Running a Scan
This command enables you to start a new scan.
Discovery options
Option | Description |
---|---|
-a , --archive | A collection your app's http/websockets logs into HAR file. Usually you can use browser dev tools or our browser web extension. |
--archive=fileId , -a=fileId | The archive ID, which can be received via the archive:upload command. |
--crawler=url , -c=url | Specifies a list of specific URLs that should be included during crawler discovery. |
Additional options
Option | Description |
---|---|
| The list of specific hosts to be included in the scan. |
| Extra headers to be passed with the archive file. It can also be used to remove a header by providing a name without content. For example, -H "Host:". Warning: Headers set with this option override the archive headers and are set in all the requests. |
| Specifies a list of relevant tests to execute during a scan. Example: |
| This key allows the user to supply a list of the buckets to use it to start the scan. Example: |
| Enables you to use automatic smart decisions, such as parameter skipping, detection phases, and so on to minimize scan time. When set to Default: |
| The name of the scan. |
| Allows specifying the Bright project for a scan using the project ID. You can find the project ID in the Projects section in the Bright app. |
| Note: This argument can be passed multiple times in the same command. |
| Specifies the ID of the authentication object to be connect to the scan. To learn more about authentication objects, see Authentication. |
| Template ID. Allows to import scan settings from a template. If any scan settings are specified explicitly, they will override template settings. Examples:
|
| Enables you to manage exclusions from a scan. If you want to ignore some of the parameter names during the tests, use
Important:
|
|
|
| Number of maximum concurrent requests allowed to be sent to the target, can range between 1 to 50 (default: 10). |
Updated 1 day ago