Update Documents

hahwul · Sep 16, 2022 · e6a6933 · e6a6933
1 parent 0e29014
commit e6a6933
Show file tree

Hide file tree

Showing 3 changed files with 87 additions and 0 deletions.
diff --git a/docs/_docs/json.md b/docs/_docs/json.md
@@ -3,6 +3,75 @@ title: Result JSON Format
 permalink: /docs/json/
 ---
 
+## Scan Result
+```json
+{
+ "logs": null,
+ "pocs": [
+  {
+   "type": "R",
+   "inject_type": "inHTML-none(1)-URL",
+   "poc_type": "plain",
+   "method": "GET",
+   "data": "https://xss-game.appspot.com/level1/frame?query=%3Cxmp%3E%3Cp+title%3D%22%3C%2Fxmp%3E%3Csvg%2Fonload%3Dprint%281%29%3E",
+   "param": "query",
+   "payload": "\u003cxmp\u003e\u003cp title=\"\u003c/xmp\u003e\u003csvg/onload=print(1)\u003e",
+   "evidence": "13 line:  s were found for \u003cb\u003e\u003cxmp\u003e\u003cp title=\"\u003c/xmp\u003e\u003csvg/onload=print(1)\u003e\u003c/b\u003e. \u003ca href='?'\u003e",
+   "cwe": "CWE-79",
+   "severity": "Medium"
+  },
+  {
+   "type": "V",
+   "inject_type": "inHTML-none(1)-URL",
+   "poc_type": "plain",
+   "method": "GET",
+   "data": "https://xss-game.appspot.com/level1/frame?query=%3CdETAILS%250aopen%250aonToGgle%250a%3D%250aa%3Dprompt%2Ca%28%29+class%3Ddalfox%3E",
+   "param": "query",
+   "payload": "\u003cdETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() class=dalfox\u003e",
+   "evidence": "13 line:  s were found for \u003cb\u003e\u003cdETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() class=dalfox\u003e\u003c",
+   "cwe": "CWE-79",
+   "severity": "High"
+  }
+ ],
+ "params": [
+  {
+   "Name": "query",
+   "Type": "URL",
+   "Reflected": true,
+   "ReflectedPoint": "/inHTML-none(1)",
+   "ReflectedCode": "13 line:  Sorry, no results were found for \u003cb\u003eDalFox\u003c/b\u003e. \u003ca href='?'\u003eTry again",
+   "Chars": [
+    "\u003e",
+    "-",
+    "\u003c",
+    "\"",
+    "[",
+    ",",
+    "\\",
+    "]",
+    "(",
+    "$",
+    ":",
+    ";",
+    "{",
+    "`",
+    "'",
+    "}",
+    ")",
+    "+",
+    "=",
+    "|",
+    "."
+   ]
+  }
+ ],
+ "duration": 6254560167,
+ "start_time": "2022-09-16T13:24:02.693407+09:00",
+ "end_time": "2022-09-16T13:24:08.947901+09:00"
+}
+```
+
+## PoC
 ```json
 {
       "type":"Type of PoC (G/R/V)",

diff --git a/docs/_docs/report.md b/docs/_docs/report.md
@@ -0,0 +1,16 @@
+---
+title: Report
+permalink: /docs/report/
+---
+
+```shell
+dalfox url https://xss-game.appspot.com/level1/frame --report
+```
+
+![](https://user-images.githubusercontent.com/13212227/190555379-a4b06b07-0ae0-4f9a-859a-650ac34186ae.png)
+
+```shell
+dalfox url https://xss-game.appspot.com/level1/frame --report --report-format json
+```
+
+![](https://user-images.githubusercontent.com/13212227/190555382-cb7e37b9-b4c9-4c99-b853-ff65a1df9e01.png)
diff --git a/docs/_docs/usage.md b/docs/_docs/usage.md
@@ -69,6 +69,8 @@ Global Flags:
     --remote-wordlists string     Using remote wordlists for param mining
                                     * Supported: burp/assetnote
                                     * Example: --remote-wordlists=burp
+    --report                      Show detail report
+    --report-format string        Format of --report flag [plain/json] (default "plain")
 -S, --silence                     Not printing all logs
     --skip-bav                    Skipping BAV(Basic Another Vulnerability) analysis
     --skip-grepping               Skipping built-in grepping