Hi hackers! Dalfox v2.7 has been released 🎉🎉🎉
There are not many added features this release. But it’s better than before, so I recommend an update! Then let’s start the review. and Have a great holiday 🧑🏼🎄
Thank you ❤️
First, Thank you so much all contributors !!
- Add BAV Module
- ESI Injection
- Support to windows/arm64
- Upgrade go dependency (1.16 to 1.17)
- Add Severity in PoC Object
- Improve SXSS Mode
- Improve Code Quality
- Improve libraty interface
- Fixed bugs
- Update dalfox web page and documentation
Upgrade go version
I judged that go1.17 was stabilized and raised Golang’s dependency from 1.16 to 1.17. Now, dalfox’s support to window/arm64 binary.
Add BAV Module - ESI Injection
Add Severity in PoC Object
Severity attribute has been added. It is marked Low, Medium, and High and is subject to both XSS and other vulnerabilities detected by BAV.
Support to windows/arm64
Dalfox now releases a binary version of window arm64 as well.
Improve SXSS Mode
sxss checks two pages simultaneously through target URL and trigger URL. At this time, there was a problem that could not be properly identified when scanning at a high speed with many walkers. So default value and limit were added as below.
|Option||Matched Flag||Default vaule||Limit|
|options.Concurrence||-w or –worker||1||1|
|options.Delay||–delay||1500 (1.5s)||>= 1500|
Improve Code Quality
Dalfox is developed in consideration of code quality and test coverage. It didn’t get better, but it also maintained quality for new functions 😅
- Code Coverage: 83.22%
- Goreportcard: A+ / Codacy: A
Update library interface
When using Dalfox in code, SXSS mode can now be fully used with options.Sequence using a dalfox interface, and users can control UseHeadless, UseDeepDXSS, and WAFEavision.