Skip to main content
Glama
SlanyCukr

Bug Bounty MCP Server

by SlanyCukr
OverviewInspectSchemaRelated ServersScoreDiscussions
Python
Remote

dalfox_xss_scan

Scan web applications for Cross-Site Scripting vulnerabilities using advanced payload injection and DOM analysis techniques to identify security weaknesses.

Instructions

Execute Dalfox for advanced XSS vulnerability scanning with enhanced logging.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
additional_argsNo
blindNo
custom_payloadNo
mining_dictNo
mining_domNo
pipe_modeNo
urlYes

Implementation Reference

  • src/mcp_server/app.py:959-988 (registration)
    MCP tool registration (@mcp.tool()) and proxy handler for 'dalfox_xss_scan'. Forwards parameters to REST API endpoint '/api/dalfox-xss-scan'.
    @mcp.tool() def dalfox_xss_scan( url: str, pipe_mode: bool = False, blind: bool = False, mining_dom: bool = True, mining_dict: bool = True, custom_payload: str = "", additional_args: str = "", ) -> dict[str, Any]: """Run Dalfox for advanced XSS scanning with enhanced logging.""" data = { "url": url, "pipe_mode": pipe_mode, "blind": blind, "mining_dom": mining_dom, "mining_dict": mining_dict, "custom_payload": custom_payload, "additional_args": additional_args, } logger.info(f"⚡ Starting Dalfox XSS scanning on {url}") result = api_client.safe_post("api/dalfox-xss-scan", data) if result.get("success"): logger.info(f"✅ Dalfox XSS scan completed on {url}") else: logger.error("❌ Dalfox XSS scan failed") return result
  • src/rest_api_server/tools/dalfox/dalfox.py:132-147 (handler)
    Primary handler function 'execute_dalfox' decorated with @tool decorator. Builds dalfox CLI command, executes it, and parses results.
    @tool(required_fields=["url"]) def execute_dalfox(): """Execute Dalfox for XSS vulnerability scanning.""" data = request.get_json() params = _extract_dalfox_params(data) logger.info(f"Executing Dalfox XSS scan on {params['url']}") command = _build_dalfox_command(params) execution_result = execute_command( command, timeout=600 ) # 10 minutes timeout for XSS scanning logger.info(f"Dalfox XSS scan completed for {params['url']}") return _parse_dalfox_result(execution_result, params, command)
  • src/rest_api_server/tools/dalfox/dalfox.py:60-102 (helper)
    Helper function to construct the dalfox CLI command from input parameters.
    def _build_dalfox_command(params): """Build dalfox command from parameters.""" cmd_parts = ["dalfox"] # Build dalfox command if params["pipe_mode"]: cmd_parts.append("pipe") else: cmd_parts.extend(["url", params["url"]]) # Add dalfox-specific parameters if params["blind"]: cmd_parts.append("--blind") if params["mining_dom"]: cmd_parts.append("--mining-dom") if params["mining_dict"]: cmd_parts.append("--mining-dict") if params["custom_payload"]: cmd_parts.extend(["--custom-payload", params["custom_payload"]]) if params["workers"] != 100: cmd_parts.extend(["--worker", str(params["workers"])]) if params["method"] != "GET": cmd_parts.extend(["--method", params["method"]]) if params["headers"]: cmd_parts.extend(["--header", params["headers"]]) if params["cookies"]: cmd_parts.extend(["--cookie", params["cookies"]]) if params["timeout"] != 10: cmd_parts.extend(["--timeout", str(params["timeout"])]) # Handle additional arguments if params["additional_args"]: cmd_parts.extend(params["additional_args"].split()) return " ".join(cmd_parts)
  • src/rest_api_server/tools/dalfox/dalfox.py:13-57 (helper)
    Helper function to extract and validate input parameters, including aggressive mode preset.
    def _extract_dalfox_params(data): """Extract and validate dalfox parameters from request data.""" # Check for aggressive mode aggressive = data.get("aggressive", False) # Base parameters base_params = { "url": data.get("url", data.get("target", "")), "blind": data.get("blind", False), "deep": data.get("deep", False), "mining": data.get("mining", False), "workers": data.get("workers", 25), "delay": data.get("delay", 1), "timeout": data.get("timeout", 10), "waf_evasion": data.get("waf_evasion", False), "follow_redirects": data.get("follow_redirects", False), "custom_payload": data.get("custom_payload", ""), "additional_args": data.get("additional_args", ""), "pipe_mode": data.get("pipe_mode", False), "mining_dom": data.get("mining_dom", False), "mining_dict": data.get("mining_dict", False), "method": data.get("method", "GET"), "headers": data.get("headers", ""), "cookies": data.get("cookies", ""), } # Apply aggressive preset if requested # Apply aggressive preset if requested (local implementation) if aggressive: # Dalfox aggressive preset base_params.update( { "blind": True, "deep": True, "mining": True, "workers": 100, "delay": 0, "timeout": 30, "waf_evasion": True, "follow_redirects": True, "mining_dom": True, "mining_dict": True, } ) return base_params
  • src/rest_api_server/tools/dalfox/dalfox.py:105-130 (helper)
    Helper function to parse and format the dalfox execution results into standardized response.
    def _parse_dalfox_result(execution_result, params, command): """Parse dalfox execution result and format response.""" return { "tool": "dalfox", "target": params["url"], "command": command, "success": execution_result["success"], "stdout": execution_result.get("stdout", ""), "stderr": execution_result.get("stderr", ""), "return_code": execution_result.get("return_code", 0), "parameters": { "url": params["url"], "pipe_mode": params["pipe_mode"], "blind": params["blind"], "mining_dom": params["mining_dom"], "mining_dict": params["mining_dict"], "custom_payload": params["custom_payload"], "workers": params["workers"], "method": params["method"], "headers": params["headers"], "cookies": params["cookies"], "timeout": params["timeout"], "additional_args": params["additional_args"], }, }

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/SlanyCukr/bugbounty-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server