Automic VaultAutomic Vault

brew

Install dalfox with Homebrew, MacPorts, Nix

XSS scanner and utility focused on automation. Version 3.1.2 via Homebrew; verified 2026-06-27.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install dalfox

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install dalfox

MacPorts ports tree · security/dalfox/Portfile · source: api.github.com

Linux

Nixverified · 92%
nix profile install nixpkgs#dalfox

nixpkgs package indexes · pkgs/by-name/da/dalfox/package.nix · source: api.github.com

overview

Package summary

XSS scanner and utility focused on automation

Commands and aliases

  • dalfox

history

Project history and usage

Dalfox is an open-source XSS scanner and security automation CLI built around parameter discovery, context-aware payload generation, and verified reporting formats useful in bug bounty and DevSecOps workflows.

Project history

The project identifies itself as Dalfox, combining the Korean word for moon with 'Fox', and its older Go-era README described it as a successor-style rewrite after XSpear. Current official documentation presents v3 as a Rust rewrite while preserving the Go v2 branch for security backports.

Adoption history

Dalfox became package-manager friendly because it ships as a single CLI and documents installation through Homebrew, Snap, Nix, cargo, Arch AUR, prebuilt binaries, and source builds. Its official pages emphasize fitting into existing recon stacks instead of requiring a heavy scanner platform.

How it is used

Typical use is to scan a single URL, a file of URLs, raw HTTP input, or piped crawler output, then export findings as plain text, JSON, JSONL, Markdown, SARIF, TOML, or through REST and MCP server modes.

Why package nerds care

For package maintainers, Dalfox is a modern security CLI with a clean single-binary distribution story and a visible language/runtime transition from Go v2 to Rust v3, making it a useful example of how security tools move across ecosystems while keeping package channels alive.

Timeline

  • 2020: Go module metadata records a stable v1-era Dalfox release.
  • 2025: Official release notes documented expanded server, report, and raw request workflow support in the v2 line.
  • 2026: Official docs present Dalfox v3.1.2 and a Rust-based v3 line.

Related projects

  • Dalfox's own history points back to XSpear as prior XSS tooling by the same author, and its package ecosystem sits beside proxy/recon tools such as Caido, Burp-style raw request workflows, and CI code-scanning consumers of SARIF.

security posture

No protected-tool coverage found yet

No matching local secret-handling manifest was found for dalfox. Nucleus package metadata is still published here so future coverage has a stable package URL.

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
$XDG_CONFIG_HOME/dalfox/config.toml~/.config/dalfox/config.toml

executables

Installed executables

CommandKindExposureNote
dalfoxcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version3.1.2
manager updated2026-06-27
local dataok
upstreamcurrent
latest detectedv3.1.2

https://github.com/hahwul/dalfox

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:dalfox
Version3.1.2
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/dalfox
Homepagehttps://dalfox.hahwul.com
Repositoryhttps://github.com/hahwul/dalfox
Upstream docshttps://dalfox.hahwul.com/
LicenseMIT
Source archivehttps://github.com/hahwul/dalfox/archive/refs/tags/v3.1.2.tar.gz
Last updated2026-06-27T12:33:29Z
Pulseupdated
Build dependenciesrust
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namedalfox
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

dalfox

nix profile install nixpkgs#dalfox
  • normalized package name match
  • Matched by: Dalfox
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/da/dalfox/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
MacPorts95%

dalfox

sudo port install dalfox
  • normalized package name match
  • Matched by: Dalfox
MacPorts ports tree · api.github.com · MacPorts ports tree: security/dalfox/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment