Dalfox
XSS parameter analyzer and reflected/stored/DOM-focused fuzzer with mining and pipeline modes.
Why it is included
Actively maintained open XSS tooling that fits automation and manual triage.
Best for
Focused XSS phases after mapping inputs in web engagements.
Strengths
- Go speed
- Mining mode
- Useful defaults
Limitations
- XSS-only; combine with broader scanners
Good alternatives
OWASP ZAP · Browser devtools
Related tools
Security & Privacy
OWASP ZAP
OWASP flagship web app scanner and proxy: automated checks, manual request tampering, scripting, and CI integrations.
Security & Privacy
sqlmap
Automatic SQL injection and database takeover helper with fingerprinting, data exfiltration, and OS-shell paths.
Security & Privacy
Gobuster
Go-based directory/DNS/vhost brute-forcer with threading tuned for pentest wordlists.
Security & Privacy
Nikto
Web server scanner that probes for dangerous files, outdated software, and misconfigurations via many checks.
Security & Privacy
ffuf
Fast web fuzzer for directories, virtual hosts, parameters, and raw HTTP—common in bug bounty playbooks.
Security & Privacy
feroxbuster
Recursive content discovery written in Rust with intelligent filtering and replay-friendly output.