Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/DevDonzo/warden/llms.txt

Use this file to discover all available pages before exploring further.

warden dast performs Dynamic Application Security Testing (DAST) against a live, pre-authorized target. Unlike warden scan, which performs static analysis of source code, DAST actively probes a running host for network-level vulnerabilities using Nmap for port and service discovery and Metasploit for exploit verification. Results are written to scan-results/dast/ and surfaced as advisory pull requests rather than auto-fix PRs — you remain in control of every remediation decision.
Legal notice: Only scan systems you own or have explicit written authorization to test. Unauthorized scanning may violate the Computer Fraud and Abuse Act (USA), the Computer Misuse Act (UK), and equivalent laws in other jurisdictions. By running warden dast you confirm that you have proper authorization and accept full responsibility for the scan. The authorized: true flag in your configuration is a declaration of this authorization — never set it to true for targets you do not own or control.

Synopsis

warden dast <target> [options]

Arguments

target
string
required
The target URL or host to scan. This value must exactly match a url entry inside the dast.targets array in .wardenrc.json, and that entry must have authorized: true. If the target is not found or not authorized, Warden exits immediately with code 1.

Flags

--nmap-only
boolean
Disable Metasploit and run only the Nmap port/service scan. Useful for initial reconnaissance or when Metasploit is not installed.
--metasploit-only
boolean
Disable Nmap and run only the Metasploit exploit-verification scan. Use when you already have port data and want to probe specific services.
--dry-run
boolean
Preview the DAST scan pipeline without actually sending probes to the target or creating advisory PRs. The target must still be configured and authorized.
--no-confirm
boolean
Skip the interactive safety confirmation prompt. Not recommended for production use. Suitable only for non-interactive CI pipelines where the operator has independently verified authorization.
-v, --verbose
boolean
Enable verbose debug logging including scanner stdout, timing information, and orchestrator steps.

Prerequisites

Before running warden dast, ensure your .wardenrc.json contains a valid dast section: 
{
  "dast": {
    "enabled": true,
    "targets": [
      {
        "url": "https://staging.example.com",
        "description": "Staging environment",
        "authorized": true,
        "ports": "1-65535"
      }
    ],
    "nmap": {
      "enabled": true,
      "scanType": "standard"
    },
    "metasploit": {
      "enabled": true,
      "mode": "scan-only"
    },
    "safety": {
      "requireConfirmation": true,
      "authorizedTargetsOnly": true,
      "disableExploits": true
    }
  }
}
If dast.enabled is false in your configuration, the command exits immediately with an error and instructions to enable it. If no dast section exists at all, run warden config --create to generate a default configuration file and then add your targets.

Examples

warden dast https://staging.example.com

Output and artifacts

DAST results differ from SAST results in an important way: Warden does not attempt to auto-fix infrastructure-level vulnerabilities. Instead it:
  1. Writes raw scanner output to scan-results/dast/
  2. Generates a SECURITY-ADVISORY.md file describing the findings
  3. Opens an advisory pull request (branch prefix: warden/dast-advisory) so the findings are visible to your team and actionable through your normal review process
This advisory-only model keeps human engineers in the loop for every infrastructure change.

Exit codes

CodeMeaning
0DAST scan completed successfully
1Fatal error — misconfiguration, unauthorized target, or scanner failure

Build docs developers (and LLMs) love

Get started for freeTalk to us