APHIDS CLI Guide¶
Welcome to the APHIDS CLI documentation. APHIDS (Automated Penetration and Hacking Intrusion Detection System) is a powerful command-line interface for automated security testing.
What is APHIDS CLI?¶
APHIDS CLI is a Docker-based command-line tool that provides:
- Automated Security Testing: Execute comprehensive security scans from the command line
- Docker Isolation: Run security tools in isolated containers
- Online/Offline Modes: Work with or without Hive platform connectivity
- Flexible Configuration: YAML-based configuration for easy customization
- Extensive Module Support: Access to 30+ security testing tools
Quick Overview¶
Getting Started¶
Prerequisites¶
Before installing APHIDS CLI, you need:
- Docker: Version 20.10 or higher
- Python: Version 3.8 or higher
- pip: Python package manager
- Operating System: Linux, macOS, or Windows with WSL2
Check prerequisites: Prerequisites Guide
Installation Steps¶
- Install Docker - Set up Docker on your system
- Install APHIDS CLI - Install the command-line tool
- Pull the Container - Download the APHIDS container
- Verify Installation - Test your setup
Estimated time: 15-30 minutes
Quick Start Command¶
Once installed, run your first scan:
# Pull the container
docker pull ghcr.io/darksidesecurity/aphids:latest
# Install CLI
pip3 install git+https://github.com/darksidesecurity/aphids.git
# Run a scan (offline mode)
aphids-cli -o options.yaml -c config.yaml
Operating Modes¶
Online Mode¶
Connect to the Hive platform for orchestration and data synchronization.
Features: - Retrieve runbooks from Hive - Sync results in real-time - Associate with engagements - Centralized configuration
Example:
aphids-cli \
--api-key YOUR_API_KEY \
--api-url https://api.hive.darksidesecurity.io \
--runbook RUNBOOK_ID \
--target-url https://example.com \
--engagement ENGAGEMENT_ID
Learn more: Online Mode Guide
Offline Mode¶
Run standalone without Hive platform connectivity.
Features: - Local configuration files - No internet required - Standalone operation - Manual result management
Example:
Learn more: Offline Mode Guide
Key Features¶
Docker-Based Execution¶
All security tools run in isolated Docker containers:
✅ Isolation: Protect your host system
✅ Consistency: Same environment every time
✅ Portability: Run anywhere Docker runs
✅ Security: Contained execution limits risk
✅ Easy Updates: Pull new container versions
Extensive Module Library¶
Access to 30+ security testing tools:
| Category | Modules |
|---|---|
| Network Scanning | Nmap, Masscan |
| Web Testing | Nikto, Wapiti, ZAP, WhatWeb |
| Subdomain Enum | Amass, Sublist3r, Subfinder |
| Vulnerability Scanning | Nuclei, Nessus |
| SSL/TLS Testing | SSLScan, TestSSL |
| Information Gathering | Shodan, Censys |
View all modules: Module Overview
Flexible Configuration¶
YAML-based configuration for easy customization:
# options.yaml
version: "1.0"
scan:
name: "My Security Scan"
description: "Comprehensive security assessment"
modules:
- name: "nmap"
enabled: true
args:
target: "192.168.1.0/24"
ports: "1-1000"
scan_type: "syn"
- name: "nikto"
enabled: true
args:
target: "https://example.com"
tuning: "1,2,3"
Learn more: Configuration Guide
Hive Platform Integration¶
Seamlessly integrate with the Hive platform:
- Runbook Execution: Execute platform runbooks via CLI
- Attack Tree Support: Run complex attack scenarios
- Real-Time Sync: Results sync to platform automatically
- Engagement Association: Link scans to engagements
- API Access: Full API integration
Learn more: Hive Integration
Common Use Cases¶
Use Case 1: Automated Penetration Testing¶
Execute comprehensive penetration tests from the command line:
# Run a complete web app pentest
aphids-cli \
--api-key $API_KEY \
--runbook web-app-pentest \
--target-url https://target.com \
--engagement $ENGAGEMENT_ID \
--verbose
Guide: Penetration Testing Workflow
Use Case 2: CI/CD Integration¶
Add security testing to your deployment pipeline:
# .github/workflows/security-scan.yml
- name: Security Scan
run: |
aphids-cli \
--api-key ${{ secrets.HIVE_API_KEY }} \
--runbook ci-security-scan \
--target-url https://staging.example.com
Guide: CI/CD Integration
Use Case 3: Scheduled Scanning¶
Automate recurring security scans with cron:
# Add to crontab
0 2 * * * /usr/local/bin/aphids-cli -o /path/to/options.yaml -c /path/to/config.yaml
Guide: Automation Guide
Use Case 4: Bug Bounty Hunting¶
Streamline reconnaissance for bug bounty programs:
# Quick subdomain enumeration
aphids-cli \
--api-key $API_KEY \
--runbook subdomain-enum \
--target-domain target.com \
--verbose
Guide: Bug Bounty Workflow
Command Reference¶
Basic Commands¶
# Show help
aphids-cli --help
# Show version
aphids-cli --version
# Run offline scan
aphids-cli -o options.yaml -c config.yaml
# Run online scan with runbook
aphids-cli -k API_KEY -r RUNBOOK_ID --target-url https://example.com
# Run with attack tree
aphids-cli -k API_KEY -at TREE_ID --target-url https://example.com
# Verbose output
aphids-cli -o options.yaml -c config.yaml --verbose
# Debug mode
aphids-cli -o options.yaml -c config.yaml --debug
Full reference: Basic Commands
Advanced Options¶
# Custom Docker image
aphids-cli -o options.yaml -c config.yaml -i custom-aphids:latest
# Static path mapping
aphids-cli -o options.yaml -c config.yaml -sp /path/to/code
# Network specification
aphids-cli -k API_KEY -r RUNBOOK_ID --target-url https://example.com -n domain.local
# Tool output preservation
aphids-cli -o options.yaml -c config.yaml --tool-output
Full reference: Advanced Options
Architecture¶
How APHIDS Works¶
graph TB
A[APHIDS CLI] --> B[Docker Engine]
B --> C[APHIDS Core Container]
C --> D[Security Modules]
D --> E[Target Systems]
C --> F[Output Parsers]
F --> G[Results]
G --> H[Hive Platform]
G --> I[Local Files]
Components¶
- APHIDS CLI: Python-based command-line interface
- Docker Engine: Container runtime
- APHIDS Core: Main execution engine in container
- Security Modules: Individual testing tools (Nmap, Nikto, etc.)
- Output Parsers: Convert tool output to structured data
- Results Handler: Send to Hive or save locally
Best Practices¶
Security¶
- Run in Isolated Environment: Use dedicated testing systems
- Limit Privileges: Don't run as root unless necessary
- Secure API Keys: Store in environment variables or secrets manager
- Review Scope: Always verify authorization before scanning
- Clean Up: Remove sensitive data after testing
Performance¶
- Resource Allocation: Ensure sufficient CPU and memory
- Network Bandwidth: Consider bandwidth for large scans
- Parallel Execution: Use attack trees for parallel scanning
- Container Cleanup: Regularly clean up Docker resources
- Result Storage: Monitor disk space for large scans
Workflow¶
- Test Configuration: Validate config files before large scans
- Start Small: Test with single targets first
- Monitor Progress: Use verbose mode to track execution
- Save Configurations: Reuse successful configurations
- Document Results: Keep records of scan parameters
Troubleshooting¶
Common Issues¶
| Issue | Solution |
|---|---|
| Docker not found | Install Docker |
| Permission denied | Add user to docker group |
| Container won't start | Check Docker logs |
| No results | Verify target reachability |
| API connection failed | Check API key and URL |
Full guide: Check the FAQ section for common issues
Getting Help¶
- 📖 Documentation: Search this site
- 💬 Community: Join our forums
- 🐛 Bug Reports: GitHub Issues
- 📧 Support: support@darksidesecurity.io
What's Next?¶
Choose your learning path:
🟢 Beginner Path¶
🟡 Intermediate Path¶
🔴 Advanced Path¶
⚡ Ready to Get Started?
Begin with the Prerequisites Guide to set up APHIDS CLI!