Nullify CLI dynamically tests and fuzzes your endpoints for security vulnerabilities.
Usage: nullify [--host HOST] [--verbose] [--debug] [--nullify-token NULLIFY-TOKEN] [--github-token GITHUB-TOKEN] <command> [<args>]
Options:
--host HOST The base URL of your Nullify API instance [default: api.nullify.ai]
--verbose, -v Enable verbose logging
--debug, -d Enable debug logging
--nullify-token NULLIFY-TOKEN
Nullify API token
--github-token GITHUB-TOKEN
GitHub actions job token to exchange for a Nullify API token
--help, -h display this help and exit
--version display version and exit
Commands:
dast Test the given app for bugs and vulnerabilities
Usage: nullify dast [--app-name APP-NAME] [--spec-path SPEC-PATH] [--target-host TARGET-HOST] [--header HEADER] [--github-owner GITHUB-OWNER] [--github-repo GITHUB-REPO] [--local] [--image-label IMAGE-LABEL] [--force-pull] [--use-host-network]
Options:
--app-name APP-NAME The unique name of the app to be scanned, you can set this to anything e.g. Core API
--spec-path SPEC-PATH
The file path to the OpenAPI file (both yaml and json are supported) e.g. ./openapi.yaml
--target-host TARGET-HOST
The base URL of the API to be scanned e.g. https://api.nullify.ai
--header HEADER List of headers for the DAST agent to authenticate with your API, separated by commas e.g. "Authorization: Bearer 1234,X-Custom-Header: abcxyz"
--github-owner GITHUB-OWNER
The GitHub username or organisation
--github-repo GITHUB-REPO
The repository name to create the Nullify issue dashboard in e.g. cli
--local Test the given app locally for bugs and vulnerabilities in private networks
--image-label IMAGE-LABEL
Version of the DAST local image that is used for scanning [default: latest]
--force-pull Force a docker pull of the latest version of the DAST local image
--use-host-network Use the host network for the DAST local scan
Global options:
--host HOST The base URL of your Nullify API instance [default: api.nullify.ai]
--verbose, -v Enable verbose logging
--debug, -d Enable debug logging
--nullify-token NULLIFY-TOKEN
Nullify API token
--github-token GITHUB-TOKEN
GitHub actions job token to exchange for a Nullify API token
--help, -h display this help and exit
--version display version and exit
The Nullify CLI need to authenticate with the Nullify API.
This can be done in the following ways:
--nullify-token
optionNULLIFY_TOKEN
environment variableCloud Hosted Scan:
nullify dast \
--app-name "My REST API" \
--spec-path "./openapi.json" \
--target-host "https://api.myapp1234.dev" \
--github-owner "my-username" \
--github-repo "my-repo" \
--header "Authorization: Bearer 1234,X-Custom-Header: abcxyz"
Locally Hosted Scan:
nullify dast \
--app-name "My REST API" \
--spec-path "./openapi.json" \
--target-host "https://api.myapp1234.dev" \
--github-owner "my-username" \
--github-repo "my-repo" \
--header "Authorization: Bearer 1234,X-Custom-Header: abcxyz" \
--local
Same Machine Scan:
nullify dast \
--app-name "My REST API" \
--spec-path "./openapi.json" \
--target-host "https://api.myapp1234.dev" \
--github-owner "my-username" \
--github-repo "my-repo" \
--header "Authorization: Bearer 1234,X-Custom-Header: abcxyz" \
--use-host-network \
--local
The locally hosted scan can be run from within private networks to test private APIs.
Name | Description | Required | Default |
---|---|---|---|
host |
The base URL of your Nullify API instance, e.g. https://api.nullify.ai | false |
https://api.nullify.ai |
verbose |
Enable verbose logging | false |
|
debug |
Enable debug logging | false |
|
nullify-token |
Nullify API token | false |
|
github-token |
GitHub actions job token to exchange for a Nullify API token | false |
|
help |
Display help and exit | false |
|
version |
Display version and exit | false |
Name | Description | Required | Default |
---|---|---|---|
app-name |
The unique name of the app to be scanned, e.g. Core API | true |
|
spec-path |
The file path to the OpenAPI file (both yaml and json are supported), e.g. ./openapi.yaml | true |
|
target-host |
The base URL of the API to be scanned, e.g. https://api.nullify.ai | true |
|
github-owner |
The GitHub username or organisation to create the Nullify issue dashboard in, e.g. nullify-platform | true |
|
github-repo |
The repository name to create the Nullify issue dashboard in, e.g. cli | true |
|
header |
List of headers for the DAST agent to authenticate with your API, string seperated by commas | false |
|
local |
Test the given app locally for bugs and vulnerabilities in private networks | false |
|
version |
Version of the DAST local image that is used for scanning [default: ] | false |
latest |