Running a Discovery
This command enables you to start a new discovery for the provided configuration.
Example: bright-cli discovery:run [options]
General options
| Option | Description |
|---|---|
--config | Path to the file with configuration |
--log-level | What level of logs to report. Any logs of a higher level than the setting are shown. [choices: 0, 1, 2, 3, 4, 5, "silent", "error", "warn", "notice", "verbose", "trace"] Default: --log-level 3 |
--hostname | Bright application name (domain name). Default: --hostname app.brightsec.com |
--proxy=socksProxyUrl | Specify a proxy URL to route all traffic through. This should be an HTTP(S), SOCKS4, or SOCKS5 URL. Can be read also from environment param PROXY. Default: If you specify SOCKS://, then SOCKS5h is applied. |
--proxy-bright | Specify a proxy URL to route the traffic to Bright. |
--proxy-target | Specify a proxy URL to route the traffic to the targets. |
--timeout | Request timeout in seconds or a duration string (e.g. 10s, 1m, 1h, 10h, 1y). Default: --timeout 30 |
--insecure | Allows CLI to proceed and operate even for server connections otherwise considered insecure. Default: --insecure false |
-a, --archive | A collection of your app's http/web sockets logs into HAR file. Usually you can use browser dev tools or our browser web extension |
--token=apiKey, -t=apiKey | The unique identifier used to authenticate a user. The token (API key) can be issued in your organization’s dashboard. Required option. |
Discovery options
| Option | Description |
|---|---|
--header=headerName:headerValue,-H=headerName:headerValue | Extra headers to be passed with the archive file. It can also be used to remove a header by providing a name without content. For example, -H "Host:". |
--repeater=repeaterId,--agent=repeaterId | Specifies a list of Repeater UUIDs that should be connected with the scan. Warning: The alias --agent=repeaterIdis deprecated. |
--smart | Enables you to use automatic smart decisions, such as parameter skipping, detection phases, and so on to minimize scan time. When set to false (turned off), all tests are run on all parameters, which increases the coverage at the expense of scan time.Default: --smart true |
--name=discoveryName, -n=discoveryName | The name of the discovery. Required option. |
--project, -p | Allows specifying the Bright project for a scan using the project ID. You can find the project ID in the Projects section in the Bright app. |
--auth=authObjectID,-o=authObjectID | Specifies the ID of the authentication object to be connect to the scan. Find more info about using an authentication object at Managing Your Authentications. |
--crawl-parent-subdomains | Crawl parent path folders and subdomains [boolean] [default: false] |
-c, --crawler | A list of specific urls that should be included into crawler. |
--concurrency | Number of maximum concurrent requests allowed to be sent to the target, can range between 1 to 50 (default: 10). |
--interactions-depth | Number of maximum interactions with nested objects, can range between 1 to 5 (default: 3). [number] [default: 3] |
Updated 8 days ago