search

hahwul / dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
https://dalfox.hahwul.com
MIT License
3.59k stars 402 forks source link

[New feature] Scan report #379

Closed hahwul closed 1 year ago

hahwul commented 2 years ago

Show parameter analysis result when finish scan

e.g

url
 - safe
 - ! @ # $
p
 - safe
 - ! @ # $
da
 - vuln
 - ! @ # $ < > ' "
q
 - vuln 
 - ! @ # $ < > ' "
hojyh1 commented 2 years ago

미리 감사합니다 대해커왕님

hahwul commented 2 years ago

like this (authz0)

hahwul commented 2 years ago

JSON Result format

https://dalfox.hahwul.com/docs/json/

[
  {
        "type":"Type of PoC (G/R/V)",
        "inject_type":"Injected Point",
        "poc_type":"plain/curl/httpie/etc...",
        "method":"HTTP Method",
        "data":"PoC URL",
        "param":"Parmeter",
        "payload":"Attack Value",
        "evidence":"Evidence with response body",
        "cwe":"CWE ID",
        "severity": "Severity (Low/Medium/High)"
  }
]

Check list

hahwul commented 1 year ago 
{
 "logs": null,
 "pocs": [
  {
   "type": "R",
   "inject_type": "inHTML-URL",
   "poc_type": "plain",
   "method": "GET",
   "data": "https://xss-game.appspot.com/level1/frame?query=%22%3E%3Ca+href%3Djavas%26%2399%3Bript%3Aalert%281%29%2Fclass%3Ddalfox%3Eclick",
   "param": "query",
   "payload": "\"\u003e\u003ca href=javas\u0026#99;ript:alert(1)/class=dalfox\u003eclick",
   "evidence": "13 line:  s were found for \u003cb\u003e\"\u003e\u003ca href=javas\u0026#99;ript:alert(1)/class=dalfox\u003eclick\u003c/b\u003e. \u003ca",
   "cwe": "CWE-79",
   "severity": "Medium"
  },
  {
   "type": "V",
   "inject_type": "inHTML-URL",
   "poc_type": "plain",
   "method": "GET",
   "data": "https://xss-game.appspot.com/level1/frame?query=%27%3E%3Cimg%2Fsrc%2Fonerror%3D.1%7Calert%60%60+class%3Ddalfox%3E",
   "param": "query",
   "payload": "'\u003e\u003cimg/src/onerror=.1|alert`` class=dalfox\u003e",
   "evidence": "13 line:  s were found for \u003cb\u003e'\u003e\u003cimg/src/onerror=.1|alert`` class=dalfox\u003e\u003c/b\u003e. \u003ca href='?'",
   "cwe": "CWE-79",
   "severity": "High"
  }
 ],
 "params": [
  {
   "Name": "query",
   "Type": "URL",
   "Reflected": true,
   "ReflectedPoint": "/inHTML-none(1)",
   "ReflectedCode": "13 line:  Sorry, no results were found for \u003cb\u003eDalFox\u003c/b\u003e. \u003ca href='?'\u003eTry again",
   "Vuln": false,
   "Chars": [
    "+",
    ":",
    "`",
    "(",
    "]",
    "\\",
    "=",
    "\u003c",
    "-",
    "}",
    ")",
    "|",
    "'",
    ".",
    "[",
    "{",
    "\u003e",
    ",",
    "$",
    "\"",
    ";"
   ]
  }
 ],
 "duration": 6779151542,
 "start_time": "2022-09-16T11:16:17.914863+09:00",
 "end_time": "2022-09-16T11:16:24.69388+09:00"
}
hahwul commented 1 year ago

스크린샷 2022-09-16 오후 1 12 46 스크린샷 2022-09-16 오후 1 14 34

cc @hojyh1