Dalfox 2.7 Released!
Offensive Security Engineer, Developer and H4cker.
Hi hackers! Dalfox v2.7 has been released ๐๐๐
There are not many added features this release. But it's better than before, so I recommend an update! Then let's start the review. and Have a great holiday ๐ง๐ผโ๐
Thank you โค๏ธ
First, Thank you so much all contributors !!
Release note
- Add BAV Module
- ESI Injection
- Support to windows/arm64
- Upgrade go dependency (1.16 to 1.17)
- Add Severity in PoC Object
- Improve SXSS Mode
- Improve Code Quality
- Improve libraty interface
- Fixed bugs
- Update dalfox web page and documentation
Detail Review
Upgrade go version
I judged that go1.17 was stabilized and raised Golang's dependency from 1.16 to 1.17. Now, dalfox's support to window/arm64 binary.
Add BAV Module - ESI Injection
[G] Found dalfox-esii via built-in grepping / payload: toGrepping
<esii-dalfox>
[POC][G][GET][BUILTIN] https://******************.hahwul.com/esii\?q\=%3Cesi:assign%20name\=%22var1%22%20value\=%22dalfox%22/%3E%3Cesii-%3Cesi:vars%20name\=%22$\(var1\)%22%3E
Add Severity in PoC Object
Severity attribute has been added. It is marked Low, Medium, and High and is subject to both XSS and other vulnerabilities detected by BAV.
{
"type":"Type of PoC (G/R/V)",
"inject_type":"Injected Point",
"poc_type":"plain/curl/httpie/etc...",
"method":"HTTP Method",
"data":"PoC URL",
"param":"Parmeter",
"payload":"Attack Value",
"evidence":"Evidence with response body",
"cwe":"CWE ID",
"severity": "Severity (Low/Medium/High)"
}
e.g
{
"type": "V",
"inject_type": "inHTML-URL",
"poc_type": "plain",
"method": "GET",
"data": "http://testphp.vulnweb.com/listproducts.php?cat=%27%22%3E%3Cimg%2Fsrc%2Fonerror%3D.1%7Calert%60%60+class%3Ddalfox%3E",
"param": "cat",
"payload": "'\"><img/src/onerror=.1|alert`` class=dalfox>",
"evidence": "48 line: syntax to use near ''\"><img/src/onerror=.1|alert`` class=dalfox>' at line 1",
"cwe": "CWE-79",
"severity": "High"
}
Support to windows/arm64
Dalfox now releases a binary version of window arm64 as well.
Improve SXSS Mode
sxss checks two pages simultaneously through target URL and trigger URL. At this time, there was a problem that could not be properly identified when scanning at a high speed with many walkers. So default value and limit were added as below.
| Option | Matched Flag | Default vaule | Limit |
|---|---|---|---|
| options.Concurrence | -w or --worker | 1 | 1 |
| options.Delay | --delay | 1500 (1.5s) | >= 1500 |
Improve Code Quality
Dalfox is developed in consideration of code quality and test coverage. It didn't get better, but it also maintained quality for new functions ๐
- Code Coverage: 83.22%
- Goreportcard: A+ / Codacy: A
Update library interface
When using Dalfox in code, SXSS mode can now be fully used with options.Sequence using a dalfox interface, and users can control UseHeadless, UseDeepDXSS, and WAFEavision.
package main
import (
"fmt"
dalfox "github.com/hahwul/dalfox/v2/lib"
)
func main() {
opt := dalfox.Options{
Cookie: "ABCD=1234",
PoCType: "http-request",
Sequence: 10,
UseHeadless: true,
UseDeepDXSS: true,
WAFEavasion: false,
}
result, err := dalfox.NewScan(dalfox.Target{
URL: "https://xss-game.appspot.com/level1/frame",
Method: "GET",
Options: opt,
})
if err != nil {
fmt.Println(err)
} else {
fmt.Println(result)
}
}
Fixed bugs
Thank you
