- name: Dalfox scan
uses: hahwul/action-dalfox@main
id: xss-result
with:
target: 'https://www.hahwul.com'
mode: url
cmd_options: '--follow-redirects'- Modes:
urlpipefilesxss - Options: https://github.com/hahwul/dalfox#usage
Send slack/github issue/Submit JIRA, etc.. with found-action option
- name: Dalfox scan
uses: hahwul/action-dalfox@main
id: xss-result
with:
target: 'https://www.hahwul.com'
mode: url
cmd_options: '--found-action "curl -i -k"https://hooks.your.system"'
- run: echo "XSS result - ${{ steps.xss-result.outputs.result }}"xss.yaml
on: [push]
jobs:
dalfox_scan:
runs-on: ubuntu-latest
name: XSS Scanning
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: master
- name: Dalfox scan
uses: hahwul/action-dalfox@main
id: xss-result
with:
target: 'https://xss-game.appspot.com/level1/frame'
mode: url
cmd_options: '--follow-redirects'xss.yaml
on: [push]
jobs:
dalfox_scan:
runs-on: ubuntu-latest
name: XSS Scanning
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: master
- name: Dalfox scan
uses: hahwul/action-dalfox@main
id: xss-result
with:
target: 'https://xss-game.appspot.com/level1/frame\nhttps://www.hahwul.com?q=1234'
mode: pipe
XSS Scan with Dalfox is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
XSS Scan with Dalfox is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.