Dalfox 2.10 Released ⚡︎
Greetings, fellow security enthusiasts! Dalfox v2.10.0 has arrived, and it’s an update worth celebrating. This release brings a thoughtful mix of enhancements—new flags, refined payloads, and a performance boost that genuinely stands out. After spending some time with its features, I’m excited to share why this version deserves your attention.
The CLI banner has been updated too!
What’s New in v2.10.0?
This version introduces several meaningful improvements:
- Skip Discovery: The
--skip-discoveryflag (PR #644) lets you jump straight to scanning when preliminary steps aren’t needed. - Limit Results: With the
--limitflag in file/pipe modes (PR #676), you gain better control over output volume—perfect for focused analysis. - Headless Flexibility:
--force-headless-verification(PR #677) offers more precision in headless mode operations. - Payload Refresh: Updated payloads and patterns (PR #640) sharpen XSS detection capabilities.
- Custom Transport: For developers integrating with code, custom transport support (PR #636) is a welcome addition.
New flags to explore:
--force-headless-verification--max-cpu--skip-discovery--limit(file/pipe modes only)
Performance Breakthrough
The standout feature of v2.10.0 is its performance. Dalfox now runs with remarkable efficiency, addressing past CPU utilization concerns. The new --max-cpu flag enables smarter resource management, and by default, the tool uses just one CPU core—reducing system load significantly. Check out these benchmark results:
| Version | Time | User | System | Range (50 runs) |
|---|---|---|---|---|
| v2.9.3 | 5.698 s ± 0.357 s | 2.670 s | 0.453 s | 5.305 s - 6.316 s |
| v2.10.0 | 4.204 s ± 0.236 s | 0.500 s | 0.130 s | 3.995 s - 4.812 s |
Single URL Scan
That’s roughly a 26% performance gain, with noticeably lower resource demands. Scans feel snappier without overwhelming your system—a balance I truly appreciate.
More Highlights
- CI/CD Improvements: Docker workflows and Codecov integrations have been significantly refined.
- Code Quality: Extensive refactoring has led to cleaner, more maintainable code.
- Better Testing: We’ve expanded our testing suite with additional unit and functional tests.
- Documentation: Updated docs now feature clearer explanations and fresh examples for an improved user experience.
Cleaner Code
This release includes substantial structural improvements to the codebase:
Code Restructuring
Large functions have been broken into smaller, more manageable units, improving maintainability and easing unit testing. This overhaul marks a significant shift in the source code architecture.
I really fixed a lot this time!
Coverage Enhancement
Code coverage has jumped from 30% to about 70%, reflecting our dedication to quality and reliability. The next target? 80%.
Bug Fixes
We’ve squashed several bugs in this release—a solid cleanup effort worth noting.
Thank You ❤️
A heartfelt thank you to all contributors who keep Dalfox evolving. Special shoutouts to @arjun-1, @noperator, and @Bide-UK for their invaluable work on this release.
Get It Here
Dive into the updated docs for all the details:
Final Thoughts
Working on this update felt like a showdown with my past self. Refactoring was a grind, but finishing it on time brings a sense of relief and pride. The results speak for themselves.
Looking forward, I’m committed to pushing performance and detection even further. Plans are in motion to leverage XSS challenge pages to boost detection rates in future releases.
Though Dalfox is a mature tool, the process of refining it remains rewarding. There’s something deeply satisfying about taking an established project and making it shine brighter.