Documents/Scanning/

Using SmartScanner CLI (sms)

SmartScanner CLI (sms.exe) is the command-line version of SmartScanner, designed for security professionals and developers to scan web applications for vulnerabilities efficiently. This tool allows users to perform targeted scans and export results in JSON format for further analysis.

Installation and Location

SmartScanner CLI (sms.exe) comes with the default installation of SmartScanner. The sms.exe executable is located in:

%LocalAppData%\Programs\SmartScanner

Usage

sms.exe [options] [targets...]

Arguments

targets... One or more target URLs (e.g., https://example.com). If provided, it’s equivalent to using -u <URL>. Can be combined with the -u or -f options.

Options

Target Specification

-u, --url <URL> Specify a target URL to scan. Can be used multiple times. Example:
```
sms.exe -u https://example.com -u https://another.com
```
-f, --file <FILE> Load list of target URLs from a file (one per line). Example:
```
sms.exe -f urls.txt
```

Output Options

-o, --output <file> Save the scan results as a JSON file at the specified path. Example:
```
sms.exe -u https://example.com -o C:\Reports\report.json
```

Authentication Options

--auth-basic <user:pass> Use HTTP Basic Authentication. Provide credentials inline. Example:
```
sms.exe -u https://example.com --auth-basic admin:securepassword
```

Proxy Options

--proxy <proxy_url> Use the specified proxy server for all requests. Supports HTTP and SOCKS5. Example:

sms.exe -u https://example.com --proxy http://proxy.example.com:8080
sms.exe -u https://example.com --proxy socks5://hostname:1080

--proxy-auth <user:pass> Provide authentication credentials for the proxy server. Example:

sms.exe -u https://example.com --proxy http://proxy.example.com:8080 --proxy-auth admin:securepassword

Custom User-Agent

--user-agent <ua_string> Set a custom User-Agent header for all requests. Example:
```
sms.exe -u https://example.com --user-agent "SmartScannerCLI/2.0"
```

Scan Control

--exit-on <level> Stop the scan immediately if a vulnerability of the given severity is found. Allowed levels: informational, low, medium, high Example:
```
sms.exe -u https://example.com --exit-on medium
```
This command will stop the scan if a vulnerability of medium or higher severity is detected.

Exit Code Behavior:
- With --exit-on, returns non-zero if the condition is met.
- Without --exit-on, returns 0 even if vulnerabilities are found.

Help and Version

-h, --help, -? Display the help information.
-v, --version Display the version number.

Example Usage

Scan a Single URL

sms.exe https://example.com

Scan with Multiple URLs

sms.exe -u https://a.com -u https://b.com

Scan Using a URL List File

sms.exe -f urls.txt

Save JSON Report

sms.exe -u https://example.com -o report.json

Use Proxy and Authentication

sms.exe -u https://example.com --proxy http://proxy:8080 --proxy-auth user:pass

Stop on Medium Severity

sms.exe -u https://example.com --exit-on medium

←Creating Scan Report Security Tests→

Still need help? contact us Last updated on May 19, 2025