You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Auto-detected as repo path, git URL, CIDR range, host:port, or URL
Target selection
Flag
Description
--repo PATH_OR_URL
Repository to scan (local path or git URL)
--url URL
Live endpoint to probe
--host-port HOST:PORT
Explicit host:port target
--cidr RANGE
Network range (CIDR, last-octet range, or full-IP range)
--email ADDR_OR_DOMAIN
Email address or domain to probe: resolves MX, probes SMTP ports (25, 587, 465), and runs DNS posture checks (SPF/DMARC/MTA-STS)
--local
Read-only host introspection
--use-discovered-cloud-creds
Activate credentialed cloud assessment
--targets-file PATH
Batch-scan multiple targets from file (one per line, max 256)
Authentication & credentials
Flag
Description
--jwt TOKEN
Present a JWT for validation or endpoint probing
--bearer TOKEN
Bearer token for active web modules (sets Authorization: Bearer …); stored in the same slot as --jwt
--api-key KEY
Present an API key
--username USER
Username for credential testing
--password PASS
Password for credential testing
--header NAME
Header name carrying the token (default: Authorization / X-API-Key)
--auth-scheme SCHEME
Value prefix (default: Bearer for JWT, none for API key; '' for raw)
--cookie VALUE
Include a Cookie header on all HTTP requests
--request-header H:V
Add an arbitrary header to all HTTP requests (repeatable)
Scanning control
Flag
Description
--intensity TIER
Minimum intensity: detective, active (default), intrusive, proof, fuzz. intrusive and above require --yes or interactive confirmation; --scope is optional.
--scope HOST|CIDR|.DOMAIN
Optional scope narrowing (repeatable). Scope defaults to the target itself; pass --scope to restrict further. Required when using --scope-file.
--scope-file PATH
File with scope entries (one per line)
--yes
Non-interactive confirmation for intrusive+ intensity (skips the [y/N] prompt)
--profile NAME
Preset: quick, standard, deep, stealth
--jobs N
Max concurrent modules (default: adaptive based on CPU/memory)
--only MODULE[,MODULE]
Run only the listed modules
--ports SPEC
Port spec for host:port targets (single, range, or comma list)