DASTARDLY

Dastardly FAQs

Last updated: July 3, 2023
Read time: 1 Minute

Authentication

Dastardly cannot navigate login mechanisms. If your application uses authentication, you should consider disabling this functionality when scanning with Dastardly. If you want to scan authenticated areas of an application while authentication functionality is in place, you can use either Burp Suite Enterprise Edition or Burp Suite Professional to do this.

Authenticated scanning with Burp Suite.

Browser sandbox

Dastardly is deployed inside a Docker container, and uses a Chromium-based browser to scan your target application. To allow this, Dastardly's browser sandbox is disabled.

Because Dastardly is designed for scanning only trusted internal applications, its browser sandbox should not be necessary.

Scanning APIs

Dastardly attempts to parse any OpenAPI v3.x.x specification JSON-based API definitions it encounters, and scans these definitions for vulnerabilities. If the target application makes an API call to an endpoint that is on the same domain as the seed URL, then this API call is scanned by Dastardly. If the target application makes an API call to an endpoint that is not on the same domain as the seed URL, then this API call is not scanned, as it is considered to be out of scope.

Scanning APIs with Burp Suite.

Dastardly FAQs

Authentication

Read more

Browser sandbox

Scanning APIs

Read more