Struct Cli 

pub struct Cli {

    pub urls: Option<PathBuf>,
    pub stdin: bool,
    pub har: Option<PathBuf>,
    pub no_filter: bool,
    pub filter_timeout: u64,
    pub no_discovery: bool,
    pub output: Option<PathBuf>,
    pub format: CliFormat,
    pub stream: bool,
    pub baseline: Option<PathBuf>,
    pub quiet: bool,
    pub summary: bool,
    pub no_auto_report: bool,
    pub concurrency: usize,
    pub max_endpoints: usize,
    pub delay_ms: u64,
    pub retries: u32,
    pub timeout_secs: u64,
    pub waf_evasion: bool,
    pub user_agents: Vec<String>,
    pub headers: Vec<String>,
    pub cookies: Vec<String>,
    pub proxy: Option<String>,
    pub danger_accept_invalid_certs: bool,
    pub active_checks: bool,
    pub dry_run: bool,
    pub per_host_clients: bool,
    pub adaptive_concurrency: bool,
    pub auth_bearer: Option<String>,
    pub auth_basic: Option<String>,
    pub auth_flow: Option<PathBuf>,
    pub auth_flow_b: Option<PathBuf>,
    pub unauth_strip_headers: Option<Vec<String>>,
    pub session_file: Option<PathBuf>,
    pub no_cors: bool,
    pub no_csp: bool,
    pub no_graphql: bool,
    pub no_api_security: bool,
    pub no_jwt: bool,
    pub no_openapi: bool,
    pub no_mass_assignment: bool,
    pub no_oauth_oidc: bool,
    pub no_rate_limit: bool,
    pub no_cve_templates: bool,
    pub no_websocket: bool,
    pub min_severity: Option<CliSeverity>,
    pub fail_on: CliSeverity,
}

A fast, async web security scanner.

Reads a list of URLs from a file or stdin, runs the enabled checks concurrently, and writes findings in JSON or NDJSON format.

Fields

urls: Option<PathBuf>

Path to a newline-delimited file of URLs to scan.

stdin: bool

Read newline-delimited URLs from stdin instead of a file.

har: Option<PathBuf>

Path to a HAR file; imports log.entries[].request.url as scan seeds.

no_filter: bool

Skip pre-filtering of inaccessible URLs (enabled by default).

filter_timeout: u64

Timeout for accessibility pre-check (seconds).

no_discovery: bool

Skip endpoint discovery and scan only the provided seed URLs.

output: Option<PathBuf>

Write findings to this file path (default: stdout).

format: CliFormat

Output format.

stream: bool

Emit NDJSON findings as they arrive (NDJSON only).

baseline: Option<PathBuf>

Baseline NDJSON file; suppress findings already present in baseline.

quiet: bool

Suppress all stdout output except findings (no summary box).

summary: bool

Print the summary box even in quiet mode.

no_auto_report: bool

Disable automatic local report persistence under ~/Documents/ApiHunterReports.

concurrency: usize

Maximum number of concurrent in-flight requests.

max_endpoints: usize

Maximum number of endpoints to scan per site (0 = unlimited).

delay_ms: u64

Per-domain minimum delay between requests (milliseconds).

retries: u32

Maximum number of retry attempts on transient errors.

timeout_secs: u64

Per-request timeout (seconds).

waf_evasion: bool

Enable WAF-evasion heuristics (randomised UA, header shuffling, jitter).

user_agents: Vec<String>

Rotate through these User-Agent strings (comma-separated). Implies –waf-evasion.

headers: Vec<String>

Extra request headers applied to every request (e.g. “Authorization: Bearer xxx”).

cookies: Vec<String>

Cookies applied to every request (e.g. “session=abc123,theme=dark”).

proxy: Option<String>

HTTP/HTTPS proxy URL (e.g. http://127.0.0.1:8080).

danger_accept_invalid_certs: bool

Accept invalid / self-signed TLS certificates (dangerous).

active_checks: bool

Enable active (potentially invasive) checks.

dry_run: bool

Dry-run active checks: do not send mutation probes, emit informational “would test” findings.

per_host_clients: bool

Use per-host HTTP client pools.

adaptive_concurrency: bool

Enable adaptive concurrency (AIMD).

auth_bearer: Option<String>

Convenience: add Authorization: Bearer <token>.

auth_basic: Option<String>

Convenience: add Authorization: Basic <base64(user:pass)>.

auth_flow: Option<PathBuf>

Path to a JSON auth flow descriptor for pre-scan login. See docs/auth-flow.md for the format.

auth_flow_b: Option<PathBuf>

Second auth flow for cross-user IDOR checks (–active-checks required).

unauth_strip_headers: Option<Vec<String>>

Extra auth-like headers to strip for unauthenticated probes (comma-separated).

session_file: Option<PathBuf>

Load/save cookies from a JSON session file.

no_cors: bool

Disable the CORS scanner.

no_csp: bool

Disable the CSP scanner.

no_graphql: bool

Disable the GraphQL scanner.

no_api_security: bool

Disable the API-security scanner.

no_jwt: bool

Disable the JWT scanner.

no_openapi: bool

Disable the OpenAPI scanner.

no_mass_assignment: bool

Disable the Mass Assignment scanner (active checks).

no_oauth_oidc: bool

Disable the OAuth/OIDC scanner (active checks).

no_rate_limit: bool

Disable the Rate Limit scanner (active checks).

no_cve_templates: bool

Disable the CVE Template scanner (active checks).

no_websocket: bool

Disable the WebSocket scanner (active checks).

min_severity: Option<CliSeverity>

Minimum severity to include in findings output.

fail_on: CliSeverity

Exit with code 1 when findings at or above this severity are found.

Trait Implementations

impl Args for Cli

fn group_id() -> Option<Id>

Report the ArgGroup::id for this set of arguments

fn augment_args<'b>(__clap_app: Command) -> Command

Append to Command so it can instantiate Self via FromArgMatches::from_arg_matches_mut

fn augment_args_for_update<'b>(__clap_app: Command) -> Command

Append to Command so it can instantiate self via FromArgMatches::update_from_arg_matches_mut

impl CommandFactory for Cli

fn command<'b>() -> Command

Build a Command that can instantiate Self.

fn command_for_update<'b>() -> Command

Build a Command that can update self.

impl Debug for Cli

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl FromArgMatches for Cli

fn from_arg_matches(__clap_arg_matches: &ArgMatches) -> Result<Self, Error>

Instantiate Self from ArgMatches, parsing the arguments as needed.

fn from_arg_matches_mut( __clap_arg_matches: &mut ArgMatches, ) -> Result<Self, Error>

Instantiate Self from ArgMatches, parsing the arguments as needed.

fn update_from_arg_matches( &mut self, __clap_arg_matches: &ArgMatches, ) -> Result<(), Error>

Assign values from ArgMatches to self.

fn update_from_arg_matches_mut( &mut self, __clap_arg_matches: &mut ArgMatches, ) -> Result<(), Error>

Assign values from ArgMatches to self.

impl Parser for Cli

fn parse() -> Self

Parse from std::env::args_os(), exit on error.

fn try_parse() -> Result<Self, Error>

Parse from std::env::args_os(), return Err on error.

fn parse_from<I, T>(itr: I) -> Self

where I: IntoIterator<Item = T>, T: Into<OsString> + Clone,

Parse from iterator, exit on error.

fn try_parse_from<I, T>(itr: I) -> Result<Self, Error>

where I: IntoIterator<Item = T>, T: Into<OsString> + Clone,

Parse from iterator, return Err on error.

fn update_from<I, T>(&mut self, itr: I)

where I: IntoIterator<Item = T>, T: Into<OsString> + Clone,

Update from iterator, exit on error.

fn try_update_from<I, T>(&mut self, itr: I) -> Result<(), Error>

where I: IntoIterator<Item = T>, T: Into<OsString> + Clone,

Update from iterator, return Err on error.