search

hahwul / dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
https://dalfox.hahwul.com
MIT License
3.55k stars 397 forks source link

Include certain messages that are in the command line in the JSON output #422

Closed kmcquade closed 1 year ago

kmcquade commented 1 year ago

Hi, big fan of Dalfox here :) I noticed that there are some really helpful messages in the command line output that are not reflected in the JSON. Some of these could be really helpful in providing context on the vulnerabilities. For example, this part from pkg/scanning/scan.go

if vStatus[v["param"]] == false {
  printing.DalLog("WEAK", "Reflected Payload in Attribute: "+v["param"]+"="+v["payload"], options)

It would be really awesome if we could have the descriptions included in the JSON output! :)

hahwul commented 1 year ago

@kmcquade Thank you very much for your opinion! I'll need some time to think about it, but I'll make it well😉

hahwul commented 1 year ago

JSON

Now, the message_str contains messages information content.

스크린샷 2023-03-28 오전 2 08 45