DAST
PremiumDynamic Application Security Testing scans running web applications for vulnerabilities. CodePhreak integrates Nuclei and OWASP ZAP for comprehensive web security scanning.
Quick Start
# Basic web app scan
$ codephreak dast --target https://app.example.com
# Full scan with all severity levels
$ codephreak dast -t https://app.example.com --scan-type full
# API-focused scan
$ codephreak dast -t https://api.example.com --scan-type api
# Output to SARIF
$ codephreak dast -t https://app.example.com --output report.sarif --format sarifScan Types
baseline
Quick scan for critical/high issues only
--scan-type baselinefull
Thorough scan with all severity levels
--scan-type fullapi
API endpoint testing (REST, GraphQL)
--scan-type apiajax
JavaScript-heavy single-page applications
--scan-type ajaxAuthenticated Scanning
Scan authenticated pages by passing custom headers:
# With Bearer token
$ codephreak dast -t https://app.example.com \
-H "Authorization: Bearer <your-jwt-token>"
# With API key
$ codephreak dast -t https://api.example.com \
-H "X-API-Key: your-api-key"
# Multiple headers
$ codephreak dast -t https://app.example.com \
-H "Authorization: Bearer token" \
-H "X-Custom-Header: value"Command Options
| Option | Description | Default |
|---|---|---|
| -t, --target | Target URL to scan | Required |
| --scan-type | Scan type (baseline, full, api, ajax) | baseline |
| --tool | Scanner tool (nuclei, zap) | nuclei |
| -H, --header | Custom headers (can be repeated) | - |
| --templates | Nuclei template directory | all |
| --rate-limit | Requests per second | 100 |
| --timeout | Request timeout in seconds | 30 |
Using Nuclei Templates
Nuclei uses YAML templates to detect vulnerabilities. Use specific templates for targeted scanning:
# Scan for CVEs only
$ codephreak dast -t https://app.example.com --templates cves/
# Scan for exposed panels
$ codephreak dast -t https://app.example.com --templates exposed-panels/
# Use multiple template directories
$ codephreak dast -t https://app.example.com --templates cves/,misconfigurations/Rate Limiting
Control scan speed to avoid overwhelming target servers:
# Slow scan (10 requests/second)
$ codephreak dast -t https://app.example.com --rate-limit 10
# Production-safe scan
$ codephreak dast -t https://prod.example.com --rate-limit 5 --timeout 60Example Output
$ codephreak dast -t https://app.example.com --scan-type full
๐ Starting DAST scan: https://app.example.com
Tool: nuclei
Scan Type: full
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ DAST Scan Results โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ Total Findings : 22 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Critical : 1 High : 4 โ
โ Medium : 8 Low : 6 Info: 3 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ด Critical:
โข SQL Injection in /api/users?id=1
๐ High:
โข XSS in /search?q=<script>
โข Directory traversal in /files?path=
โข SSRF in /fetch?url=
โข Missing security headers
๐ Results synced to dashboardVulnerabilities Detected
Injection
- โข SQL Injection
- โข Command Injection
- โข LDAP Injection
- โข XPath Injection
XSS / CSRF
- โข Reflected XSS
- โข Stored XSS
- โข DOM-based XSS
- โข CSRF vulnerabilities
Misconfigurations
- โข Missing security headers
- โข Directory listing
- โข Information disclosure
- โข Debug mode enabled
Server-Side
- โข SSRF
- โข File inclusion (LFI/RFI)
- โข Path traversal
- โข XXE
Prerequisites
Nuclei (Recommended)
brew install nuclei # macOSOWASP ZAP (Alternative)
pip install zapcliView Results in Dashboard
DAST findings are synced to the web dashboard with CWE references and remediation guidance.
Try the Dashboard Demo