Multi-mode input
URL, file, pipe and raw HTTP requests — the mode is auto-detected, no flags to fumble.
All projects
XSS Scanner · Automation
Dalfox
A powerful open-source XSS scanner and security utility, engineered in Rust for speed and built around automation — from parameter discovery to a verified proof-of-concept.
Rust
MIT
GitHub stars
4
Input modes
6
Output formats
3
XSS vectors
Capabilities
Everything you need to hunt XSS
Dalfox pairs an aggressive testing engine with the ergonomics of a daily-driver CLI — point it at a target and it handles discovery, analysis and verification.
Reflected · Stored · DOM
Detects reflected, stored (SXSS) and DOM-based XSS in a single run.
Parameter mining
Static and dynamic analysis surface hidden parameters before testing even starts.
WAF fingerprinting
Identifies the WAF in front of a target with confidence scoring and bypass tracking.
Pipeline-native output
JSON, JSONL, plain, Markdown, SARIF and TOML — drops straight into DevSecOps.
Built to extend
REST API, MCP stdio server, custom payloads and remote wordlists.
Quickstart
From install to a verified PoC in one command
$ brew install dalfox
# scan a URL and mine DOM parameters
$ dalfox url https://target.tld/?q=1 --mining-dom
[*] Detected WAF: Cloudflare (confidence 0.92)
[POC][R] https://target.tld/?q=%22%3E%3Csvg/onload=alert(1)%3E
[*] 1 verified XSS · scanned in 2.4s
Illustrative output — your mileage will vary by target.
Find the XSS before they do.
Install Dalfox and run your first automated scan in seconds.