search

hahwul / dalfox

πŸŒ™πŸ¦Š Dalfox is a powerful open-source XSS scanner and utility focused on automation.
https://dalfox.hahwul.com
MIT License
3.46k stars 389 forks source link

Feature Proposal! - "show amount of urls scanned out of total amount of given urls trough url file list in output terminal" #80

Closed DJ8whd2w8dshd3csbmsab22 closed 3 years ago

DJ8whd2w8dshd3csbmsab22 commented 3 years ago

Feature Proposal! - "show amount of urls scanned out of total amount of given urls trough url file list in output terminal"

Why? I love your tool, and sometimes i am scanning 10000+ links (don't ask). BUT, when scanning i only see the output of the tool testing parameters and XSS found etc.

I would love to have a counter that displays how much urls are scanned and how much still need to be scanned. Example: i have 100 *.example.com links in a list scan file. I point dalfox to the file and start scanning. [progress: 2/100]

I love Dalfox and XSpear btw ;), let me know what you think about the feature. I could code it for you maybe but i have Zer0 Golang expirience yet... :p

hahwul commented 3 years ago

Hi @Slowpoke079 Thank you for your opinion. I preparing for the next version now, and i'll include itπŸ˜‰ I thought the current log output method was insufficient in many URL modes such as pipe, file mode.

Thank you so much for your good opinion!

DJ8whd2w8dshd3csbmsab22 commented 3 years ago

Thank you! Much appreciated.

Btw, im a new/newby bugbounty hunter, is there a channel (like discord) where i can ask you things regarding encoded reflected XSS attacks? I recently found one (with dalfox) but i don't know how to get the "alert poc" to work since i do not know how to read encoded payloads for shit.

You can ignore this if you want to ofcourse ;)

hahwul commented 3 years ago

@Slowpoke079

Dev logs First of all, it is reflected in the current code version. It's going to be distributed in a 2.0 release. => 300f231 , and change spinner format 1414

My talk of your question I don't know which channel to recommend because I'm not participating in channels like discord. Why don't you DM to Awesome guys like BruteLogic with masked information with test code?

If you really don't know how, DM me (with masked. your information is important!). I don't know if it'll help, but I'll check.

DJ8whd2w8dshd3csbmsab22 commented 3 years ago

Oh i didn't see that! I am dyslexic ,(hi dyslexic) and tend to read over things quite fast when not concentrated... And thanks for all the help! I won't ask to take more time from you since that would be selfish on my side. The tool already does a lot for me <3. And i am waaay to shy for twitter and the like :P.

Thanks for the commitment :)