Documents/Scanning/

Using SmartScanner CLI (sms)

SmartScanner CLI (sms.exe) is the command-line version of SmartScanner, designed for security professionals and developers to scan web applications for vulnerabilities efficiently. This tool allows users to perform targeted scans and export results in JSON format for further analysis.

Installation and Location

SmartScanner CLI (sms.exe) comes with the default installation of SmartScanner. The sms.exe executable is located in:

%LocalAppData%\Programs\SmartScanner

Usage

sms.exe [options] [target]

Arguments

target (optional)
The target URL to scan (e.g., https://example.com). If provided, it is equivalent to using the -u <URL> option.

Options

Target Specification

-u, --url <URL>
Specify the target URL to scan.

Example:
```
sms.exe -u https://example.com
```

Output Options

-o, --output <file>
Save the scan results as a JSON file at the specified path.

Example:
```
sms.exe -u https://example.com -o /path/to/report.json
```

Authentication Options

--auth-basic <user:pass>
Use HTTP Basic Authentication by providing a username and password inline.

Example:
```
sms.exe -u https://example.com --auth-basic admin:securepassword
```

Proxy Options

--proxy <proxy_url>
Route requests through the specified proxy server.

Example:
```
sms.exe -u https://example.com --proxy http://proxy.example.com:8080
```
Supports HTTP and SOCKS5 proxies:
```
--proxy socks5://hostname:port
```

--proxy-auth <user:pass>
Provide authentication credentials for the specified proxy.

Example:

sms.exe -u https://example.com --proxy http://proxy.example.com:8080 --proxy-auth admin:securepassword

Custom User-Agent

--user-agent <ua_string>
Set a custom User-Agent string for scan requests.

Example:
```
sms.exe -u https://example.com --user-agent "CustomScanner/1.0"
```

Scan Control

--exit-on <level>
Stop the scan immediately if a vulnerability of the specified severity level is found.

Allowed levels: informational, low, medium, high.

Example:
```
sms.exe -u https://example.com --exit-on medium
```
This command will stop the scan if a vulnerability of medium or higher severity is detected.

Exit Code Behavior:
- If --exit-on is used and a vulnerability of the specified level is found, sms.exe will return a non-zero exit code.
- If no vulnerabilities matching the level are found, the exit code will be 0.

Help and Version Information

-h, --help, -?
Display help information about available options.
-v, --version
Display the version information of SmartScanner CLI.

Example Usage

Basic Scan

sms.exe https://example.com

sms.exe -u https://example.com

Scan with JSON Report Output

sms.exe -u https://example.com -o report.json

Scan Using a Proxy with Authentication

sms.exe -u https://example.com --proxy http://proxy.example.com:8080 --proxy-auth user:password

Scan with HTTP Basic Authentication

sms.exe -u https://example.com --auth-basic admin:securepassword

Stop Scan on Medium or Higher Severity Issues

sms.exe -u https://example.com --exit-on medium

←Creating Scan Report Security Tests→

Still need help? contact us Last updated on February 15, 2025