Command Language Syntax

The Bright CLI accepts a wide variety of configuration options. You can run nexploit-cli --help command for comprehensive documentation. The configuration options and arguments in the command line must be passed after the program command that the Bright CLI is executing.

 nexploit-cli <command> [option] [<argument>]
  • Most commands and some options have aliases. Aliases are shown in the syntax statement for each command.
  • The option names are prefixed with a double dash (--). The option aliases are prefixed with a single dash (-). Arguments are not prefixed.
  • Support is provided for an array of options of a specific command, separated by a space. For example:
  nexploit-cli scan:run --token API_KEY --name SCAN_NAME --crawler TARGET_URL --param path query body --test default_login_location dom_xss sqli 

The Bright CLI provides the following global options that can affect the behavior of each command:

OptionDescription
--config=pathToConfigSpecifies the path to the configuration file. By default, the CLI tries to discover the config in package.json in the root directory of your application or a separate file by a specified name in the working directory.

See Configuration Files for more information.
--log-level =0/1/2/3/4/silent/ error/warn/notice/verboseAllows setting the level of logs to report. Any logs of a higher level than the one specified are shown. The options to select : 0, 1, 2, 3, 4, "silent", "error", "warn", "notice", "verbose".

Default: 3
--clusterNeuraLegion cluster (domain name).

Default:<https://app.brightsec.com>
--insecureAllows the Bright CLI to proceed and operate even if the server connection is considered insecure.
--proxy=socksProxyUrlSOCKS URL to proxy all traffic.

Note: SOCKS4, SOCKS5, SOCKS4a, SOCKS5h are currently supported. By default, if you specify SOCKS://<URL>, then SOCKS5h is applied.
--version, -vShows the Bright CLI version.
--help, -hShows the Bright CLI help documentation.