CLI Overview
The Pentora command-line interface (CLI) provides direct access to all scanning capabilities, workspace management, and server control. The CLI is designed for technical operators performing ad-hoc scans, troubleshooting, and integration into automation workflows.
Philosophy
CLI vs UI Design
Pentora separates technical and non-technical user experiences:
CLI targets:
- Security operators and penetration testers
- DevOps engineers and SREs
- Automation and CI/CD pipelines
- Power users requiring fine-grained control
UI targets:
- Security managers and executives
- Compliance auditors
- Non-technical stakeholders
- Scheduled scan management
The CLI remains fully functional without the server component, while the UI requires the server for centralized operations.
Self-Sufficiency
The CLI never accesses server internals directly. When interacting with a remote Pentora server, the CLI uses the REST/gRPC API just like any external client.
Local Mode (no server):
pentora scan --targets 192.168.1.0/24
# Executes scan locally, writes to local workspace
Remote Mode (with server):
pentora scan --targets 192.168.1.0/24 --server https://pentora.company.com
# Submits scan job to server via API
Command Structure
pentora <command> [subcommand] [flags] [arguments]
Primary Commands
pentora scan
Execute security scans:
pentora scan --targets 192.168.1.0/24
Performs complete scan pipeline or selective phases. Most commonly used command.
See Scan Command Reference for details.
pentora workspace
Manage workspace and scan results:
pentora workspace list # List all scans
pentora workspace show <scan-id> # Show scan details
pentora workspace gc # Garbage collection
See Workspace Commands for details.
pentora server
Control Pentora server daemon:
pentora server start # Start server
pentora server stop # Stop server
pentora server status # Check server status
See Server Commands for details.
pentora fingerprint
Manage fingerprint catalogs:
pentora fingerprint sync # Update fingerprint database
pentora fingerprint list # List available rules
See Fingerprint Commands for details.
pentora version
Display version information:
pentora version
Output:
Pentora version 1.0.0
Build: 20231006-a1b2c3d
Go version: go1.21.3
Platform: linux/amd64
pentora dag
Validate and inspect DAG definitions:
pentora dag validate scan-profile.yaml # Validate DAG
pentora dag show scan-profile.yaml # Visualize DAG
Quick Start
Basic Network Scan
pentora scan --targets 192.168.1.0/24
Scan with Vulnerability Detection
pentora scan --targets 192.168.1.100 --vuln
List Scan Results
pentora workspace list
Export Results
pentora workspace export <scan-id> --format json -o report.json
Learn More
📋 Common Workflows
Learn common scanning patterns and use cases
View Workflows📊 Output Formats
Understand different output formats and verbosity levels
Learn More⚙️ Configuration
Configure CLI using files, environment variables, and flags
Configure CLI🔗 Integrations
Integrate with CI/CD, automation tools, and scripts
View ExamplesCommand Reference
| Command | Description |
|---|---|
| scan | Execute security scans |
| workspace | Manage scan results and workspace |
| server | Control Pentora server |
| fingerprint | Manage fingerprint database |