Skip to content

operantlabs/operant-cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
src
src
 
 
.gitignore
.gitignore
 
 
.npmignore
.npmignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

operant-cli

Standalone CLI for Operant security testing tools. 51 offensive security tools across 19 categories — SQL injection, XSS, SSRF, PCAP forensics, memory forensics, recon, and more.

Install

npm install -g operant-cli

Or run directly:

npx operant-cli recon quick --target example.com

Usage

operant <category> <command> [options]

All commands output JSON to stdout. Use --pretty for formatted output.

operant --pretty recon quick --target example.com
operant sqli where-bypass --url "https://target/page?id=1" --parameter id --value 1
operant pcap overview --pcap-path capture.pcap

Categories

Category Commands Description
sqli 6 SQL injection (WHERE bypass, login bypass, UNION extract, blind boolean/time, file read)
xss 2 Cross-site scripting (reflected test, payload generator)
cmdi 2 Command injection (test, blind detect)
traversal 1 Path traversal with encoding variants
ssrf 2 Server-side request forgery (localhost bypass, cloud metadata)
pcap 8 PCAP forensics (overview, credentials, DNS, HTTP objects, scan detect, stream follow, TLS, LLMNR/NTLM)
recon 7 Reconnaissance (quick, DNS, vhost, TLS SANs, directory brute-force, git secrets, S3 buckets)
memory 3 Memory forensics (Volatility Linux/Windows, rootkit detection)
malware 2 Malware analysis (OLE analysis, macro extraction)
cloud 2 Cloud security (CloudTrail analysis, anomaly detection)
auth 3 Authentication (CSRF extraction, brute-force, cookie tampering)
accesscontrol 2 Access control (IDOR testing, role escalation)
bizlogic 2 Business logic (price manipulation, coupon abuse)
clickjack 2 Clickjacking (frame protection test, frame-buster bypass)
cors 1 CORS misconfiguration testing
fileupload 1 File upload / web shell testing
nosqli 2 NoSQL injection (auth bypass, detection)
deserialization 1 Deserialization attack testing
graphql 2 GraphQL (introspection, hidden field discovery)

Prerequisites

Different tools require different CLI utilities on PATH:

  • Most tools: curl
  • PCAP tools: tshark (Wireshark)
  • DNS recon: dig
  • TLS recon: openssl
  • Git secrets: git
  • Cloud tools: jq
  • Malware tools: oledump.py, olevba (oletools)
  • Memory tools: volatility (v2) or vol (v3)

License

MIT — Operant Labs

About

Standalone CLI for Operant security testing tools — 51 offensive security commands

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages