Published by hahwul about 3 years ago
Changelog
257341f Upgrade dalfox to golang 1.16
4db4ef5 Tap v2.5.1
91a8817 Merge pull request #287 from hahwul/dev
4961c35 Merge pull request #286 from hahwul/main
b7e0f22 Merge pull request #284 from hahwul/dependabot/go_modules/github.com/labstack/echo/v4-4.6.1
d60f325 Merge pull request #283 from hahwul/dependabot/go_modules/github.com/swaggo/swag-1.7.3
e28b4df Fixed bug
aea1c61 Bump github.com/swaggo/swag from 1.7.1 to 1.7.3
fd33b7b Bump github.com/labstack/echo/v4 from 4.6.0 to 4.6.1
Published by hahwul about 3 years ago
Changelog
cf0c263 v2.5.0-dev to dev branch
6906f10 Update test code
a88beca Update readme
1210458 Update index.html
b3d88c1 Update debug logger
9bdbce9 Update contributing documents
5f846cb Update
882c97e Tap 2.5.0
f50f523 Merge pull request #282 from hahwul/dev
f60daf3 Merge pull request #277 from hahwul/dependabot/go_modules/github.com/labstack/echo/v4-4.6.0
93aafd4 Merge pull request #274 from hahwul/dependabot/go_modules/github.com/swaggo/echo-swagger-1.1.3
ab240b5 Fixed typo
1e3bb1d Bump github.com/swaggo/echo-swagger from 1.1.2 to 1.1.3
d3cb517 Bump github.com/labstack/echo/v4 from 4.5.0 to 4.6.0
c76cb11 Add WAF Detection and Evasion
0d80973 Add DalLog format (debug)
5502175 (#281) Add application/rss-xml to ignore header pattern
af9a491 (#280) Update documents
a296ba9 (#280) Update document structure
6c680ad (#278) Improve scanning (If abs is inHTML, check unconditionally without comparing the injectable type)
ceee035 (#278) Fixed only-custom-payload bug in path xss
3c4c107 (#275) If the -p flas is specified, modify to mine only that value.
2bbf9e7 (#275) Fixed '-p flag not respected'
feb4ef3 (#265) Print progress when use --silence flag in file/pipe. added --silence-force
946f066 (#255) Improve parameter processing.
Published by hahwul about 3 years ago
Changelog
aed1450 tap 2.4.9-dev
2629bac release v2.4.9
cf5740e chore: update contributors [skip ci]
422f1c3 Update grep.go
0ba77c7 Merge pull request #266 from hahwul/dependabot/go_modules/github.com/swaggo/swag-1.7.1
bd4613a Merge pull request #264 from Sy3Omda/main
8886d42 Merge pull request #263 from hahwul/dependabot/go_modules/github.com/swaggo/echo-swagger-1.1.2
6e044ff Merge pull request #259 from hahwul/dependabot/go_modules/github.com/labstack/echo/v4-4.5.0
6534152 Fixed bug (unknown escape)
9632f6f Bump github.com/swaggo/swag from 1.7.0 to 1.7.1
61a4278 Bump github.com/swaggo/echo-swagger from 1.1.0 to 1.1.2
366cb1e Bump github.com/labstack/echo/v4 from 4.4.0 to 4.5.0
cb2a81e (Fixed #267) Print POC Line in OpenRedirect (BAV)
f084ad8 (#270) Update lib test code
321b0c1 (#270) Fixed UniqParam bug
312cd28 (#264) The build-in grep divided the dalfox-slack-webbook pattern into two.
Published by hahwul about 3 years ago
Changelog
414ff11 tap v2.4.8
39d2e8d tap 2.4.8
0d41066 (Fixed #257) solv json output format
Published by hahwul over 3 years ago
- Improve DOM mining performance (thx @svennergr )
- Improve quality and unit test coverage
- Fixed bug in DOM verify - id attribute
Changelog
f246c47 update test code
4cc537a update code
07dba33 release 2.4.7
921c056 chore: update contributors [skip ci]
f0e133a chore: update contributors [skip ci]
1264093 chore: update contributors [skip ci]
189d0f1 chore: update contributors [skip ci]
e679b04 Update version.go
db0bfce Update test code
84da41d Update test code
7e8ea86 Update README.md
d3fb5e1 Merge pull request #254 from svennergr/main
9ff4d0d Merge branch 'main' of https://github.com/hahwul/dalfox into main
44e66c4 Fixed bug (dom verify)
741aa14 Create codecov.yml
c784d15 Added DOM based parameter scanning on 'form' and 'a' tags
Published by hahwul over 3 years ago
Changelog
7cbb6d0 tap 2.4.6-dev
8172e81 release v2.4.6
19b3d4a Update sample_lib.go.txt
70c6faa Update oneliner.md
c9e4456 Update index.html
adc7864 Update documents design
ae4671c Update documents design
a83ad97 Update documents design
a668da8 Update documents design
6c31916 Update docker-image.yml
7acab48 Update contributors.yml
cc0251c Update codeql-analysis.yml
94a2841 Update code.md
2f1771f Update code.md
a12d1f9 Update README.md
6d5feba Update README.md
d35ab8b Merge pull request #252 from hahwul/dependabot/go_modules/github.com/chromedp/chromedp-0.7.4
8571295 Merge pull request #251 from hahwul/dependabot/go_modules/github.com/labstack/echo/v4-4.4.0
9b237d4 Merge pull request #250 from hahwul/dependabot/go_modules/github.com/PuerkitoBio/goquery-1.7.1
1e2e0d8 Bump github.com/labstack/echo/v4 from 4.3.0 to 4.4.0
97c27db Bump github.com/chromedp/chromedp from 0.7.3 to 0.7.4
30c0b8d Bump github.com/PuerkitoBio/goquery from 1.7.0 to 1.7.1
dd09a7d (#253) Supported Multiple Headers with -H option
Published by hahwul over 3 years ago
Changelog
3edaf69 Update update.md
18d3105 Update found-action.md
d414181 Update docs.yml
a7f5681 Update develop version
b9df4d7 Update cicd.md
3d8b0e4 Release v2.4.5
5736a59 Fixed typo
611d7e7 Create cicd.md
287e83b (#249) Update documents
1b699e3 (#249) Added model for --output-all flag
a9e988e (#249) Added logic for --output-all flag
53679ba (#249) Added OutputAll to interface of lib
e4cb622 (#248) Fixed delay concurrency issue (add global latelimit)
6b571b1 (#248) Add ratelimit in BAV Scanning
Published by hahwul over 3 years ago
Changelog
e30762d release v2.4.4
393719b Update usage.md
57cefdb Update server-mode.md
6ecbbbd Apply new flag in model
03d76e7 Added summary information data for server mode
2682cfc (#244) Update documents
e05c104 (#244) Added --found-action-shell flag
Published by hahwul over 3 years ago
Changelog
5cce82d release v2.4.3
ecd335e Update oneliner.md
29ff57a Update docs.yml
2a3dc04 Update README.md
c524d85 Merge pull request #247 from hahwul/dependabot/go_modules/github.com/spf13/cobra-1.2.1
c960b18 Merge pull request #245 from hahwul/dependabot/go_modules/github.com/spf13/cobra-1.2.0
04b8f39 Merge pull request #243 from hahwul/dependabot/go_modules/github.com/briandowns/spinner-1.16.0
1eb9311 Merge pull request #242 from hahwul/dependabot/go_modules/github.com/stretchr/testify-1.7.0
1e2c6d8 Create github-action.md
dcfbd8e Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
f2bc2b6 Bump github.com/spf13/cobra from 1.2.0 to 1.2.1
a4a9ed6 Bump github.com/spf13/cobra from 1.1.3 to 1.2.0
10d2d3e Bump github.com/briandowns/spinner from 1.15.0 to 1.16.0
60dc464 Added print() in payloads (by https://portswigger.net/research/alert-is-dead-long-live-print)
5e8e0f5 (Closed #246) Added --only-poc flag
c08954b (#246) Modified README and Docs
Published by hahwul over 3 years ago
Changelog
0dd45e3 Update sample_lib.go.txt
b7df747 Update docs.yml
fcc69c0 Update docs.yml
0404c84 Update docs.yml
1f9ad96 Update code.md
ea1a448 Update README.md
e1f19be Release v2.4.2 (hotfix)
0624189 Fixed lib bug (zero concurrence)
c5d398a Create code.md
Published by hahwul over 3 years ago
Changelog
5f2ce4b Release v2.4.1 (hotfix)
f9fcece Merge pull request #241 from hahwul/dependabot/go_modules/github.com/PuerkitoBio/goquery-1.7.0
6f0e16f Fixed headless bug
25ecb7b Bump github.com/PuerkitoBio/goquery from 1.6.1 to 1.7.0
Published by hahwul over 3 years ago
Changelog
152b276 update
03b6110 tap v2.4.0-dev
dd67958 remove comments
df8afc8 released 2.4.0
611043d chore: update contributors [skip ci]
a994970 chore: update contributors [skip ci]
987c91f chore: update contributors [skip ci]
8379e85 [ImgBot] Optimize images
0890174 Upgrade to GitHub-native Dependabot
8601c2e Update usage.md
8267120 Update test code
99a7d00 Update test code
f48c548 Update test code
fc353d5 Update test code
5fb5f34 Update readme and docs for sxss
3103d61 Update payload-mode.md
a480054 Update nav bar in dalfox.hahwul.com
9a580fe Update index.html
57fc230 Update go.yml
af0662b Update go.yml
722023c Update go.yml
57ce5cd Update dalfox.hahwul.com design and update css dependency
cadb07c Update README.md
c7c78f5 Update README.md
23f512f Update README.md
161e660 Update README.md
e81948c Update README for payload mode
26739b7 Update README and docs/usage
86dbcee Remove unused functions in code
38f608b Modify documents of dalfox.hahwul.com
107c4a5 Merge pull request #239 from hahwul/dependabot/go_modules/github.com/briandowns/spinner-1.15.0
62b06ab Merge pull request #237 from hahwul/dependabot/go_modules/github.com/briandowns/spinner-1.14.0
bc4b544 Merge pull request #234 from hahwul/dependabot/go_modules/github.com/briandowns/spinner-1.13.0
6f3ceec Merge pull request #226 from hahwul/imgbot
aeccc74 Merge pull request #225 from hahwul/dependabot/go_modules/github.com/labstack/echo/v4-4.3.0
c424523 Merge pull request #224 from hahwul/dependabot/go_modules/github.com/labstack/echo/v4-4.2.2
527b4e3 Merge pull request #223 from hahwul/dependabot/add-v2-config-file
5a579a5 Merge branch 'master' of https://github.com/hahwul/dalfox
e03b1e8 Fixed typo bug
fcdcdc0 Fixed typo
e4b109d Fixed mutex bug (mutex declared in the go-routine)
c82ce55 Fixed bug on massive mode with --no-spinner
b40085c Fixed bug in remote payloads
a0fb8bb Change typo in documents site
754ff56 Change logo (fixed bug)
4cf7a17 Change logo (fixed bug)
ddf66fe Change logo (fixed bug)
88f23f6 Change logo
137095e Bump github.com/labstack/echo/v4 from 4.2.2 to 4.3.0
1a66767 Bump github.com/labstack/echo/v4 from 4.2.1 to 4.2.2
623462b Bump github.com/briandowns/spinner from 1.14.0 to 1.15.0
372ca8f Bump github.com/briandowns/spinner from 1.13.0 to 1.14.0
167cc99 Bump github.com/briandowns/spinner from 1.12.0 to 1.13.0
969a3d0 Added sample lib
719e200 Added payloads for Deep DOM XSS
bce64e0 Added payload mode
0fd1d40 Added payload for Basic DOM XSS
61fe306 Added function of --make-bulk flag in payload mode
a34a0b7 Added documents (dalfox.hahwul.com) for payload mode
0c96649 Add logger message on mining-dict
dc58f63 Add function of --remote-wordlists option
5d497b7 Add Contributors area in dalfox.hahwul.com
a04d095 Add --remote-wordlists options and renew help
35be8ca (Closed #227) Added Check CRLF Injection in BAV
5a97a65 (Closed #165) Add --remote-payloads option
010c0f1 (#Fixed #238) Fixed lowercases bug in pipemode
b8c7326 (#240) Update spinner message(percent, queryCount, etc..)
a7d01cc (#240) Improve headless performance and add logging
411452d (#240) Improve headless performance (remove WaitVisible and reduce timeout)
9a72024 (#240) Improve headless performance
fe1f0a5 (#240) Improve headless accuracy (checked CustomAlertValue)
d3965c2 (#240) Fixed mutex bug
4161b21 (#240) Change flag name (--headless to --skip-headless)
a1e5149 (#240) Apply inJS policy
4a00f9b (#240) Apply dom xss policy
84f5f52 (#240) Added testing url fragments in headless mode
851ac66 (#240) Added Maximum instance limit for DOM-XSS (worker/2)
eca5d17 (#240) Added --headless flag and check DOM XSS and inJS Verify logic
5d150b4 (#240) Added --deep-domxss flag and logic
5be6983 (#240) Add payload function for deep-domxss
cd36b6e (#240) Add 'found verify' log
45bba88 (#235) Added struct of library
f5faf14 (#235) Add result model for lib
976182a (#235) Add NewScan function for lib and change model/interface/command-line running code
f38f059 (#233) Add check all reflection logic in mining options
60a1d90 (#233) Add VerifyReflectionWithLine functions for mining check
d2da9b5 (#230) Fixed trailing slash bug and root path xss bug
071b32b (#228) solved print bug on massive mode with --no-spinner
6b66c83 (#222) Solved --trigger and --sequence flag in sxss mode)
08ef165 (#165) Change readme for --remote-paylaods
5a50bdd (#165) Add remote payload function and logic
554e8fd (#165) Add remote payload function and logic
c53e670 (#165) Add remote payload function and logic
1fddbe3 (#165) Add TODO code for remote payloads
683e7b6 (#165) Add --remote-paylaods option documents
Published by hahwul over 3 years ago
Changelog
16cd053 tap dev version
1fae39d release v2.3.7
d6934d0 (#216) Added defense code in show path redirect
cad6d2d (#215) only redirect check from bav request
c62940e (#215) Add check --skip-bav in SendReq
88d9db3 (#215 #217) Added defense code to avoid checking if the source domain of the target is a subdomain of Google
Published by hahwul over 3 years ago
Changelog
1f32f34 release v2.3.6
a076c95 (Closed #213) Revoke
5643222 (Closed #213) Change default value of BAV and Built-in grepping
2a79ead (Closed #212) Improve inJS detection
Published by hahwul over 3 years ago
Changelog
7b0a290 release v2.3.5
92c2edf Update payload.go
7fa861f Update payload.go
a9b4839 Merge pull request #210 from hahwul/dependabot/go_modules/github.com/labstack/echo/v4-4.2.1
b7b1a44 From now on, Common XSS testing will be tested regardless of reflection.
d4538ff Bump github.com/labstack/echo/v4 from 4.2.0 to 4.2.1
7362b42 (Closed #209) improvements inATTR Payloads and Generator
59833e0 (Closed #208) Update inJS Payloads
37afcbe (Closed #207) Update event handler (from rei)
Published by hahwul over 3 years ago
Changelog
7f47c44 release v2.3.4
8819c19 chore: update contributors [skip ci]
8f8e4bb chore: update contributors [skip ci]
d76d490 Update README.md
52e9865 Update README.md
225e604 Update README.md
ae3b31f Update README.md
d9381c4 Merge branch 'master' of https://github.com/hahwul/dalfox
146f4ed Merge branch 'master' of https://github.com/hahwul/dalfox
909cfbb Fixed typo bug
94b7cfc Fixed payload bug
2c07599 (Fixed #205) fixed dynamic content-type bug
7ace4d3 (#200) Improvements inATTR payloads
5bd8773 (#200) Fixed bugs
d3b0b01 (#200) Add Navigate the path recursively for Path base XSS
5b15964 (#200) Add Navigate the path recursively for Path base XSS
Published by hahwul over 3 years ago
Changelog
78b5e31 release v2.3.3
59cc620 Update README.md
e8f6c86 Update README.md
b3826ca Update README.md
7cd9839 Update README.md
6ffd745 Update README.md
b6a1c62 Improved system log output
afe26e1 Delete renovate.json
3b1d6ab (Fixed #202) Add message of starting and end scanning
2a2c116 (Fixed #202) Add message of starting and end scanning
dfe68e4 (Fixed #202) Add message of starting and end scanning
5b09dde (Closed #197) Added --mass-worker option in file/pipe mode
Published by hahwul over 3 years ago
Changelog
6993916 release v2.3.2
efba686 (Closed #199) Change options
fa2455e (Closed #198) Fixed bug
2b4cb9c (Closed #196) Fixed broken spinner using long target url bug
6cd6794 (Closed #195) Fixed emoji bug
a419525 (#197) Add '--mass' sub flags
Published by hahwul over 3 years ago
Changelog
6c08690 release v2.3.1
e03327d chore: update contributors [skip ci]
ddcbd4e [ImgBot] Optimize images
783cffb Update installation.md
b7e3f13 Update installation.md
ca1c881 Update docs
c38c5cd Update docs
8ea730b Update docs
b7541c8 Update README.md
76c9cf7 Merge pull request #193 from hahwul/imgbot
6a5812c Improvement to '--no-color' option
b0a7124 Change spinner icon
04554d7 (Closed #194) Change Logger format
b608501 (#194) Change logger and spinner
8aa763b (#194) Change Logger format
bff736f (#194) Change Logger format
Published by hahwul over 3 years ago
Changelog
0b71b5a release v2.3.0
0a61984 Update module logrusorgru/aurora to v3
4c8de13 Merge pull request #191 from hahwul/renovate/logrusorgru-aurora-3.x
4aaf340 (Fixed #183) Bump to v2
33bfd63 (Fixed #183) Bump to v2
0d91da2 (Fixed #183) Bump to v2
a4bbf19 (Closed #175) Adjust XSS injection phase for targets that reflected all injections
2dc2161 (Closed #171) Improvement of printing in pipe/file multicast(parallel mode)