CLI Reference

Complete reference for running DAST Scanner from the Docker (or Podman) CLI.

Prerequisites

• Docker or Podman installed and running
• Levo account and credentials

Docker Image

levoai/levoai-shadownet:stable

Command Overview

Command	Purpose
scan	Run full security scan (crawl + passive + active testing). Full flag reference below.
login	Authenticate with the Levo platform. Flags: -k/--key, -o/--organization, --env-id/--env-name, --base-url. Persists a session under ~/.config/configstore.
logout	Remove saved credentials (no flags).
export	Export an existing scan-results JSON to another format. Positional: export FORMAT INPUT OUTPUT. Formats: sarif, levo. Example: shadownet export sarif results.json results.sarif.

Scan Command

Run comprehensive security scanning on a target.

docker run --rm -it --shm-size=1g \
  levoai/levoai-shadownet:stable \
  scan [OPTIONS] TARGET

Basic Examples

# Simple scan with no authentication
docker run --rm -it --shm-size=1g \
  levoai/levoai-shadownet:stable \
  scan https://example.com

# Scan with form login
docker run --rm -it --shm-size=1g \
  levoai/levoai-shadownet:stable \
  scan https://example.com \
    --auth form \
    --username admin \
    --password secret \
    --login-url https://example.com/login

# Scan with bearer token
docker run --rm -it --shm-size=1g \
  levoai/levoai-shadownet:stable \
  scan https://api.example.com \
    --auth token \
    --token "Bearer eyJhbGciOi..."

# API-only scan
docker run --rm -it --shm-size=1g \
  levoai/levoai-shadownet:stable \
  scan https://api.example.com --scan-mode api

# Passive scanning only
docker run --rm -it --shm-size=1g \
  levoai/levoai-shadownet:stable \
  scan https://example.com --no-active

Scan Options

Target

Option	Type	Description
TARGET	string	Target URL to scan (required)

Scan Phases

Option	Type	Default	Description
--passive / --no-passive	flag	enabled	Enable passive scanning
--active / --no-active	flag	enabled	Enable active injection testing
--js-cve / --no-js-cve	flag	enabled	Enable JavaScript library CVE scanning (cve.js)
--dom-cve / --no-dom-cve	flag	enabled	Enable DOM vulnerability scanning (cve.dom)
--ai / --no-ai	flag	enabled	Enable AI-powered analysis (scan.enable_ai)

Crawling & Discovery

Option	Type	Default	Description
--crawl-mode [standard|ai|hybrid]	enum	standard	Crawling strategy
--max-depth	integer	3	Maximum crawl depth
--max-pages	integer	100	Maximum pages to crawl
--delay-seconds	integer	0	Delay between requests (seconds)

Active Scanning Tuning

Option	Type	Default	Description
--max-payloads	integer	-	Max payloads per injection point
--inject-locations	string	-	Comma-separated: query, body, header, cookie, path
--disable-categories	string	-	Comma-separated vulnerability categories to skip
--active-delay-ms	integer	-	Delay between active requests (ms)

Authentication

Option	Type	Description
--auth [none|form|token|ai]	enum	Auth strategy (default: none).
--username / -u	string	Username for login
--password / -p	string	Password for login
--token / -t	string	Bearer token
--login-url	string	Login page URL (for form auth)
--auth-session-file	path	Path to a session-transplant JSON exported by the Levo browser extension (cookies + localStorage + sessionStorage). Skips the auth phase entirely — works with any MFA / SSO. Env: SHADOWNET_AUTH_SESSION_FILE. See Browser session.

Severity & Filtering

Option	Type	Default	Description
--severity [critical|high|medium|low|info]	enum	medium	Minimum severity to report (matches reporting.severity)

Output

Option	Type	Default	Description
--output [table|json|sarif|quiet]	enum	table	Output format
--output-file / -f	path	-	Write results to file
--name	string	-	Scan name (for dashboard)

CI/CD Integration

Option	Type	Description
--ci / --non-interactive	flag	Non-interactive mode (no prompts)
--fail-on [critical|high|medium|low|info]	enum	Exit code 1 if findings at or above severity

Config file

Option	Type	Description
--config	path	Path to a levo-dast.yml config file. Overrides auto-discovery (./levo-dast.yml, ./levo-dast.yaml).

Levo Platform

Option	Type	Description
--org-id	string	Levo organization ID (or LEVOAI_ORG_ID).
--workspace-id	string	Levo workspace ID (or LEVOAI_WORKSPACE_ID).
--env-id	string	Levo environment ID (or LEVOAI_ENV_ID). Required when --send-issues is used.
--app-id	string	Levo application ID (or LEVOAI_APP_ID).
--send-issues	flag	Push findings to the Levo dashboard (reporting.send_issues). Requires --env-id.
--satellite-url	string	Route scan traffic through a Levo Satellite (satellite.url).

Timeouts

Option	Type	Default	Description
--timeout	integer	none	Overall scan timeout in seconds. Set to e.g. 600 for 10 minutes; unset means no timeout.
--crawl-timeout	integer	—	Crawl-phase timeout in seconds (subset of --timeout).
--test-timeout	integer	—	Security-testing-phase timeout in seconds.
--probe-timeout	integer	—	Per-probe timeout in seconds (caps a single injection probe).

Advanced

Option	Type	Description
--ignore-third-party	flag	Ignore third-party domains
--capture-domains	string	Comma-separated domains to capture
--exclude-domains	string	Comma-separated domains to exclude
--verbose	flag	Verbose logging

Exit Codes

Code	Meaning
0	Scan completed successfully
1	Scan failed or findings at/above --fail-on threshold
130	Scan interrupted by user

Getting Help

docker run --rm -it \
  levoai/levoai-shadownet:stable \
  --help

docker run --rm -it \
  levoai/levoai-shadownet:stable \
  scan --help

Next Steps

• Docker Quickstart - Full Docker setup guide
• Configuration - Advanced configuration options
• levo-dast.yml - Repeatable scans with a committed config file
• CI/CD Integration - Automate in your pipeline
• Levo Dashboard - Report findings to dashboard