Skip to content

CLI Reference#

Complete command-line reference for aphids-cli.

Synopsis#

aphids-cli [OPTIONS]

Options#

Scan Configuration#

-o, --options FILE              Options YAML file
-c, --config FILE               Config YAML file
-jo JSON                        Options as inline JSON string
-jc JSON                        Config as inline JSON string
-sp, --static-path DIR          Mount directory for static analysis
-i, --image IMAGE               Custom container image
    --runtime RUNTIME           Container runtime (docker|podman|nerdctl)
    --unattended                Auto-approve all prompts
-d, --debug                     Enable debug logging

Online Mode (Hive)#

-k, --api-key KEY               Hive API key (prefer APHIDS_API_KEY env var)
-u, --api-url URL               Hive API base URL
-uw, --wsapi-url URL            Hive WebSocket URL
-e, --engagement ID             Link scans to engagement
-n, --network NAME              Network name (default: public)

Hive Workflows#

-r, --runbook ID                Execute runbook by ID
-at, --attack-tree ID           Execute attack tree by ID
-ats, --attack-tree-scope SCOPE Scope restrictions (comma-separated)
-se, --scan-execution ID        Execute pre-configured scan execution

Targeting#

    --target-url URL            Target URL
    --target-host HOST          Target host/IP/CIDR
    --target-domain DOMAIN      Target domain
    --target-dir DIR            Target directory (SAST)

Modes#

    --mcp                       Start MCP server
    --mcp-workspace DIR         MCP workspace directory
    --mcp-refresh               Force tool registry refresh
    --sse                       MCP SSE transport
    --stream                    MCP streamable HTTP transport
    --host HOST                 MCP HTTP bind address
    --port PORT                 MCP HTTP port
    --agent                     Start persistent agent
    --agent-name NAME           Agent identifier
    --exit-on-idle SECONDS      Auto-exit after idle timeout
    --ws-url URL                WebSocket URL override
    --resume ID                 Resume interrupted scan

General#

-h, --help                      Show help
-v, --verbose                   Verbose output

Examples#

# Basic offline scan
aphids-cli -o options.yaml

# Online scan with Hive
APHIDS_API_KEY=key aphids-cli -o options.yaml -c config.yaml

# Runbook execution
aphids-cli -r abc123 --target-url https://example.com

# Attack tree with scope
aphids-cli -at def456 --target-domain example.com \
  --attack-tree-scope "example.com,*.example.com"

# MCP server
aphids-cli --mcp --mcp-workspace /path/to/project

# Persistent agent
aphids-cli --agent --agent-name scanner-01

# CI/CD pipeline
aphids-cli -o options.yaml -c config.yaml --unattended

# Resume interrupted scan
aphids-cli --resume EXEC_ID -o options.yaml -c config.yaml

# Container direct (no Python)
docker run --rm \
  -v $(pwd)/options.yaml:/output/options.yaml:ro \
  -v $(pwd)/output:/output \
  ghcr.io/darksidesecurity/aphids:latest \
  -o options.yaml --unattended