No authentication

Use None when your target doesn't require a login — marketing sites, public documentation, open APIs, or the public portion of an app you're just starting to test.

When to use

• A fully public site (no /login).
• A public API with no keys or tokens.
• A first pass on a new target before you invest in login automation.
• You only want to test the pre-login surface (landing pages, signup form, password reset).

Dashboard

In Create Scan → Step 2, click the None card and proceed to Step 3. No extra fields.

CLI

shadownet scan https://example.com --auth none

levo-dast.yml

auth:
  strategy: "none"

Pre-Auth fields still apply

Even with None, you can use Pre-Auth Cookies / Headers / Local Storage if the app needs a tenant header or cookie to render at all. Leave them empty otherwise.

Tip

If you later discover the interesting pages are behind a login, re-run with Form or AI-driven — nothing about the scan config is wasted.