Dastardly is a free, lightweight web application security scanner. It checks web application for seven security issues that are likely to interest you during software development. Dastardly is based on the same scanner as Burp Suite (Burp Scanner).
Dastardly uses a dynamic (DAST) methodology to scan your target web application. It scans your target application in a deployed state. This is unlike static (SAST) scanning, which looks at application code before it is deployed.
- Official Documentation (PortSwigger)
Prerequisites
Install Docker.
Apply fix for: “Error response from daemon: cgroups: cgroup mountpoint does not exist: unknown.”
sudo mkdir /sys/fs/cgroup/systemd
sudo mount -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemdScan
Limitations
- Scans are limited to ten minutes
- Does not handle login procedures
- Scans APIs based on OpenAPI v3.x.x specification and detects 7 prevalent issues commonly found in web development. However, API calls outside of the seed URL’s domain are not included in the scan.
Start Docker
sudo service docker startScan
URL=https://ginandjuice.shopsudo docker run --user $(id -u) --rm -v $(pwd):/dastardly -e DASTARDLY_TARGET_URL=$URL -e DASTARDLY_OUTPUT_FILE=/dastardly/dastardly-report.xml public.ecr.aws/portswigger/dastardly:latestResults
cat ./dastardly-report.xmlRemove Docker Image
sudo docker container ls -asudo docker container stop <container ID>sudo docker image rm <image ID> -fsudo docker image ls -a