Dalang

Appearance

Web UI

Dalang includes a built-in web interface that provides a browser-based experience for running interactive scans, managing skills, reviewing reports, and configuring providers.

Starting the Web Server

bash
dalang web --port 1337

This launches the web server at http://localhost:1337 and opens your default browser. The UI is embedded directly in the Dalang binary (web2/build) so runtime deployment remains single-binary.

Starting the Web Server in Docker

If you run Dalang with the repository docker-compose.yml, start the stack from project root:

bash
docker compose up --build

Runtime behavior in compose mode:

  • Web UI is exposed on http://localhost:4000.
  • LLM_PROVIDER, LLM_API_KEY, and optional LLM_BASE_URL are read from your compose environment (usually .env).
  • network_mode: host is enabled by default in compose for better local/LAN scan reachability.
  • Runtime data persists via the mounted dalang_data volume at /root/.dalang in the container.
  • Startup runs dalang init via the entrypoint before launching dalang web --port 4000.

Options

FlagDefaultDescription
--port1337HTTP port to listen on
--no-openDon't auto-open the browser
--verboseEnable verbose engine output

Pages

Route Map

RoutePurpose
/Public landing page (product narrative and entry points)
/dashboardOverview with backend/runtime summary
/dashboard/chatReal-time interactive or scan-driven session console
/dashboard/skillsSkill catalog with search/filter/detail and toggle
/dashboard/reportsReport listing, preview, and export
/dashboard/settingsProvider/model/API key and runtime settings

Chat (Interactive Mode)

The main chat page works like a familiar AI assistant interface:

  1. Create a session — enter the target URL and choose a mode (interactive or scan).
  2. Chat in real-time — messages stream over WebSocket. Tool executions and observations appear inline.
  3. Session history — switch sessions via sidebar. Events are replayed from persisted history.

Keyboard shortcuts:

  • Enter — send message
  • Shift+Enter — newline
  • Ctrl+N — new session
  • Ctrl+K — command palette

Skills

Browse the full skill catalog (22+ built-in skills). Features:

  • Search & filter — type to filter skills by name or description.
  • Grid / List toggle — switch between card grid and compact list view.
  • Enable / Disable — toggle individual skills on or off. Disabled skills won't be offered to the LLM engine.
  • Tool availability awareness — unavailable tool binaries are marked clearly so operators can fix environment issues quickly.
  • Detail view — click a skill to see its system prompt, arguments, constraints, and tool path.

Reports

View and export pentest reports generated by scan sessions:

  • Rendered Markdown with syntax highlighting.
  • Download as Markdown or HTML.
  • Print-friendly layout via the browser's print dialog.

Settings

Configure Dalang's LLM connection:

  • Provider — choose between Gemini, OpenAI, Anthropic, GitHub Copilot, Ollama, or OpenAI-compatible endpoints.
  • Model — select from preset models or enter a custom model name.
  • API Key — enter and securely store your API key (persisted via the OS keyring).
  • Test Connection — verify the LLM responds before starting a scan.
  • Endpoint Mode — OpenAI-compatible or Google REST.
  • Verbose toggle — enable extra debug output in engine responses.

Authentication and Persistence

  • Credentials and provider preferences are persisted via OS keyring-backed storage.
  • Session data is persisted to ~/.dalang/sessions/<session-id>/.
  • Existing sessions can be restored and replayed after server restart.
  • Per-session MEMORY.md keeps compact context continuity for long-running investigations.

Troubleshooting

Port conflicts

If startup fails with address-in-use error:

bash
dalang web --port 8080

WebSocket reconnect loops

  • Check browser network tab for /api/ws/{session_id} status.
  • Verify backend is reachable on the same host/port as UI.
  • In Docker deployment, keep network_mode: host if scanning local/LAN targets.

Sessions not persisted

  • Ensure ~/.dalang is writable on host.
  • For Docker, verify volume mapping to /root/.dalang.
  • Confirm session IDs are present under ~/.dalang/sessions/ after operations.

Docker deployment checklist

  • Verify .env contains valid LLM_PROVIDER and LLM_API_KEY values.
  • Confirm the dalang_data volume exists and is attached to the dalang service.
  • Check that port 4000 is free before startup (or adjust compose command/service settings).
  • If WebSocket events fail, inspect container logs with docker compose logs -f dalang.
  • For local/LAN targets, keep network_mode: host; switch to bridge mode only if isolation is required.

Skill marked unavailable

  • UI badge means tool binary is not detected in runtime environment.
  • Install missing tool or run Dalang from the Docker image that bundles security tools.

Architecture

The web server is built with:

  • Backend: axum 0.8 (Rust) — REST API + WebSocket.
  • Frontend: Svelte 5 + Tailwind CSS 4 — compiled and embedded in the binary via rust-embed.
  • Communication: REST for CRUD, WebSocket for real-time chat streaming.

See Web Server Architecture for a deep dive.

Released under the MIT License.

Copyright © 2026-present sangkan-dev