVg/onload=alert(1337) class=dalfox>' at line 1
@@ -40,7 +40,7 @@ used options - only value
4040

4141
used options - with type=str
4242
```
43-
dalfox url http://testphp.vulnweb.com/listproducts.php\?artist\=123 --custom-alert-value 1337 --custom-alert-type str
43+
dalfox url http://testphp.vulnweb.com/listproducts.php\?artist\=123 --custom-alert-value 1337 --custom-alert-type str
4444
...snip...
4545
[V] Triggered XSS Payload (found DOM Object): cat=<svG/onload=confirm("1337") class=dalfox>
4646
48 line: yntax to use near '=<svG/onload=confirm("1337") class=dalfox>' at line 1
@@ -49,7 +49,7 @@ used options - with type=str
4949

5050
used options - with type=none,str
5151
```
52-
dalfox url http://testphp.vulnweb.com/listproducts.php\?artist\=123 --custom-alert-value 1337 --custom-alert-type str,int
52+
dalfox url http://testphp.vulnweb.com/listproducts.php\?artist\=123 --custom-alert-value 1337 --custom-alert-type str,int
5353
...snip...
5454
[V] Triggered XSS Payload (found DOM Object): cat="><iFrAme/src=jaVascRipt:alert('1337') class=dalfox></iFramE>
5555
48 line: syntax to use near '"><iFrAme/src=jaVascRipt:alert('1337') class=dalfox></iFramE

‎docs/_advanced/format-of-poc.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,8 @@ This is sample of PoC log. The PoC log contains various information along with t
2525
Why is there a gap?
2626
It is a method to make it easier to parse only the poc code through cut etc. For example, you can do this.
2727
```shell
28-
dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff | cut -d " " -f 2 > output
29-
cat output
28+
dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff | cut -d " " -f 2 > output
29+
cat output
3030
http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123DalFox
3131
http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%22%3E%3Csvg%2FOnLoad%3D%22%60%24%7Bprompt%60%60%7D%60%22+class%3Ddalfox%3E
3232
```

‎docs/_advanced/parameter-mining.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,12 +12,12 @@ Dalfox performs parameter mining by default when scanning. This is based on the
1212

1313
## Use custom wordlist
1414
```
15-
dalfox url https://example.com --mining-dict-word=./params.txt
15+
dalfox url https://example.com --mining-dict-word=./params.txt
1616
```
1717

1818
## Use remote wordlist
1919
```
20-
dalfox url https://example.com --remote-wordlists=burp,assetnote
20+
dalfox url https://example.com --remote-wordlists=burp,assetnote
2121
```
2222

2323
### Supported resources
@@ -27,13 +27,13 @@ Dalfox performs parameter mining by default when scanning. This is based on the
2727
## Disable Mining
2828
### Disable DOM-Mining
2929
```
30-
dalfox url https://example.com --skip-mining-dom
30+
dalfox url https://example.com --skip-mining-dom
3131
```
3232
### Disable Dict Mining (Gf-Patterns)
3333
```
34-
dalfox url https://example.com --skip-mining-dict
34+
dalfox url https://example.com --skip-mining-dict
3535
```
3636
### Disable All Mining Process
3737
```
38-
dalfox url https://example.com --skip-mining-all
38+
dalfox url https://example.com --skip-mining-all
3939
```

‎docs/_advanced/remote-payloads.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,12 +9,12 @@ layout: page
99
## Use remote payloads
1010
Single resources
1111
```
12-
dalfox url https://example.com --remote-payloads portswigger
12+
dalfox url https://example.com --remote-payloads portswigger
1313
```
1414

1515
Multiple resources
1616
```
17-
dalfox url https://example.com --remote-payloads portswigger,payloadbox
17+
dalfox url https://example.com --remote-payloads portswigger,payloadbox
1818
```
1919

2020
## Supported resources

‎docs/_advanced/scan-from-rawreq.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ asdf=asdf
2222

2323
Command
2424
```
25-
dalfox file --rawdata ./samples/sample_rawdata.txt
25+
dalfox file --rawdata ./samples/sample_rawdata.txt
2626
```
2727
Output
2828
```

‎docs/_config.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,13 @@
11
title: Dalfox
22
description: Dalfox is a powerful open-source XSS scanner and utility focused on automation.
33
theme: just-the-docs
4-
logo: "/images/owasp-noir-black.png"
4+
logo: "/images/logonav.png"
55
favicon_ico: "favicon.ico"
66
url: https://dalfox.hahwul.com
77

8+
9+
color_scheme: dark
10+
811
aux_links:
912
Github: https://github.com/hahwul/dalfox
1013
Go: https://pkg.go.dev/github.com/hahwul/dalfox/v2

‎docs/_get_started/modes/file-mode.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,17 +11,17 @@ layout: page
1111
`file` mode is a mode for scanning multiple URLs or for scanning based on a raw request file in Burp Suite/ZAP. Input is filename.
1212

1313
```shell
14-
dalfox file {filename}
14+
dalfox file {filename}
1515
```
1616

1717
If the file is a list of URLs, proceed to scan multiple URLs just like the Pipe, and if it is with the `--rawdata` option, recognize it as a raw request, analyze the file, and test it.
1818

1919
## scanning urls from file
2020
```shell
21-
dalfox file urls.txt
21+
dalfox file urls.txt
2222
```
2323

2424
## scanning from burp/zap raw request file
2525
```shell
26-
dalfox file req.raw --rawdata
26+
dalfox file req.raw --rawdata
2727
```

‎docs/_get_started/modes/payload-mode.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,18 +11,18 @@ layout: page
1111
`payload` mode is a mode for easy testing of XSS. Generate and Enumerate XSS Payloads and wordlists
1212

1313
```
14-
dalfox payload {flags}
14+
dalfox payload {flags}
1515
```
1616

1717
e.g
1818
```
19-
dalfox payload --enum-injs --entity-event-handler"
19+
dalfox payload --enum-injs --entity-event-handler"
2020
```
2121

2222
## Make-Bulk
2323
Make-bulk generates many xss payloads. At this point, the parameters of the alert are configured as sequence and it is easy to find which payload was triggered during the XSS test.
2424
```
25-
dalfox payload --make-bulk
25+
dalfox payload --make-bulk
2626
```
2727
output
2828
```

‎docs/_get_started/modes/pipe-mode.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,9 +10,9 @@ layout: page
1010

1111
`pipe` mode is the mode for scanning multiple URLs. I receive input as system I/O, so you can connect with other tools through pipeline.
1212
```shell
13-
dalfox pipe
13+
dalfox pipe
1414
```
1515
e.g
1616
```shell
17-
echo urls.txt | dalfox pipe
17+
echo urls.txt | dalfox pipe
1818
```

‎docs/_get_started/modes/server-mode.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,12 +9,12 @@ layout: page
99
---
1010
`server` mode is a REST API mode that takes into account scalability. Using this mode, dalfox acts as a REST API server and can perform scanning using a web request.
1111
```
12-
dalfox server
12+
dalfox server
1313
```
1414

1515
e.g
1616
```
17-
dalfox server --host 0.0.0.0 --port 8090
17+
dalfox server --host 0.0.0.0 --port 8090
1818
_..._
1919
.' .::::. __ _ _ ___ _ __ __
2020
: :::::::: | \ / \ | | | __/ \\ V /
@@ -45,7 +45,7 @@ and supported swagger-ui
4545
## Basic scanning
4646
req
4747
```
48-
curl -X POST "http://localhost:6664/scan" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"url\": \"https://www.hahwul.com\"}"
48+
curl -X POST "http://localhost:6664/scan" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"url\": \"https://www.hahwul.com\"}"
4949
```
5050
res
5151
```
@@ -55,7 +55,7 @@ res
5555
## Scanning with options
5656
req
5757
```
58-
curl -X POST "http://localhost:6664/scan" \
58+
curl -X POST "http://localhost:6664/scan" \
5959
-H "accept: application/json" \
6060
-H "Content-Type: application/json" \
6161
-d "{\"url\": \"https://www.hahwul.com\", \"options\":{\"cookie\":\"testz=11\",\"worker\":1}}"

‎docs/_get_started/modes/sxss-mode.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,16 +9,16 @@ layout: page
99
---
1010
`sxss` mode is a mode for easy identification of Stored XSS. The default behavior is the same as url mode, but you can specify a separate URL to validate, and you can generate a dynamic verification URL with the --sequence option in case the verification URL changes.
1111
```
12-
dalfox sxss {TARGET-URL} --trigger {VERIFY_URL}
12+
dalfox sxss {TARGET-URL} --trigger {VERIFY_URL}
1313
```
1414

1515
e.g
1616
```
17-
dalfox sxss https://test.url.local/update_profile -d "nickname=abc" --trigger "https://test.url.local/my_profile"
17+
dalfox sxss https://test.url.local/update_profile -d "nickname=abc" --trigger "https://test.url.local/my_profile"
1818
```
1919

2020
send POST request to Store the XSS payload and verify it working of the payload with an GET request
2121
```
22-
dalfox sxss -X POST https://test.url.local/update_profile -d "nickname=abc" --trigger "https://test.url.local/my_profile" --reqeust-method GET
22+
dalfox sxss -X POST https://test.url.local/update_profile -d "nickname=abc" --trigger "https://test.url.local/my_profile" --reqeust-method GET
2323
```
2424

‎docs/_get_started/modes/url-mode.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,10 +11,10 @@ layout: page
1111
`url` mode is the mode for detecting XSS for a single URL.
1212

1313
```shell
14-
dalfox url {TARGET-URL}
14+
dalfox url {TARGET-URL}
1515
```
1616

1717
e.g
1818
```shell
19-
dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff
19+
dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff
2020
```

‎docs/_get_started/output-handling.md

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -9,18 +9,18 @@ layout: page
99
## Use dalfox output to other tools via Pipeline
1010
Command
1111
```
12-
dalfox url http://testphp.vulnweb.com/listproducts.php | grep "\[V\]" | cut -d " " -f2 | xargs -I % open %
12+
dalfox url http://testphp.vulnweb.com/listproducts.php | grep "\[V\]" | cut -d " " -f2 | xargs -I % open %
1313
```
1414

1515
## Save only PoC code with Stdout
1616
Command
1717
```
18-
dalfox url http://testphp.vulnweb.com/listproducts.php > output
18+
dalfox url http://testphp.vulnweb.com/listproducts.php > output
1919
```
2020

2121
Output file
2222
```
23-
cat output
23+
cat output
2424
[POC][G][BUILT-IN/dalfox-error-mysql2/GET] http://testphp.vulnweb.com/listproducts.php
2525
[POC][G][BUILT-IN/dalfox-error-mysql/GET] http://testphp.vulnweb.com/listproducts.php
2626
[POC][G][BUILT-IN/dalfox-error-mysql5/GET] http://testphp.vulnweb.com/listproducts.php?cat=dalfox.
@@ -31,12 +31,12 @@ Output file
3131
## Save only PoC code with `-o` flag
3232
Command
3333
```
34-
dalfox url http://testphp.vulnweb.com/listproducts.php -o output
34+
dalfox url http://testphp.vulnweb.com/listproducts.php -o output
3535
```
3636

3737
Output file
3838
```
39-
cat output
39+
cat output
4040
[POC][G][BUILT-IN/dalfox-error-mysql2/GET] http://testphp.vulnweb.com/listproducts.php
4141
[POC][G][BUILT-IN/dalfox-error-mysql/GET] http://testphp.vulnweb.com/listproducts.php
4242
[POC][G][BUILT-IN/dalfox-error-mysql5/GET] http://testphp.vulnweb.com/listproducts.php?cat=dalfox.
@@ -48,12 +48,12 @@ Output file
4848

4949
Command
5050
```
51-
dalfox url http://testphp.vulnweb.com/listproducts.php -o alllog.txt --output-all
51+
dalfox url http://testphp.vulnweb.com/listproducts.php -o alllog.txt --output-all
5252
```
5353

5454
Output file
5555
```
56-
cat alllog.txt
56+
cat alllog.txt
5757
[*] Using single target mode
5858
[*] Target URL: http://testphp.vulnweb.com/listproducts.php
5959
[*] Vaild target [ code:200 / size:4819 ]
@@ -78,10 +78,10 @@ Case
7878

7979
Command (only grep and verified poc)
8080
```
81-
dalfox url http://testphp.vulnweb.com/listproducts.php --only-poc=g,v
81+
dalfox url http://testphp.vulnweb.com/listproducts.php --only-poc=g,v
8282
```
8383

8484
## Save Traffic in HAR File
8585
```
86-
dalfox url http://testphp.vulnweb.com/listproducts.php --har-file-path=log.har
86+
dalfox url http://testphp.vulnweb.com/listproducts.php --har-file-path=log.har
8787
```

‎docs/_get_started/scan-multiple-url.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ layout: page
99
## Using pipe mode
1010
Command
1111
```
12-
cat samples/sample_target.txt| dalfox pipe
12+
cat samples/sample_target.txt| dalfox pipe
1313
```
1414
Output
1515
```
@@ -67,7 +67,7 @@ Output
6767
## Using file mode
6868
Command
6969
```
70-
dalfox file ./samples/sample_target.txt
70+
dalfox file ./samples/sample_target.txt
7171
```
7272
Output
7373
```

‎docs/_get_started/scan-single-url.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ layout: page
88

99
Command
1010
```
11-
dalfox url http://testphp.vulnweb.com/listproducts.php
11+
dalfox url http://testphp.vulnweb.com/listproducts.php
1212
```
1313

1414
Output

‎docs/_get_started/usage.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ layout: page
99
## Usage
1010
The options for the Dalfox are largely configured with `commands` and `flags`.
1111
```shell
12-
dalfox [command] [flags]
12+
dalfox [command] [flags]
1313
```
1414

1515
```

‎docs/_tips/found-action.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,23 +17,23 @@ Found action(`--found-action`) is lets you specify the actions to take when dete
1717

1818

1919
```
20-
dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff --found-action "echo '@@query@@' > data"
20+
dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff --found-action "echo '@@query@@' > data"
2121
```
2222

2323
```
24-
cat data
24+
cat data
2525
http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%27%3E%3Csvg%2Fclass%3D%27dalfox%27onLoad%3Dalert%2845%29%3E
2626
```
2727

2828
## Modify shell application for found action
2929
`--found-action-shell` flag is change shell application for found action. default values is bash.
3030
```
31-
dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff --found-action "echo '@@query@@' > data" --found-action-shell=zsh
31+
dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff --found-action "echo '@@query@@' > data" --found-action-shell=zsh
3232
```
3333

3434
for example, in alpine linux
3535
```
36-
dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff --found-action "echo '@@query@@' > data" --found-action-shell=sh
36+
dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff --found-action "echo '@@query@@' > data" --found-action-shell=sh
3737
```
3838

3939
## Reference

‎docs/_tips/oneliner.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,22 +10,22 @@ layout: page
1010
1111
* Scanning XSS from host / from [@cihanmehmet in awesome-oneliner-bugbounty](https://github.com/dwisiswant0/awesome-oneliner-bugbounty)
1212
```
13-
gospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe | tee result.txt
13+
gospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe | tee result.txt
1414
```
1515
* [Automating XSS using Dalfox, GF and Waybackurls](https://medium.com/bugbountywriteup/automating-xss-using-dalfox-gf-and-waybackurls-bc6de16a5c75)
1616
```
17-
cat test.txt | gf xss | sed ‘s/=.*/=/’ | sed ‘s/URL: //’ | tee testxss.txt ; dalfox file testxss.txt -b yours-xss-hunter-domain(e.g yours.xss.ht)
17+
cat test.txt | gf xss | sed ‘s/=.*/=/’ | sed ‘s/URL: //’ | tee testxss.txt ; dalfox file testxss.txt -b yours-xss-hunter-domain(e.g yours.xss.ht)
1818
```
1919
* [Find XSS and Blind XSS, and send every request to burpsuite for more manual testing
2020
](https://twitter.com/Alra3ees/status/1407058456323014659)
2121
```
22-
dalfox file hosts --mining-dom --deep-domxss --ignore-return -b 'YOURS.xss.ht' --follow-redirects --proxy http://127.0.0.1:8080
22+
dalfox file hosts --mining-dom --deep-domxss --ignore-return -b 'YOURS.xss.ht' --follow-redirects --proxy http://127.0.0.1:8080
2323
```
2424
* [dalfox scan to bugbounty targets / from KingOfBugBountyTips](https://github.com/KingOfBugbounty/KingOfBugBountyTips#dalfox-scan-to-bugbounty-targets-1)
2525
```
26-
wget https://raw.githubusercontent.com/arkadiyt/bounty-targets-data/master/data/domains.txt -nv ; cat domains.txt | anew | httpx -silent -threads 500 | xargs -I@ dalfox url @
26+
wget https://raw.githubusercontent.com/arkadiyt/bounty-targets-data/master/data/domains.txt -nv ; cat domains.txt | anew | httpx -silent -threads 500 | xargs -I@ dalfox url @
2727
```
2828
* [Recon subdomains and gau to search vuls DalFox / from KingOfBugBountyTips](https://github.com/KingOfBugbounty/KingOfBugBountyTips#recon-subdomains-and-gau-to-search-vuls-dalfox)
2929
```
30-
assetfinder testphp.vulnweb.com | gau | dalfox pipe
30+
assetfinder testphp.vulnweb.com | gau | dalfox pipe
3131
```

‎docs/_tips/write-har.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ layout: page
99
In dalfox 2.9 and later, all requests can be logged in HAR format. Enter the file path to save using `--har-file-path` flag.
1010

1111
```
12-
dalfox url --no-spinner \
12+
dalfox url --no-spinner \
1313
--no-color \
1414
--output-all \
1515
--follow-redirects \

0 commit comments

Comments
 (0)
Please sign in to comment.