# Install dalfox with Homebrew, MacPorts, Nix

XSS scanner and utility focused on automation. Version 3.1.2 via Homebrew; verified 2026-06-27.

## Install

```sh
sudo av install brew:dalfox
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install dalfox
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install dalfox
```

  Evidence: MacPorts ports tree: security/dalfox/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#dalfox
```

  Evidence: nixpkgs package indexes: pkgs/by-name/da/dalfox/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:dalfox
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/dalfox>
- **Version:** 3.1.2
- **Source summary:** XSS scanner and utility focused on automation
- **Homepage:** <https://dalfox.hahwul.com>
- **Repository:** <https://github.com/hahwul/dalfox>
- **Upstream docs:** <https://dalfox.hahwul.com/>
- **License:** MIT
- **Source archive:** <https://github.com/hahwul/dalfox/archive/refs/tags/v3.1.2.tar.gz>
- **Last updated:** 2026-06-27T12:33:29Z
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- dalfox (cli)
- dalfox (alias)

## Build dependencies

- rust

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 3.1.2
- Package-manager updated: 2026-06-27
- Local data: ok
- Upstream repository: https://github.com/hahwul/dalfox
- Upstream latest detected: v3.1.2 (current)
## Project history and usage

Dalfox is an open-source XSS scanner and security automation CLI built around parameter discovery, context-aware payload generation, and verified reporting formats useful in bug bounty and DevSecOps workflows.

### Project history

The project identifies itself as Dalfox, combining the Korean word for moon with 'Fox', and its older Go-era README described it as a successor-style rewrite after XSpear. Current official documentation presents v3 as a Rust rewrite while preserving the Go v2 branch for security backports.

### Adoption history

Dalfox became package-manager friendly because it ships as a single CLI and documents installation through Homebrew, Snap, Nix, cargo, Arch AUR, prebuilt binaries, and source builds. Its official pages emphasize fitting into existing recon stacks instead of requiring a heavy scanner platform.

### How it is used

Typical use is to scan a single URL, a file of URLs, raw HTTP input, or piped crawler output, then export findings as plain text, JSON, JSONL, Markdown, SARIF, TOML, or through REST and MCP server modes.

### Why package nerds care

For package maintainers, Dalfox is a modern security CLI with a clean single-binary distribution story and a visible language/runtime transition from Go v2 to Rust v3, making it a useful example of how security tools move across ecosystems while keeping package channels alive.

### Timeline

- 2020: Go module metadata records a stable v1-era Dalfox release.
- 2025: Official release notes documented expanded server, report, and raw request workflow support in the v2 line.
- 2026: Official docs present Dalfox v3.1.2 and a Rust-based v3 line.

### Related projects

- Dalfox's own history points back to XSpear as prior XSS tooling by the same author, and its package ecosystem sits beside proxy/recon tools such as Caido, Burp-style raw request workflows, and CI code-scanning consumers of SARIF.

### Sources

- <https://dalfox.hahwul.com/>
- <https://dalfox.hahwul.com/getting-started/>
- <https://dalfox.hahwul.com/getting-started/installation/>
- <https://dalfox.hahwul.com/getting-started/configuration/>
- <https://github.com/hahwul/dalfox>
- <https://www.hahwul.com/blog/2025/dalfox_2_12_released/>


## Security Notes

No matching local secret-handling manifest was found for dalfox. Nucleus package metadata is still published here so future coverage has a stable package URL.



## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: $XDG_CONFIG_HOME/dalfox/config.toml, ~/.config/dalfox/config.toml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** dalfox
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - dalfox: normalized package name match | nixpkgs package indexes: pkgs/by-name/da/dalfox/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- MacPorts - dalfox: normalized package name match | MacPorts ports tree: security/dalfox/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [Web development packages](https://www.automicvault.com/pkg/web-dev-tools/) - Matched web development metadata.
- [rust](https://www.automicvault.com/pkg/brew/rust/) - Build dependency declared by Homebrew.
- [feroxbuster](https://www.automicvault.com/pkg/brew/feroxbuster/) - Shares av.db curated category or tags: cli, security, web-security.
- [ffuf](https://www.automicvault.com/pkg/brew/ffuf/) - Shares av.db curated category or tags: cli, security, web-security.
- [gobuster](https://www.automicvault.com/pkg/brew/gobuster/) - Shares av.db curated category or tags: cli, security, web-security.
- [katana](https://www.automicvault.com/pkg/brew/katana/) - Shares av.db curated category or tags: automation, cli, security, web-security.
- [forbidden](https://www.automicvault.com/pkg/brew/forbidden/) - Shares av.db curated category or tags: cli, security, web-security.
- [bbot](https://www.automicvault.com/pkg/brew/bbot/) - Shares av.db curated category or tags: automation, cli, security.
- [cargo-audit](https://www.automicvault.com/pkg/brew/cargo-audit/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [clair](https://www.automicvault.com/pkg/brew/clair/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.

## Combined YAML source

View the package source record on GitHub. [combined/dalfox.yml](https://github.com/automic-vault/db/blob/main/combined/dalfox.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
