Documents/CLI/

Using SmartScanner CLI (sms)

SmartScanner CLI (sms.exe) is the command-line version of SmartScanner, designed for security professionals and developers to perform automated security scans on web applications. This documentation explains all available command‑line options.

Installation and Location

SmartScanner CLI (sms.exe) comes with the default installation of SmartScanner. The sms.exe executable is located in:

%LocalAppData%\Programs\SmartScanner

Usage

sms.exe [options] [targets...]

targets…

One or more target URLs (e.g., https://example.com). If provided, it’s equivalent to using -u <URL>. Can be combined with the -u or -f options.

Options

Target Specification

-u, --url <URL>: Specify a target URL to scan. Can be used multiple times.

-f, --file <FILE>: Load a list of URLs (one per line).

Configuration

-c, --config <FILE>: Load a scan configuration file. Useful for advanced settings or pre‑defined scan profiles.

Example:

sms -c scan-config.json -u https://example.com

💡 Read the configuration file guide

⚠️ Note: Other command line options might overide configurations loaded from file.

Output Options

-o, --output <file>: Specify the full JSON report output path.

Example:

sms -u https://example.com -o C:\Reports\report.json

Authentication Options

--auth-basic <user:pass>: Use HTTP Basic Authentication.

Example:

sms -u https://example.com --auth-basic admin:password

Proxy Options

--proxy <proxy_url>: Send all requests through a proxy. Supports HTTP, HTTPS, SOCKS5.

--proxy-auth <user:pass>: Provide proxy authentication.

Example:

sms -u https://example.com --proxy http://proxy:8080 --proxy-auth user:pass

Custom Headers and Behavior

--user-agent <ua_string>: Override the default User‑Agent.

Example:

sms -u https://example.com --user-agent "SmartScannerCLI/2.0"

--no-crawl: Disable automatic crawling. Only the provided target URL(s) will be scanned.

Example:

sms -u https://example.com --no-crawl

-s, --scope <REGEX>: Limit scan scope using a regular expression. Useful for restricting crawling to a specific path or subdomain.

Example:

sms -u https://example.com --scope ".*example.com/app/.*"

Scan Control

--exit-on <level>

Stop scanning immediately if a vulnerability of the specified severity is found.

Allowed values:

Example:

sms -u https://example.com --exit-on medium

This stops the scan after finding any medium‑or‑higher severity result.

Exit Behavior:

Help and Version

-h, --help, -?

Display help.

-v, --version

Display version information.

Examples

Basic Scan

sms https://example.com

Multiple URLs

sms -u https://a.com -u https://b.com

Load URLs from File

sms -f urls.txt

Save JSON Output

sms -u https://example.com -o result.json

Use Proxy + Auth

sms -u https://example.com --proxy http://proxy:8080 --proxy-auth user:pass

Disable Crawling

sms -u https://example.com --no-crawl

Stop on High Severity

sms -u https://example.com --exit-on high
Setting Target Environments and Technologies SmartScanner Configuration File Guide
Still need help? contact us Last updated on December 01, 2025

Need more information? Feel free to ask your questions!

Ask a question