Expand description
§Dalfox-RS
A type-safe, asynchronous Rust wrapper for the Dalfox XSS Scanner.
This crate orchestrates the Dalfox Go binary, streaming its JSON output directly into heavily typed Rust structs, making XSS scanning inside Rust projects highly composable and panic-free.
§Features
- Full Dalfox CLI coverage: Every flag exposed as a typed builder method.
- Streaming output: Real-time callbacks as findings are discovered.
- Stored XSS: First-class
sxssmode support. - Multi-format output: JSON, CSV, Markdown, and plain text.
- Diagnostic capture: stderr, parse errors, exit codes all preserved.
§Example
use dalfox_rs::{Dalfox, DalfoxResult};
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
let runner = Dalfox::builder()
.request_timeout(10)
.scan_deadline(300)
.workers(100)
.build();
let result: DalfoxResult = runner.scan_url("http://example.com?q=test").await?;
for finding in &result.findings {
println!("Found XSS! {}", finding);
}
// Check for parse issues (schema changed?)
if result.has_parse_errors() {
eprintln!("Warning: {} lines failed to parse", result.parse_errors.len());
}
Ok(())
}Re-exports§
pub use builder::DalfoxBuilder;pub use error::DalfoxError;pub use runner::DalfoxRunner;pub use types::DalfoxFinding;pub use types::DalfoxResult;pub use types::EventType;pub use types::Method;pub use types::OutputFormat;pub use types::Severity;
Modules§
- builder
- Builder configuration for Dalfox scanning. Builder for orchestrating Dalfox process execution.
- error
- Error variants specific to Dalfox execution. Error types for the Dalfox wrapper.
- runner
- The core asynchronous executor and scan modes. The execution orchestration engine for Dalfox.
- types
- Strictly-typed structs for Dalfox’s JSON response, enums, and output formatting. Strictly-typed structures for Dalfox scan results.
Structs§
- Dalfox
- Entry point to configure a Dalfox scan.