• Tools
  • Features
  • Resources

Introduction

Getting Started

Platform Features

Scanning
OverviewBasic scanMedium scanAdvanced pipeline scanSupported toolsQueue & lifecycleReal-time streaming
AI Analysis
Code Scanning (SAST)
Reports
Dashboard & Analytics

Developer Reference

REST API
CLI Reference
CI/CD Integration
Tool Tactics
⌘K

On this page

OverviewBasic scanMedium scanAdvanced pipeline scanSupported toolsQueue & lifecycleReal-time streaming
Platform core

Scanning

Auto-Offensive provides three scan modes that match different workflows — from single tool runs to multi-step pipelines. This page explains when to use each mode and how to submit scans.

Overview

A scan is one execution of a tool or pipeline. Auto-Offensive offers three modes:

Mode 1

Basic

Single tool with Light and Deep options. Fast and simple.

Best for: Quick checks, single tool tasks, exploration

Mode 2

Medium

Multi-tools with admin-validated options.

Best for: Custom configurations that need tuning

Mode 3

Advanced

Multi-tool Unix-style pipelines.

Best for: Full reconnaissance, complex workflows

Quick comparison

ModeEndpointToolsOptions
BasicPOST /scans/basic/submit1Light and Deep
MediumPOST /scans/medium/submitMultipleSchema-validated
AdvancedPOST /scans/advanced/submitMultiple (pipeline)Full Unix syntax

Basic scan

A basic scan runs a single tool with light and deep options. It's the fastest way to test a target.

How to use via UI

  1. Navigate to the Scans page from the sidebar.
  2. Click the New Scan button.
  3. Select Basic as the scan mode.
  4. Enter your target (e.g., example.com).
  5. Choose a tool from the dropdown (e.g., subfinder).
  6. Click Submit Scan.

Medium scan

A medium scan runs a 4 tool and gives you control over options. The backend validates options against the tool's scan_config.medium schema and applies safe defaults.

Why use Medium?
Medium is great when you want a balance between simplicity and control. You don't have to write a full pipeline, but you can still tune the scan for your targets.

How to use via UI

  1. Select Medium as the scan mode.
  2. Enter your target.
  3. Choose a tool (e.g., nuclei).
  4. A configuration form will appear. Adjust the tool-specific options (like Severity, Rate Limit, etc.).
  5. Click Submit Scan.

Advanced pipeline scan

An advanced scan lets you write Unix-style pipelines where the output of one tool flows into the next. It's the most powerful way to perform full reconnaissance workflows.

Pipeline syntax

Use Unix pipes (|) to chain tools. In the CLI, escape the pipe with a backslash (\|) to prevent your local shell from interpreting it.

How to use via UI

  1. Select Advanced as the scan mode.
  2. Enter your target.
  3. In the Pipeline editor, type your Unix-style command (e.g., subfinder -d example.com | httpx -sc).
  4. Click Submit Scan.
Tool-to-tool data flow
Not all tools compose with each other. subfinder outputs subdomains, httpx accepts subdomains/URLs, naabu outputs host:port pairs, nuclei accepts URLs. The backend rejects invalid pipelines.

Supported tools

Auto-Offensive runs 7 industry-standard security tools, all fully managed in sandboxed containers.

ToolCategoryPurposeOutput
subfinderReconPassive subdomain enumerationJSONL
httpxReconHTTP probing & fingerprintingJSONL
naabuNetworkFast TCP/UDP port scanningJSONL
nmapNetworkService detection, OS fingerprintingXML
nucleiVuln ScanTemplate-based vulnerability detectionJSONL
gobusterWebDirectory & file enumerationText
gitleaksSASTSecret detection in source codeJSON
Extensible tool registry
Tools are defined by JSON metadata in the backend tool registry. Admins can add, update, or deactivate tools through the /tools API without redeploying.

Queue & lifecycle

Scans are queued and processed by scalable workers. Each job moves through these states:

StatusMeaningType
JOB_STATUS_PENDINGAccepted, awaiting queueTransient
JOB_STATUS_QUEUEDIn the queueTransient
JOB_STATUS_RUNNINGCurrently executingTransient
JOB_STATUS_COMPLETEDFinished successfullyTerminal
JOB_STATUS_PARTIALSome steps failedTerminal
JOB_STATUS_FAILEDExecution errorTerminal
JOB_STATUS_CANCELLEDCancelled by user/systemTerminal

Queue management

bash · queue ops
# Check queue status GET /scans/advanced/queue/status # Get position of a queued job GET /scans/advanced/queue/jobs/{job_id}/position # Cancel a queued or running job POST /scans/advanced/queue/jobs/{job_id}/cancel

Real-time streaming

While a scan is running, logs are streamed back via Server-Sent Events (SSE). This lets you watch results live, just like running the tool locally.

bash · stream step logs
# Subscribe to step log stream curl -N https://api.auto-offensive.com/scans/steps/{step_id}/logs/stream \ -H "Authorization: Bearer $AOF_API_KEY" \ -H "Cache-Control: no-cache" # Event format event: log data: {"event_type":"log","data":"api.example.com"} event: log data: {"event_type":"log","data":"www.example.com"} event: done data: {"status":"stream_ended"}
Event types
  • log — Normal log line from the tool
  • stream-error — Error during streaming
  • done — Stream termination signal
Previous
Getting Started
Next
AI Analysis