Limiting the number of requests during scanning.

[michalkrzem]

Is there a way to reduce the number of requests during scanning? I'm getting around 2500 requests, which takes a lot of time with a reduced number of workers (I have such requirements).

[hahwul]

@michalkrzem
To reduce the number of requests during scanning with Dalfox, you can adjust the following options:

• -w, --worker int: Reduce the number of concurrent workers. The default is 100, but lowering this can decrease the overall number of requests by limiting how many scans are performed simultaneously.
• --delay int: Set a delay between requests to the same host. This can help manage the load on the target server, potentially reducing the total number of requests by spacing them out over time.
• --skip-mining-all: This option skips all parameter mining, which can significantly reduce the number of requests since mining involves probing for additional parameters.
• --skip-mining-dict: Disables dictionary-based parameter mining, cutting down on requests that explore new parameters via a predefined list.
• --skip-mining-dom: Turns off DOM-based parameter mining, which also helps in reducing the request count by not scanning for parameters in the DOM.

By using these options, you can customize Dalfox to perform fewer requests, thus reducing the scanning time while still achieving your security testing objectives.

[hahwul]

I think it could be helpful to have a feature like SQLMap’s level flag to fine-tune the underlying payloads.
I’ll give it some thought and consider exploring it further.