Skip discovery/analysis

[noperator]

Question

Is there a way to skip discovery (including static/parameter analysis) if I already know which parameter I want to target? I'd like to go straight to the scanning phase. I'm aware of the --param option, but dalfox seems to still perform discovery even when I supply a specific parameter to target. If dalfox can't currently do this, I'll just submit a PR for a --skip-discovery CLI flag.

Thanks for a great tool!

Environment

• Dalfox Version: v2.9.3
• Installed from: source

[hahwul]

@noperator
Hi! Thanks for reaching out and for the kind words about the tool — I really appreciate it!

You’re right that the --param option still triggers the discovery phase, including static and parameter analysis. While there isn’t a flag to skip the entire discovery process just yet, you can use options like --skip-mining-* (e.g., --skip-mining-all) to bypass specific parts of the parameter mining process. That might help streamline things a bit depending on your use case.

That said, a dedicated --skip-discovery CLI flag doesn’t currently exist, and I agree it’d be a great addition for scenarios like yours where you already know the target parameter. If you’re up for submitting a PR to add this feature, I’d be more than happy to review it — it sounds like a valuable enhancement!

Let me know if you have any other questions or need help with anything else. Thanks again!

[noperator]

Thanks for the quick reply. Yeah, I'm already skipping mining but also want to skip discovery. Will submit PR shortly 🙂