CLI
A standalone command-line client that lets you run supported security tools from your terminal — powered entirely by the backend. No local tool installation required.
Installation & Setupone-time
Install the Auto Offensive CLI with a single command. The CLI is distributed as a standalone binary — no dependencies, no package manager required.
Works on Linux and macOS (Intel and Apple Silicon). No dependencies required.
Default installation
$ curl -fsSL https://cli.auto-offensive.org/install.sh | shSee detailed progress
$ curl -fsSL https://cli.auto-offensive.org/install.sh | sh -s -- --verboseCustom install location
$ AOF_INSTALL_DIR=/opt/bin curl -fsSL https://cli.auto-offensive.org/install.sh | shUninstall
$ curl -fsSL https://cli.auto-offensive.org/install.sh | sh -s -- --uninstallVerify installation
$ aof --versionQuick Start
# 1. Log in with your account
$ aof login
# 2. Select a project
$ aof projects
# 3. Run a scan
$ aof scan
# 4. Check results
$ aof results
# 5. Generate a report
$ aof reportAuthentication
The CLI uses token-based authentication. Credentials are securely stored in your local config directory. All CLI requests to the backend require a valid session.
aof login to authenticate interactively, or pass --token <api-token> for non-interactive use in CI environments.aof logout to revoke the local session. Your token remains valid on other devices until manually revoked from the dashboard.# Browser-based login (default — opens Keycloak PKCE flow)
$ aof login
Opening browser for authentication...
✓ Login successful
Token saved to ~/.config/aof/token.json
# No-browser mode (prints URL to stdout)
$ aof login --no-browser
Visit: https://auth.auto-offensive.com/realms/aof/protocol/openid-connect/auth?...
Waiting for callback...
✓ Login successful
# Interactive TUI mode (Bubbletea guided flow)
$ aof login -i
┌────────────────────────────────────────┐
│ Auto-Offensive Login │
├────────────────────────────────────────┤
│ Email: user@example.com │
│ Password: •••••••• │
└────────────────────────────────────────┘
✓ Login successful
# Revoke session and remove stored credentials
$ aof logout
✓ Session revoked. Credentials removed from ~/.config/aof/Commands
| Command | Description |
|---|---|
| login | Log in via your browser |
| logout | Log out and clear stored credentials |
| projects | List and select projects |
| tools | View available security tools |
| scan | Run a security scan |
| results | View scan results |
| report | Generate a report from scan results |
| api-keys | Manage your API keys |
| tui | Launch the interactive terminal interface |
Supported Platforms
| OS | Architecture |
|---|---|
| Linux | x86_64 (amd64), arm64 |
| macOS | Intel (amd64), Apple Silicon (arm64) |
Troubleshooting
The install directory isn't in your PATH. The installer prints the exact command to fix this. Typically:
$ export PATH="$HOME/.local/bin:$PATH"Add that line to your ~/.zshrc, ~/.bashrc, or equivalent shell profile to make it permanent.
Run aof login to re-authenticate.
Remote Execution Model
The CLI never executes tools locally. It acts purely as a client — validating input, sending a structured request to the backend, and streaming back the results.
Real-Time Output Streaming
The CLI maintains a streaming connection with the backend throughout job execution. Live logs appear in your terminal exactly as they would if you ran the tool locally.
$ aof scan --project "Demo" subfinder -d example.com
✓ Scan submitted: job-abc123
[subfinder] Starting...
[subfinder] api.example.com
[subfinder] dev.example.com
[subfinder] staging.example.com
[subfinder] mail.example.com
[subfinder] vpn.example.com
[subfinder] ✓ Completed (5 results)
──────────────────────────────────
Found : 5 subdomains
Elapsed : 3.4s
✓ Scan finishedResult Handling
Results are both displayed in your terminal and automatically stored in the backend system. You can access them again later without re-running the scan.
Job Lifecycle Management
Every CLI execution creates a backend job. Jobs move through defined states and can be queried at any time.
Job management commands
# List recent jobs
$ aof jobs list
job_01HXYZ9KM3 subfinder example.com completed 3.4s ago
job_01HXYZ7AB1 naabu 192.168.1.0/24 running 12s
job_01HXYZ5CD2 httpx domains.txt failed 1m ago
# Check status of a specific job
$ aof jobs status job_01HXYZ9KM3
✓ Status: completed · 5 results · Elapsed: 3.4s
# Retrieve results of a past job
$ aof jobs results job_01HXYZ9KM3
✓ api.example.com
✓ dev.example.com
...Security & Access Control
The CLI enforces strict controls on what can be executed. No arbitrary commands or shell access are provided — execution is fully managed and sandboxed by the backend.
How It Works
Users never install individual security tools. The platform provides all tools as a managed service, accessible through a single CLI binary. Execution is always handled by the backend.
1 | subfinder | -> | Provided as a managed backend service via aof subfinder | Managed |
2 | httpx | -> | Provided as a managed backend service via aof httpx | Managed |
3 | naabu | -> | Provided as a managed backend service via aof naabu | Managed |
4 | nuclei | -> | Provided as a managed backend service via aof nuclei | Managed |
aof subfinderManagedaof httpxManagedaof naabuManagedaof nucleiManagedCentralised updates — tools are kept up to date by the platform. You always run the latest version without any action on your side.
Controlled usage — execution limits, rate controls, and audit logging are enforced uniformly across all users.
Environment Variables
Environment variables can override config file values. They take precedence over config file settings.
| Variable | Description | Default |
|---|---|---|
| AOF_API_URL | API base URL | http://localhost:8000 |
| AOF_TOKEN | Override bearer token (skip login) | — |
| AOF_KEYCLOAK_ISSUER | Keycloak issuer URL | — |
| AOF_KEYCLOAK_CLIENT_ID | OAuth2 client identifier | — |