Arsenic CLI
Arsenic CLI Reference
Synopsis
Arsenic - Pentest Conventions
Options
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
-h, --help help for arsenic
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
1 - Analyze
Analyze discover data and create
Synopsis
Analyze discover data and create hosts.
This will create a single host for hostnames that resolve to the same IPs
Options
-c, --create really create hosts
-h, --help help for analyze
-i, --ignore-scope ignore scope
--nmap import hosts from recon/nmap-*.xml files
--private-ips keep private IPs
-u, --update only update existing hosts, dont create new ones
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
2 - Capture
capture exec
Synopsis
capture exec
Options
-h, --help help for capture
-s, --scope-dir string Scope dir to use (default "default")
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
3 - Completion
Generate the autocompletion script for the specified shell
Synopsis
Generate the autocompletion script for arsenic for the specified shell.
See each sub-command’s help for details on how to use the generated script.
Options
-h, --help help for completion
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
4 - Completion Bash
Generate the autocompletion script for bash
Synopsis
Generate the autocompletion script for the bash shell.
This script depends on the ‘bash-completion’ package.
If it is not installed already, you can install it via your OS’s package manager.
To load completions in your current shell session:
source <(arsenic completion bash)
To load completions for every new session, execute once:
Linux:
arsenic completion bash > /etc/bash_completion.d/arsenic
macOS:
arsenic completion bash > $(brew --prefix)/etc/bash_completion.d/arsenic
You will need to start a new shell for this setup to take effect.
Options
-h, --help help for bash
--no-descriptions disable completion descriptions
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
5 - Completion Fish
Generate the autocompletion script for fish
Synopsis
Generate the autocompletion script for the fish shell.
To load completions in your current shell session:
arsenic completion fish | source
To load completions for every new session, execute once:
arsenic completion fish > ~/.config/fish/completions/arsenic.fish
You will need to start a new shell for this setup to take effect.
arsenic completion fish [flags]
Options
-h, --help help for fish
--no-descriptions disable completion descriptions
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
6 - Completion Powershell
Generate the autocompletion script for powershell
Synopsis
Generate the autocompletion script for powershell.
To load completions in your current shell session:
arsenic completion powershell | Out-String | Invoke-Expression
To load completions for every new session, add the output of the above command
to your powershell profile.
arsenic completion powershell [flags]
Options
-h, --help help for powershell
--no-descriptions disable completion descriptions
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
7 - Completion Zsh
Generate the autocompletion script for zsh
Synopsis
Generate the autocompletion script for the zsh shell.
If shell completion is not already enabled in your environment you will need
to enable it. You can execute the following once:
echo "autoload -U compinit; compinit" >> ~/.zshrc
To load completions in your current shell session:
source <(arsenic completion zsh)
To load completions for every new session, execute once:
Linux:
arsenic completion zsh > "${fpath[1]}/_arsenic"
macOS:
arsenic completion zsh > $(brew --prefix)/share/zsh/site-functions/_arsenic
You will need to start a new shell for this setup to take effect.
arsenic completion zsh [flags]
Options
-h, --help help for zsh
--no-descriptions disable completion descriptions
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
8 - Config
Display config information
Synopsis
Display config information.
Helpful to see what scripts would be executed.
Options
-h, --help help for config
-r, --remove-reset remove key from the config or reset to default
-s, --save save the current configuration
-k, --sub-keys display only the sub-keys
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
9 - Discover
Run scripts in the discover phase.
Synopsis
Run scripts in the discover phase.
Scripts should determine what hosts it needs to run against.
Options
-d, --dry-run Dry run
-h, --help help for discover
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
10 - Hosts
View, query, and flag hosts
Synopsis
View, query, and flag hosts
Show unreviewed hosts:
$ arsenic hosts -q ‘.HasFlags “Unreviewed”’
Show hosts that have Gobuster results:
$ arsenic hosts -q ‘.HasFlags “Gobuster”’
Show hosts with the root domain example.com:
$ arsenic hosts -q ‘in .RootDomains “example.com”’
Show hosts with ports 22 or 2022:
$ arsenic hosts -q ‘.HasPorts 22 2022’
Show hosts who are in a CIDR block
$ arsenic hosts -q ‘.InCIDR “10.1.1.0/24”’
Metadata:
Methods:
- HasPorts(ports …int) bool
- HasAnyPort() bool
- HasTCPPorts(ports …int) bool
- HasAnyTCPPort() bool
- HasUDPPorts(ports …int) bool
- HasAnyUDPPort() bool
- HasFlags(flags …string) bool
- HasAllFlags(flags …string) bool
- HasASFlags(flags …string) bool
- HasAllASFlags(flags …string) bool
- HasUserFlags(flags …string) bool
- HasAllUserFlags(flags …string) bool
- HasAnyHostname() bool
- InCIDR(cidrStr string) bool
Fields:
- Name string
- Hostnames []string
- RootDomains []string
- IPAddresses []string
- Flags []string
- UserFlags []string
- TCPPorts []int
- UDPPorts []int
- Ports []Port
- ReviewedBy string
Port:
Fields:
- ID int // The port number
- Protocol string
- Service string
Options
-a, --add-flags strings flag(s) to add
--add-names strings Hostname(s) to add
-f, --format string Go template format to apply to each matched host's metadata
-h, --help help for hosts
-H, --host strings host(s) to add/remove/update flags
-j, --json Return JSON
--paths Return only the path to each hosts directory
-p, --protocols strings print protocol strings
-q, --query string Query to run. Using Go Template style conditionals.
-r, --remove-flags strings flag(s) to remove
--remove-names strings Hostname(s) to remove
-R, --reviewed-by string[="operator"] Set the reviewer. -R=reviewer or reads from $AS_REVIEWER, and $USER. (default "operator")
-u, --update Update arsenic flags
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
11 - Hosts Add
Add a new host
arsenic hosts add [flags]
Options
-h, --help help for add
-H, --hostnames strings Hostnames for the host
-i, --ips strings IP addresses for the host
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
12 - Hunt
Find interesting things
Synopsis
Find interesting things
Options
-d, --dry-run Dry run
-h, --help help for hunt
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
13 - Ingest
Import (ingest) output from various tools
Options
-h, --help help for ingest
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
14 - Ingest Naabu
Import naabu port scan output, creating/updating hosts with the open ports
arsenic ingest naabu files... [flags]
Options
-h, --help help for naabu
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
15 - Init
Init a new engagement
Synopsis
Init a new engagement
Options
-d, --dry-run Dry run
-h, --help help for init
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
16 - Inspect
Inspect data
Options
-h, --help help for inspect
-s, --scope-dir string Scope dir to use (default "default")
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
17 - Inspect Commands
command data
arsenic inspect commands [flags]
Options
-h, --help help for commands
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
-s, --scope-dir string Scope dir to use (default "default")
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
18 - Inspect Hosts
host data
arsenic inspect hosts [flags]
Options
-h, --help help for hosts
--hostnames Just list hostnames
--ips Just list IP addresses
--json Print JSON
--open Show only hosts with open ports
--private Only show hosts with private IPs
--public Only show hosts with public IPs
--sort-by string Sort by the specified column. Format: column[;(asc|dsc)] (default "hostnames;asc")
--up Show only hosts that are up
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
-s, --scope-dir string Scope dir to use (default "default")
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
19 - Leads
Leads from other sources
Synopsis
Import leads from other sources
Options
-h, --help help for leads
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
20 - Leads Import
Import Leads
Synopsis
Import leads from other sources
arsenic leads import [flags]
Options
-f, --file strings files(s) to import
-h, --help help for import
-n, --nessus Nessus import mode
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
21 - Recon
Run scripts in the recon phase
Synopsis
Run scripts in the recon phase.
Scripts should determine what hosts it needs to run against.
Options
-d, --dry-run Dry run
-h, --help help for recon
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
22 - Scope
Print all scope
Synopsis
Print all scope
Options
-h, --help help for scope
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
23 - Scope Domains
Print domains in scope
Synopsis
Print domains in scope
This will prune blacklisted domains, and blacklisted root domains.
arsenic scope domains [flags]
Options
--all-root-domains show all root domains
-h, --help help for domains
-r, --root-domains show only non-blacklisted root domains
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
24 - Scope Ips
Print in scope IP addresses.
Synopsis
Print in scope IP addresses.
arsenic scope ips [flags]
Options
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
25 - Scope Prune
read stdin remove out of scope things and print it to stdout.
Synopsis
read stdin remove out of scope things and print it to stdout.
arsenic scope prune [flags]
Options
-h, --help help for prune
-r, --root-domains remove domains that belong to a blacklisted root domain, even if they are in the scope-domains.txt
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
26 - Scopious
Manage scope for your network based projects
Synopsis
Scoper can help you manage the scope of network projects by:
- Automatically detecting and separating IP addresses or domains
- Ensuring an item is in the scope of your engagement
- Keep track of multiple scope for your engagement
To use, simply supply your scope as arguments to scopious add
scopious add example.com example.net 203.0.113.0/24
cat scope.txt | scopious add
By default scope is stored in ./scope/external/. This scan be changed by specifying -s
scopious add -s internal evil.corp internal.corpdev 10.0.0.1/24
You can exclude things from scope as well
scope excluded admin.example.com 203.0.113.0/29
Scoper can validate items are in scope
cat maybe-inscope.txt | scopious prune > inscope.txt
Need to view your scope data, scopious can show you all your scope in various ways
List in scope domains
scopious domains
list in scope root domains
scopious domains -r
list in scope ips
scopious ips
expand cidrs and remove excluded things
scopious ips -x
list excluded things
scopious exclude -l
Options
--config string config file (default is $HOME/.scopious.yaml)
--debug Debug mode
-h, --help help for scopious
-s, --scope string Scope name (default "default")
--scope-dir string where scope files are located. (default "data")
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
27 - Scopious Add
Add items to scope
Synopsis
Add items to scope unless it has been excluded via scopious exclude. For example:
cat customer-supplied.txt | scopious add
scopious add -i internal 10.0.0.0/22
arsenic scopious add [flags]
Options
-a, --all show all addresses, even network and broadcast
-h, --help help for add
Options inherited from parent commands
--config string config file (default is $HOME/.scopious.yaml)
--debug Debug mode
-s, --scope string Scope name (default "default")
--scope-dir string where scope files are located. (default "data")
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
28 - Scopious Domains
Print out in scope domains
Synopsis
Print out in scope domains. For example:
Print all domains in scope:
scopious domains
Print in scope root domains:
scopious domains -r
arsenic scopious domains [flags]
Options
-h, --help help for domains
-r, --root-domains Show only root domains
-S, --suffix string Show only domains with suffix
-t, --totals Show totals for root domains and suffix
Options inherited from parent commands
--config string config file (default is $HOME/.scopious.yaml)
--debug Debug mode
-s, --scope string Scope name (default "default")
--scope-dir string where scope files are located. (default "data")
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
29 - Scopious Exclude
Add an item to the exclude list
Synopsis
Add items to to the exclude list.
Sometimes not every subdomain underneath a domain or IP address
in a CIDR is in scope.
scopious exclude admin.example.com
arsenic scopious exclude [flags]
Options
-h, --help help for exclude
-l, --list List excluded scope
Options inherited from parent commands
--config string config file (default is $HOME/.scopious.yaml)
--debug Debug mode
-s, --scope string Scope name (default "default")
--scope-dir string where scope files are located. (default "data")
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
30 - Scopious Expand
Expand CIDRs
Synopsis
Expand CIDRs. For example:
cat customer-supplied.txt | scopious expand
scopious expand 10.0.0.0/22
arsenic scopious expand [flags]
Options
-a, --all show all addreses, even network and broadcast
-h, --help help for expand
Options inherited from parent commands
--config string config file (default is $HOME/.scopious.yaml)
--debug Debug mode
-s, --scope string Scope name (default "default")
--scope-dir string where scope files are located. (default "data")
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
31 - Scopious Get
get scope things
Synopsis
get scope things
arsenic scopious get [flags]
Options
-d, --domain Get domains file path
-x, --exclude Get exclude file path
-h, --help help for get
-4, --ipv4 Get IPv4 file path
-6, --ipv6 Get IPv6 file path
Options inherited from parent commands
--config string config file (default is $HOME/.scopious.yaml)
--debug Debug mode
-s, --scope string Scope name (default "default")
--scope-dir string where scope files are located. (default "data")
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
32 - Scopious Ips
List IP addresses in scope
Synopsis
List IP addresses in scope.
Show in scope ips
scopious ips
Expand CIDRs and remove excluded ips
scopious ips -x
arsenic scopious ips [flags]
Options
-a, --all show all addreses, even network and broadcast
-x, --expand Expand CIDRS and remove excluded things
-h, --help help for ips
Options inherited from parent commands
--config string config file (default is $HOME/.scopious.yaml)
--debug Debug mode
-s, --scope string Scope name (default "default")
--scope-dir string where scope files are located. (default "data")
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
33 - Scopious Prune
Prune excluded scope items from input
Synopsis
Prune excluded scope items from input
cat urls.txt | scopious prune
arsenic scopious prune [flags]
Options
-h, --help help for prune
Options inherited from parent commands
--config string config file (default is $HOME/.scopious.yaml)
--debug Debug mode
-s, --scope string Scope name (default "default")
--scope-dir string where scope files are located. (default "data")
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
34 - Script
Run arbitrary arsenic scripts
Options
-h, --help help for script
-n, --name string Name of the script to run
-a, --script-args string Args to pass to the script
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
35 - Script Install
Install arsenic scripts locally
arsenic script install [flags]
Options
-h, --help help for install
-p, --path string Path where the scripts will be installed (default "/home/operator/.config/arsenic")
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
36 - Serve
Starts the arsenic HTTP API
Options
-h, --help help for serve
-H, --hugo string The path to the hugo directory
-p, --port int The port to listen on (default 7433)
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
37 - Update
Update arsenic to latest version
Synopsis
Update or check for updates.
The default update method is to download the latest release from GitHub.
Examples
# Update to latest version
arsenic update
# Use go install to update
arsenic update -g
# Download from a specific URL
# Not sure why anyone else would need this. I use it for quickly testing builds on different machines.
arsenic update -u http://10.0.0.2:8000/dist/carbon_darwin_arm64/carbon
# This is typically used after I run the following:
# goreleaser release --clean --snapshot
# python -m http.server
Options
-C, --check Check for update
-f, --force Force update, even if release is not newer
-g, --go-install Use go install instead of downloading release from GitHub
-h, --help help for update
-u, --url string URL to download from (force implies)
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024
38 - Wordlist
Generate a wordlist
Synopsis
Generate a wordlist
Options
-h, --help help for wordlist
Options inherited from parent commands
--config string the arsenic.yaml config file
--debug the arsenic.yaml config file
SEE ALSO
Auto generated by spf13/cobra on 17-Oct-2024