Command Language Syntax

The Bright CLI accepts a wide variety of configuration options. You can run bright-cli --help command for comprehensive documentation. The configuration options and arguments in the command line must be passed after the program command that the Bright CLI is executing.

 bright-cli <command> [option] [<argument>]
  • Most commands and some options have aliases. Aliases are shown in the syntax statement for each command.
  • The option names are prefixed with a double dash (--). The option aliases are prefixed with a single dash (-). Arguments are not prefixed.
  • Support is provided for an array of options of a specific command, separated by a space. For example:
  bright-cli scan:run --token API_KEY --name SCAN_NAME --crawler TARGET_URL --param path query body --test default_login_location dom_xss sqli 

The Bright CLI provides the following global options that can affect the behavior of each command:

OptionDescription
--config=pathToConfigSpecifies the path to the configuration file. By default, the CLI tries to discover the config in package.json in the root directory of your application or a separate file by a specified name in the working directory.

See Configuration Files for more information.
--log-levelAllows setting the level of logs to report. Any logs of a higher level than the one specified are shown. The options to select : 0, 1, 2, 3, 4, 5, "silent", "error", "warn", "notice", "verbose", "trace".

Default: 3
Example: --log-level =0/1/2/3/4/5/silent/ error/warn/notice/verbose/trace
--insecureAllows the Bright CLI to proceed and operate even if the server connection is considered insecure.
Default: false
--cluster(Deprecated). Use --hostname instead.
--hostnameBright cluster (domain name).

Default:<app.brightsec.com>
--proxy=socksProxyUrlSpecify a proxy URL to route all traffic through. This should be an HTTP(S), SOCKS4, or SOCKS5 URL.
Can be read also from environment param PROXY.

Default: If you specify SOCKS://<URL>, then SOCKS5h is applied.
--proxy-brightSpecify a proxy URL to route the traffic to Bright.
--proxy-targetSpecify a proxy URL to route the traffic to the targets.
--proxy-domainsThe optional flag that can be used with either proxy-target or proxy. It accepts a list of domains to be proxied and separated by spaces. Only domains in the list will be proxied.

Domains can include wildcards. For example, *.foo.bar will proxy a.foo.bar, b.foo.bar, etc.

Note: Traffic that goes to Bright will always be proxied if proxy-bright or proxy is specified, regardless of what is specified in proxy-domains.

Example: bright-cli repeater --token <TOKEN> --id <ID> --proxy http://localhost:9000 --proxy-domains TESTEXAMPLE1.com TESTEXAMPLE2.com
--proxy-domains-bypassSpace-separated list of domains that should not be routed through the proxy. This option is only applicable when using the --proxy option.
Can be read also from environment param NO_PROXY.

Example: bright-cli repeater --token <TOKEN> --id <ID> --proxy http://localhost:9000 --proxy-domains-bypass TESTEXAMPLE1.com TESTEXAMPLE2.com

(Cannot be used with --proxy-domains at the same time)
--timeoutThe optional flag allows users to set a timeout in seconds or a duration string (e.g.: 10s, 1m).
Note: If not specified, the parameter is set to 30 seconds.

Example: --timeout 45
--version, -vShows the Bright CLI version.
--help, -hShows the Bright CLI help documentation.