HAHWUL
## Show parameter analysis result when finish scan e.g ``` url - safe - ! @ # $ p - safe - ! @ # $ da - vuln -...
- https://github.com/hahwul/dalfox/security/dependabot/1 - https://github.com/advisories/GHSA-hp87-p4gw-j4gq ## ``` go mod why gopkg.in/yaml.v2 ``` ``` # gopkg.in/yaml.v2 github.com/hahwul/dalfox/v2/pkg/server/docs github.com/swaggo/swag github.com/go-openapi/spec github.com/go-openapi/swag gopkg.in/yaml.v2 ```
기능 - [ ] Show JWT info => e.g convert expire time - [x] Signature secret Bruteforce - [x] Signature secret Dictionary attack - [x] None algorithm testing - [...
``` $ authz0 new --receive-proxy 0.0.0.0:8070 admin.yaml $ authz0 new --receive-proxy localhost:8090 admin.yaml $ authz0 new --receive-proxy 8070 admin.yaml ```
selenium is very slow and busy to system. I think user's need an option.
- [ ] Check Base64 Reflection ``` request PHN2Zy9vbmxvYWQ9YWxlcnQoNDUpPg== return => found! ``` - [ ] Check Base64 Decode Reflection - [ ] Check HTML Hex Decode Reflection (from https://github.com/hahwul/XSpear/issues/62)...
**before** - selenium run only speical payloads ```ruby # Check Selenium Common XSS Payloads r.push makeQueryPattern('x', '">alert(45)', 'alert(45)', 'v', "triggered ".yellow+"alert(45)".red, CallbackXSSSelenium) ``` **after** - Execute Selenium only when it...