Dalfox 2.7 Released ๐ŸŽ‰

Dalfox 2.7 Released ๐ŸŽ‰


Hi hackers! Dalfox v2.7 has been released ๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰

There are not many added features this release. But itโ€™s better than before, so I recommend an update! Then letโ€™s start the review. and Have a great holiday ๐Ÿง‘๐Ÿผโ€๐ŸŽ„

Thank you โค๏ธ

First, Thank you so much all contributors !!

Thanks to our, this project is getting better and better. Thank you always!

Release note

Github | DockerHub

  • Add BAV Module
    • ESI Injection
  • Support to windows/arm64
  • Upgrade go dependency (1.16 to 1.17)
  • Add Severity in PoC Object
  • Improve SXSS Mode
  • Improve Code Quality
  • Improve libraty interface
  • Fixed bugs
    • Add gzip handling in all func (#315)
    • Fized zero-line bug (#322)
  • Update dalfox web page and documentation

Detail Review

Upgrade go version

I judged that go1.17 was stabilized and raised Golangโ€™s dependency from 1.16 to 1.17. Now, dalfoxโ€™s support to window/arm64 binary.

Add BAV Module - ESI Injection

[G] Found dalfox-esii via built-in grepping / payload: toGrepping
[POC][G][GET][BUILTIN] https://******************.hahwul.com/esii\?q\=%3Cesi:assign%20name\=%22var1%22%20value\=%22dalfox%22/%3E%3Cesii-%3Cesi:vars%20name\=%22$\(var1\)%22%3E

Add Severity in PoC Object

Severity attribute has been added. It is marked Low, Medium, and High and is subject to both XSS and other vulnerabilities detected by BAV.

      "type":"Type of PoC (G/R/V)",
      "inject_type":"Injected Point",
      "method":"HTTP Method",
      "data":"PoC URL",
      "payload":"Attack Value",
      "evidence":"Evidence with response body",
      "cwe":"CWE ID",
      "severity": "Severity (Low/Medium/High)"


    "type": "V",
    "inject_type": "inHTML-URL",
    "poc_type": "plain",
    "method": "GET",
    "data": "http://testphp.vulnweb.com/listproducts.php?cat=%27%22%3E%3Cimg%2Fsrc%2Fonerror%3D.1%7Calert%60%60+class%3Ddalfox%3E",
    "param": "cat",
    "payload": "'\"><img/src/onerror=.1|alert`` class=dalfox>",
    "evidence": "48 line:  syntax to use near ''\"><img/src/onerror=.1|alert`` class=dalfox>' at line 1",
    "cwe": "CWE-79",
    "severity": "High"

Support to windows/arm64

Dalfox now releases a binary version of window arm64 as well.

Improve SXSS Mode

sxss checks two pages simultaneously through target URL and trigger URL. At this time, there was a problem that could not be properly identified when scanning at a high speed with many walkers. So default value and limit were added as below.

Option Matched Flag Default vaule Limit
options.Concurrence -w or โ€“worker 1 1
options.Delay โ€“delay 1500 (1.5s) >= 1500

Improve Code Quality

Dalfox is developed in consideration of code quality and test coverage. It didnโ€™t get better, but it also maintained quality for new functions ๐Ÿ˜…

Update library interface

When using Dalfox in code, SXSS mode can now be fully used with options.Sequence using a dalfox interface, and users can control UseHeadless, UseDeepDXSS, and WAFEavision.

package main 

import (

	dalfox "github.com/hahwul/dalfox/v2/lib"

func main() {
	opt := dalfox.Options{
		Cookie:      "ABCD=1234",
		PoCType:     "http-request",
    Sequence:    10,
    UseHeadless: true,
    UseDeepDXSS: true,
    WAFEavasion: false,
	result, err := dalfox.NewScan(dalfox.Target{
		URL:     "https://xss-game.appspot.com/level1/frame",
		Method:  "GET",
		Options: opt,
	if err != nil {
	} else {

Fixed bugs

  • Add gzip handling in all func (#315)
  • Fized zero-line bug (#322)

Thank you