Skip to content

Pamacea/warden

BranchesTags

Repository files navigation

Oalacea Warden

License: MIT Crates.io Rust

AI-powered security review CLI tool for web applications. Part of the Oalacea Security Suite. 100% Rust, zero dependencies.

Features

  • 50+ Frameworks Detected - React, Angular, Vue, NestJS, Express, Prisma, Mongoose, Drizzle, Docker, Kubernetes, and more
  • 5 Scanning Modes - Passive, Active, Stealth, Aggressive, Custom profiles
  • Native Scanners - HTTP, Port, Static Analysis, DDoS resistance, Stress testing
  • OWASP Top 10 2021 - 100% coverage
  • AI Agent Integration - Auto-saves WARDEN_SECURITY_REPORT.md for Claude Code and other AI agents
  • Zero Dependencies - Single binary, no runtime dependencies
  • 314 Tests - Comprehensive test coverage

Supported Technologies

Frontend Frameworks

React, Angular, Vue.js, SvelteKit, Remix, Next.js, Nuxt, Vite

Backend Frameworks

NestJS, Express, Fastify, Hono, Koa, Actix-Web, Axum, Rocket, Django, Flask, FastAPI, Gin, Echo, Fiber, Spring Boot

ORM & Database

Prisma, Mongoose, Drizzle, Sequelize, TypeORM, MikroORM, Knex, PostgreSQL, MongoDB, MariaDB, Redis, SQLite

Authentication

NextAuth, Better Auth, Clerk, Supabase Auth

State Management

Zustand, Redux, TanStack Query

Testing

Jest, Vitest, Playwright, Cypress

API

GraphQL, Apollo, Altair, GraphQL Yoga

Infrastructure

Docker, Kubernetes, Vercel, Cloudflare Workers

Styling

Tailwind, shadcn/ui, Chakra UI, Mantine

Quick Start

Installation

# Install from crates.io
cargo install oalacea-warden

# Or build from source
cargo install --path .

Usage

# In your project directory
warden scan

# External target
warden scan https://example.com

# With options
warden scan --aggressive --include-ddos

# Use a profile
warden scan --profile thorough

# Passive mode (no active requests)
warden scan --mode passive

# AI-optimized format (for Claude Code and other AI agents)
warden scan --format ai

# Generate JSON fix data for automated processing
warden scan --format ai --generate-fixes

# Update Warden to the latest version
warden update

# Force reinstall even if up-to-date
warden update --force

# Install from GitHub (development version)
warden update --git

AI Agent Integration

Warden automatically saves WARDEN_SECURITY_REPORT.md in the scanned directory, optimized for AI agents like Claude Code:

# Just run a scan - report is auto-saved
warden scan

# Claude Code can now:
# 1. Read WARDEN_SECURITY_REPORT.md
# 2. Navigate to files using provided paths and line numbers
# 3. Fix vulnerabilities
# 4. Re-run scan to verify

Report Features for AI Agents:

  • 📁 Files to Fix - Grouped by file with issue counts
  • 🔍 Detailed Findings - With clickable file:line paths
  • 🤖 Suggested Fix Order - Priority-based phases
  • 📊 Structured JSON - With --generate-fixes for programmatic processing

Example AI Workflow:

1. warden scan --format ai
2. # AI reads WARDEN_SECURITY_REPORT.md
3. # AI fixes src/main.rs:42 (SQL Injection)
4. # AI fixes src/auth.rs:15 (Missing auth)
5. warden scan --format ai  # Verify fixes

📖 Full Tutorial → docs/TUTORIAL.md - Complete guide for Warden + Claude Code integration 3. # AI fixes src/main.rs:42 (SQL Injection) 4. # AI fixes src/auth.rs:15 (Missing auth) 5. warden scan --format ai # Verify fixes


## Scanning Modes

| Mode | Description | Speed | Detection Risk |
|------|-------------|-------|----------------|
| **Passive** | Static analysis only | ⚡⚡⚡ | None |
| **Active** | Standard testing | ⚡⚡ | Low |
| **Stealth** | Low-and-slow | ⚡ | Very Low |
| **Aggressive** | Full testing | ⚡⚡⚡ | Medium |

## Profiles

```bash
# Quick scan (2s timeout, 25 concurrent)
warden scan --profile quick

# Standard scan (5s timeout, 50 concurrent)
warden scan --profile standard

# Thorough scan (15s timeout, 100 concurrent, aggressive)
warden scan --profile thorough

# Stealth scan (30s timeout, 5 concurrent)
warden scan --profile stealth

# Aggressive scan (10s timeout, 200 concurrent)
warden scan --profile aggressive

What It Tests

Framework-Specific Vulnerabilities

  • React/NestJS: XSS via state, guard bypass, pipe injection
  • Prisma/Drizzle: SQL injection, raw query analysis
  • Mongoose: NoSQL injection, prototype pollution
  • NextAuth/Clerk: Token leaks, session misconfig
  • Docker/Kubernetes: Secrets in configs, exposed ports
  • GraphQL: Introspection, depth limiting DoS

General Vulnerabilities

  • Injection: SQLi, NoSQL, SSTI, XXE, LDAP, Command injection
  • Cross-Site: XSS (reflected, stored, DOM), CSRF, CORS misconfig
  • Server-Side: SSRF, deserialization, path traversal, file upload
  • Auth: Authentication bypass, privilege escalation, IDOR, JWT manipulation
  • DoS: ReDoS, GraphQL deep nesting, HTTP flood, Slowloris

Included Scanners

Scanner Type Speed
HTTP Native Rust ⚡⚡⚡
Port Native Rust ⚡⚡⚡
Static Analysis AST-based ⚡⚡
DDoS Native Rust ⚡⚡⚡
Stress Native Rust ⚡⚡⚡

Safety

  • Always test against dev/staging first
  • Never test production without written authorization
  • Backup your code (use git)

License

MIT — Use at your own risk. Only test systems you own or have explicit permission to test.

Credits

Inspired by Guardian - The original Node.js + Docker version.

About

𝐖𝐚𝐫𝐝𝐞𝐧 est l'incarnation binaire de la sécurité offensive. Forge 𝟏𝟎𝟎% 𝐑𝐮𝐬𝐭, cet outil CLI sans dépendance analyse vos architectures (NestJS, Rust, Vite) pour traquer l'invisible : du bypass de Guards aux injections de Pipes, jusqu'à l'épreuve du feu des tests DDoS.

Topics

rust security-tools

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 4

Warden v0.6.3 - Self-Update Command Latest
Mar 15, 2026
+ 3 releases

Contributors

Languages