why i didn't get the ditails over view step by step after scan. it just says issue 6 thats it .but didn't said me the vulnerability, the step and payload the tool user for to find this . but in this video you shows us its tell all the step
Hmmm I didn't make this video so not 100% but generally when we say endpoint it's like "login endpoint = /login", "register endpoint = /register", "api endpoint = /api" etc
check this example: media.geeksforgeeks.org/wp-content/uploads/20210723203017/Example1minmin.jpg which came from www.geeksforgeeks.org/dalfox-parameter-analysis-and-xss-scanning-tool
What to do after getting alert(XSS); pop-up because pop-up with cookies 🍪 or document.domain(); pop-up is not suitable to receive bug bounty rewards. Please guide how to escalate reflected XSS to higher levels to earn bounties on hackerOne BugCrowd intigrity etc. Thanks 😊 🤝❤️💫💐😘🥰🌺💥💯👍
I scan testvul.php site with gau which gave me 2800 urls then scan all those with kxss which gave me 19 vulnerable urls which I gave them to dalfox but it did not find anything. I checked manualy and they were all vunerable. Why this happend. Is this tool realy helpfull.?
This is the best xs software i have ever seen
I really feel great!
Great! Any cool finds with it yet?
So cool hahwul!!!!!!!!!
We also like him 😇
Thanks really appreciated!
Glad it helped!
This is definitely fire. But how to we hide its signature ? I see Dalfox populated on my testing machine logs. Not stealthy
It is most likely the user-agent that your seeing. Check the Dalfox help page to look up how to change it!
why i didn't get the ditails over view step by step after scan. it just says issue 6 thats it .but didn't said me the vulnerability, the step and payload the tool user for to find this . but in this video you shows us its tell all the step
Can it work in finding real bug ?
Bcz finding Bugs manually is much difficult ...
It can definitely help you!
Think locally bro not just wan think Lan
I can't run the tool how do you run it I get dalfox not a command
You first need to install dalfox. Look at the blog post in the description to find out how!
Super sir
🙏
Great~
Thanks!
😍😎
Thanks for the amazing tool!
Great 🔥
Thanks!! 🔥
@Gurvir singh Bhai har jagah yahi comment karte ho kya.. 😀😀😀 .
can you suggest some other tools like this?
We'll cover some more in the future!
@@intigriti ok
in video you say file containing all your endpoints means all URLs with parameters am i right? (time stamp 04:50)
Hmmm I didn't make this video so not 100% but generally when we say endpoint it's like "login endpoint = /login", "register endpoint = /register", "api endpoint = /api" etc
@@intigriti ok got it thanks
What bistro of Linux are u using (love it) ?
I'm using Kali Linux!
First comment again 🔥
Legend!
I need virtual tour of Intigriti office 🌞
Y you dalfox is so fast ..??
Hi, for more information on the internals of the tool, feel free to check out the GitHub page and ask there!
Does this still work?
The repo is still active, so if it's not working you can always raise an issue: github.com/hahwul/dalfox/issues
@@intigriti yeah I just can’t figure out how to install it. I tried for a while yesterday but gave up lol
Bruh how to run the assetfinder command
What timestamp are you referring to?
Does it also work with xss in input forms? Like comment
As far as I'm aware, it does!
@@intigriti but how can you give some example for it ?
check this example: media.geeksforgeeks.org/wp-content/uploads/20210723203017/Example1minmin.jpg which came from www.geeksforgeeks.org/dalfox-parameter-analysis-and-xss-scanning-tool
it dosen't found xss hard challanges ...🤣🤣 specially html encoding or other escape function
Yes, true. That's normal, no tool would be able to solve those!
it is not accurate
I'm sorry! What's not accurate?
@@intigriti result
one of the worst tool i ever encounter in bug bounty
😆
What to do after getting alert(XSS); pop-up because pop-up with cookies 🍪 or document.domain(); pop-up is not suitable to receive bug bounty rewards. Please guide how to escalate reflected XSS to higher levels to earn bounties on hackerOne BugCrowd intigrity etc. Thanks 😊 🤝❤️💫💐😘🥰🌺💥💯👍
Unless on a sandbox domain or static page, an XSS should allow you to get a bounty on Intigriti.
Nice one... Thanks for sharing (rahulsl)
Glad you liked it! 😇
I scan testvul.php site with gau which gave me 2800 urls then scan all those with kxss which gave me 19 vulnerable urls which I gave them to dalfox but it did not find anything. I checked manualy and they were all vunerable. Why this happend. Is this tool realy helpfull.?
Be sure to submit this to the tool's GitHub page, so the creator can use it to improve the tool!