• Tools
  • Features
  • Resources

Introduction

Getting Started

Platform Features

Scanning
AI Analysis
Code Scanning (SAST)
Reports
Dashboard & Analytics

Developer Reference

REST API
CLI Reference
InstallationAuthenticationCommandsInteractive TUIExecution modelOutput streamingJob lifecycleSecurityEnvironment variables
CI/CD Integration
Tool Tactics
⌘K

On this page

Installation & SetupAuthenticationCommand ExecutionSupported ToolsRemote Execution ModelOutput StreamingResult HandlingJob LifecycleSecurity & Access ControlHow It Works
Feature Documentation · v2.0

CLI

A standalone command-line client that lets you run supported security tools from your terminal — powered entirely by the backend. No local tool installation required.

Cross-platform binary
Token-based auth
Real-time streaming

Installation & Setupone-time

Install the Auto Offensive CLI with a single command. The CLI is distributed as a standalone binary — no dependencies, no package manager required.

Works on Linux and macOS (Intel and Apple Silicon). No dependencies required.

Default installation

bash — install
$ curl -fsSL https://cli.auto-offensive.org/install.sh | sh

See detailed progress

bash — install verbose
$ curl -fsSL https://cli.auto-offensive.org/install.sh | sh -s -- --verbose

Custom install location

bash — install custom
$ AOF_INSTALL_DIR=/opt/bin curl -fsSL https://cli.auto-offensive.org/install.sh | sh

Uninstall

bash — uninstall
$ curl -fsSL https://cli.auto-offensive.org/install.sh | sh -s -- --uninstall

Verify installation

bash — verify
$ aof --version

Quick Start

bash — quick start
# 1. Log in with your account $ aof login # 2. Select a project $ aof projects # 3. Run a scan $ aof scan # 4. Check results $ aof results # 5. Generate a report $ aof report

Authentication

The CLI uses token-based authentication. Credentials are securely stored in your local config directory. All CLI requests to the backend require a valid session.

Login command
Run aof login to authenticate interactively, or pass --token <api-token> for non-interactive use in CI environments.
Interactive
Stored credentials
Authentication credentials are stored locally in your config file. They are never transmitted except as bearer tokens on each API request.
Secure
Logout
Run aof logout to revoke the local session. Your token remains valid on other devices until manually revoked from the dashboard.
bash — authentication
# Browser-based login (default — opens Keycloak PKCE flow) $ aof login Opening browser for authentication... ✓ Login successful Token saved to ~/.config/aof/token.json # No-browser mode (prints URL to stdout) $ aof login --no-browser Visit: https://auth.auto-offensive.com/realms/aof/protocol/openid-connect/auth?... Waiting for callback... ✓ Login successful # Interactive TUI mode (Bubbletea guided flow) $ aof login -i ┌────────────────────────────────────────┐ │ Auto-Offensive Login │ ├────────────────────────────────────────┤ │ Email: user@example.com │ │ Password: •••••••• │ └────────────────────────────────────────┘ ✓ Login successful # Revoke session and remove stored credentials $ aof logout ✓ Session revoked. Credentials removed from ~/.config/aof/

Commands

CommandDescription
loginLog in via your browser
logoutLog out and clear stored credentials
projectsList and select projects
toolsView available security tools
scanRun a security scan
resultsView scan results
reportGenerate a report from scan results
api-keysManage your API keys
tuiLaunch the interactive terminal interface

Supported Platforms

OSArchitecture
Linuxx86_64 (amd64), arm64
macOSIntel (amd64), Apple Silicon (arm64)

Troubleshooting

Command not found: aof

The install directory isn't in your PATH. The installer prints the exact command to fix this. Typically:

bash
$ export PATH="$HOME/.local/bin:$PATH"

Add that line to your ~/.zshrc, ~/.bashrc, or equivalent shell profile to make it permanent.

Token expired

Run aof login to re-authenticate.

Remote Execution Model

The CLI never executes tools locally. It acts purely as a client — validating input, sending a structured request to the backend, and streaming back the results.

Structured request
The CLI serialises your command and flags into a structured JSON request and sends it to the Auto Offensive backend over an authenticated HTTPS connection.
Scan job creation
The backend receives the request, validates it against the allowed parameter schema, and creates a new scan job with a unique job ID.
Isolated environment
The job executes in a sandboxed, isolated container managed by backend workers. Each execution is ephemeral and independent — no state bleeds between jobs.
Results streamed back
As the tool runs, stdout and stderr are streamed in real time back to your terminal via a persistent connection — so it feels like a local execution.

Real-Time Output Streaming

The CLI maintains a streaming connection with the backend throughout job execution. Live logs appear in your terminal exactly as they would if you ran the tool locally.

live output — aof scan --project Demo subfinder -d example.com
$ aof scan --project "Demo" subfinder -d example.com ✓ Scan submitted: job-abc123 [subfinder] Starting... [subfinder] api.example.com [subfinder] dev.example.com [subfinder] staging.example.com [subfinder] mail.example.com [subfinder] vpn.example.com [subfinder] ✓ Completed (5 results) ────────────────────────────────── Found : 5 subdomains Elapsed : 3.4s ✓ Scan finished

Result Handling

Results are both displayed in your terminal and automatically stored in the backend system. You can access them again later without re-running the scan.

Terminal display
All output is printed live to your terminal as the job runs — including final summary counts and a direct link to the job result page.
Automatic backend storage
Every result is automatically saved to your account. Results are attached to the corresponding scan job and project in the web UI.
View via web UI
Access any past job result from the Auto Offensive web dashboard — with full AI analysis, severity scoring, and report generation available.
Included in reports
CLI job results can be included in generated security reports just like results from web UI scans — PDF, DOCX, Excel, and JSON all supported.

Job Lifecycle Management

Every CLI execution creates a backend job. Jobs move through defined states and can be queried at any time.

Pending
Running
Completed
Failed

Job management commands

bash — job management
# List recent jobs $ aof jobs list job_01HXYZ9KM3 subfinder example.com completed 3.4s ago job_01HXYZ7AB1 naabu 192.168.1.0/24 running 12s job_01HXYZ5CD2 httpx domains.txt failed 1m ago # Check status of a specific job $ aof jobs status job_01HXYZ9KM3 ✓ Status: completed · 5 results · Elapsed: 3.4s # Retrieve results of a past job $ aof jobs results job_01HXYZ9KM3 ✓ api.example.com ✓ dev.example.com ...

Security & Access Control

The CLI enforces strict controls on what can be executed. No arbitrary commands or shell access are provided — execution is fully managed and sandboxed by the backend.

Predefined tools only
Only the supported tool set is accessible. Requests for unlisted tools or custom binaries are rejected before execution.
Parameter validation
Every request is validated against the allowed parameter schema on both the CLI and the backend. Injection attempts are blocked.
Isolated execution
Each job runs in its own isolated container. There is no shared state, no persistent filesystem access, and no system-level exposure.
Authenticated requests
All CLI requests require a valid API token. Unauthenticated or expired sessions are rejected immediately with a clear error.
Audit log
Every command, job, and result is logged against your account. Full audit history is available from the web dashboard.
No arbitrary execution
The CLI does not support shell pass-through, piping, or arbitrary command injection. The execution surface is completely controlled.
1
Predefined tools only
Only the supported tool set is accessible. Requests for unlisted tools or custom binaries are rejected before execution.
2
Parameter validation
Every request is validated against the allowed parameter schema on both the CLI and the backend. Injection attempts are blocked.
3
Isolated execution
Each job runs in its own isolated container. There is no shared state, no persistent filesystem access, and no system-level exposure.
4
Authenticated requests
All CLI requests require a valid API token. Unauthenticated or expired sessions are rejected immediately with a clear error.
5
Audit log
Every command, job, and result is logged against your account. Full audit history is available from the web dashboard.
6
No arbitrary execution
The CLI does not support shell pass-through, piping, or arbitrary command injection. The execution surface is completely controlled.

How It Works

Users never install individual security tools. The platform provides all tools as a managed service, accessible through a single CLI binary. Execution is always handled by the backend.

You do not install these tools locally
1
subfinder->Provided as a managed backend service via aof subfinderManaged
2
httpx->Provided as a managed backend service via aof httpxManaged
3
naabu->Provided as a managed backend service via aof naabuManaged
4
nuclei->Provided as a managed backend service via aof nucleiManaged
You do not install these tools locally
subfinder→Provided as a managed backend service via aof subfinderManaged
httpx→Provided as a managed backend service via aof httpxManaged
naabu→Provided as a managed backend service via aof naabuManaged
nuclei→Provided as a managed backend service via aof nucleiManaged
Benefits of managed execution
Consistent environments — every scan runs on the same controlled infrastructure, regardless of your local OS.

Centralised updates — tools are kept up to date by the platform. You always run the latest version without any action on your side.

Controlled usage — execution limits, rate controls, and audit logging are enforced uniformly across all users.

Environment Variables

Environment variables can override config file values. They take precedence over config file settings.

VariableDescriptionDefault
AOF_API_URLAPI base URLhttp://localhost:8000
AOF_TOKENOverride bearer token (skip login)—
AOF_KEYCLOAK_ISSUERKeycloak issuer URL—
AOF_KEYCLOAK_CLIENT_IDOAuth2 client identifier—
Previous
Dashboard & Analytics
Next
REST API