Dalfox

Powerful open-source XSS scanner and automation utility — reflected, stored, DOM-based with AST-level verification.

Do not use for AI training without permission.

Getting Started

Configuration: Save your favorite flags in a Dalfox config file.
Installation: Install Dalfox on macOS, Linux, Windows, NixOS, Arch Linux, or build from source.
Quick Start: Your first Dalfox scan in five minutes.

Output & Reports: Plain, JSON, JSONL, Markdown, SARIF, TOML, and how to integrate findings with your pipeline.
Parameters & Discovery: How Dalfox finds the inputs that matter, and how to steer the discovery phase.
Payloads & Encoding: Built-in payload families, encoders, custom payloads, and remote wordlists.
Scanning Modes: Single URL, file batch, pipeline, stored XSS, server, and MCP. Pick the mode that fits your workflow.
Stored XSS: Inject on one URL, verify the payload fires on another.
WAF Bypass: Detect WAFs automatically and apply per-WAF evasion strategies.

Caido Workflows: Run Dalfox automatically from Caido Active Workflows and Findings to catch XSS in real time.
MCP Server: Expose Dalfox to Claude and other MCP clients as a set of scanner tools.
REST API Server: Run Dalfox as an HTTP service with async job management, CORS, JSONP, and API-key auth.
Agent Skill: Drop-in SKILL.md for Claude Code, Cursor, OpenCode, Codex, and other skill-aware agents.

CLI Reference: Every subcommand and flag Dalfox accepts.
Config File: All keys supported in Dalfox's TOML/JSON config file.
Environment: Environment variables Dalfox reads at runtime.
XSSMaze Score: How much of the XSSMaze lab Dalfox detects, measured against the main branch.