-
Notifications
You must be signed in to change notification settings - Fork 0
Commands Assess
github-actions[bot] edited this page May 28, 2026
·
1 revision
The assess command evaluates security configurations and identifies vulnerabilities.
domainraptor assess [OPTIONS] COMMAND [ARGS]Purpose: Assess vulnerabilities, check security configurations, and identify outdated software.
| Option | Short | Description | Default |
|---|---|---|---|
--target |
-T |
Target domain or IP | Required |
--save/--no-save |
Save to database | True |
Check for known vulnerabilities:
domainraptor assess vulns example.comOptions:
| Option | Short | Description | Default |
|---|---|---|---|
--min-severity |
-s |
Minimum severity (low, medium, high, critical) | low |
--cve/--no-cve |
Check CVE databases | True |
|
--services/--no-services |
Scan service versions for vulns | True |
|
--exploits/--no-exploits |
-e |
Enrich with CISA KEV, EPSS and Exploit-DB | True |
--save/--no-save |
Persist results to the database | False |
Examples:
# Basic vulnerability check (exploit enrichment ON by default)
domainraptor assess vulns example.com
# Only high and critical vulnerabilities
domainraptor assess vulns example.com --min-severity high
# Skip exploit enrichment (faster, offline-safe)
domainraptor assess vulns example.com --no-exploits
# Save the run to the database for later reporting
domainraptor assess vulns example.com --save💡 When
--exploitsis enabled, every CVE is enriched with CISA KEV membership, EPSS score/percentile and Exploit-DB references. Seeassess exploitsbelow for the standalone command and Risk Algorithm for how these signals affect the Risk Score.
Example Output (No Vulnerabilities):
ℹ Vulnerability assessment for: example.com
ℹ Min severity: low | CVE check: True
╭─────────────────── Scan Summary ───────────────────╮
│ Target: example.com │
│ Type: assess_vulns │
│ Status: completed │
│ Duration: 12.5s │
│ │
│ Findings: │
│ • Vulnerabilities: 0 │
╰────────────────────────────────────────────────────╯
✓ No vulnerabilities found!
Example Output (Vulnerabilities Found):
ℹ Vulnerability assessment for: vulnerable-site.com
Discovered Vulnerabilities
┏━━━━━━━━━━━━━━━━━┳━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ CVE ID ┃ Severity ┃ CVSS ┃ Description ┃
┡━━━━━━━━━━━━━━━━━╇━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ CVE-2024-1234 │ CRITICAL │ 9.8 │ Remote code execution in Apache... │
│ CVE-2024-5678 │ HIGH │ 7.5 │ SQL injection in login form... │
│ CVE-2023-9012 │ MEDIUM │ 5.3 │ Information disclosure via... │
└─────────────────┴──────────┴─────────┴────────────────────────────────────┘
⚠ Found 3 vulnerabilities (1 critical, 1 high, 1 medium)
Check security configurations:
domainraptor assess config example.comOptions:
| Option | Short | Description | Default |
|---|---|---|---|
--category |
-c |
Category: all, ssl, dns, headers | all |
--strict |
Use strict security standards | False |
Examples:
# Check all configurations
domainraptor assess config example.com
# SSL/TLS configuration only
domainraptor assess config example.com --category ssl
# DNS security only
domainraptor assess config example.com --category dns
# HTTP headers only
domainraptor assess config example.com --category headers
# Strict mode (more findings)
domainraptor assess config example.com --strictExample Output:
ℹ Configuration assessment for: example.com
ℹ Category: all
╭─────────────────── Scan Summary ───────────────────╮
│ Target: example.com │
│ Type: assess_config │
│ Status: completed │
│ Duration: 8.3s │
│ │
│ Findings: │
│ • Config Issues: 7 │
╰────────────────────────────────────────────────────╯
Configuration Issues
┏━━━━━━━━━┳━━━━━━━━━━┳━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━┓
┃ ID ┃ Severity ┃ Category ┃ Title ┃ Asset ┃
┡━━━━━━━━━╇━━━━━━━━━━╇━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━┩
│ SSL-001 │ HIGH │ ssl │ TLS 1.0 enabled (deprecated) │ example.com:443│
│ SSL-002 │ MEDIUM │ ssl │ Weak cipher suites enabled │ example.com:443│
│ DNS-001 │ MEDIUM │ dns │ DNSSEC not enabled │ example.com │
│ DNS-002 │ LOW │ dns │ DMARC policy set to none │ example.com │
│ DNS-003 │ LOW │ dns │ No DKIM records found │ example.com │
│ HDR-001 │ MEDIUM │ headers │ Missing X-Frame-Options header │ example.com │
│ HDR-002 │ MEDIUM │ headers │ Missing Content-Security-Policy │ example.com │
└─────────┴──────────┴──────────┴────────────────────────────────────┴────────────────┘
Issues by Category:
ssl: 2
dns: 3
headers: 2
| ID | Severity | Check |
|---|---|---|
| SSL-001 | HIGH | TLS 1.0/1.1 enabled |
| SSL-002 | MEDIUM | Weak cipher suites |
| SSL-003 | HIGH | Certificate expired |
| SSL-004 | HIGH | No modern TLS support |
| SSL-005 | MEDIUM | Certificate chain incomplete |
| SSL-006 | LOW | HSTS not enabled |
| SSL-007 | LOW | OCSP stapling not enabled |
| SSL-010 | HIGH | Self-signed certificate |
| SSL-020 | HIGH | Invalid certificate |
| ID | Severity | Check |
|---|---|---|
| DNS-001 | MEDIUM | DNSSEC not enabled |
| DNS-010 | LOW | SPF record missing |
| DNS-011 | LOW | SPF too permissive |
| DNS-020 | LOW | DMARC missing |
| DNS-021 | LOW | DMARC policy none |
| DNS-030 | LOW | DKIM not found |
| DNS-040 | LOW | CAA records missing |
| DNS-050 | INFO | Multiple NS providers |
| DNS-051 | INFO | Single NS provider |
| ID | Severity | Check |
|---|---|---|
| HDR-001 | MEDIUM | X-Frame-Options missing |
| HDR-002 | MEDIUM | Content-Security-Policy missing |
| HDR-003 | LOW | X-Content-Type-Options missing |
| HDR-004 | LOW | X-XSS-Protection missing |
| HDR-005 | MEDIUM | Strict-Transport-Security missing |
| HDR-006 | LOW | Referrer-Policy missing |
| HDR-007 | LOW | Permissions-Policy missing |
| HDR-010 | INFO | Server header exposed |
| HDR-011 | INFO | X-Powered-By exposed |
| HDR-ERR | HIGH | Failed to fetch headers |
Check for outdated software versions:
domainraptor assess outdated example.comOptions:
| Option | Short | Description | Default |
|---|---|---|---|
--include-minor |
Include minor version updates | False |
Examples:
# Check for major outdated versions
domainraptor assess outdated example.com
# Include minor version updates
domainraptor assess outdated example.com --include-minorExample Output (No Issues):
ℹ Outdated software check for: example.com
╭─────────────────── Scan Summary ───────────────────╮
│ Target: example.com │
│ Type: assess_outdated │
│ Status: completed │
│ Duration: 5.2s │
╰────────────────────────────────────────────────────╯
✓ All detected software is up to date!
Example Output (Outdated Software):
ℹ Outdated software check for: outdated-site.com
Outdated Software
┏━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━┓
┃ Software ┃ Current Version ┃ Latest Version ┃ Severity ┃
┡━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━┩
│ nginx │ 1.18.0 │ 1.25.4 │ HIGH │
│ OpenSSL │ 1.1.1 │ 3.2.1 │ CRITICAL │
│ PHP │ 7.4.33 │ 8.3.4 │ HIGH │
│ jQuery │ 2.1.4 │ 3.7.1 │ MEDIUM │
└────────────────┴─────────────────┴─────────────────┴──────────┘
⚠ Found 4 outdated components
List vulnerabilities from a previous scan with optional NVD enrichment:
domainraptor assess list <SCAN_ID>Options:
| Option | Short | Description | Default |
|---|---|---|---|
--enrich |
-e |
Fetch CVE descriptions from NVD API | False |
--all |
-a |
Show all vulnerabilities (no limit) | False |
--json |
Output as JSON | False |
|
--min-severity |
-s |
Minimum severity filter | low |
Examples:
# List vulnerabilities from scan 34
domainraptor assess list 34
# Enrich with NVD descriptions and CVSS scores
domainraptor assess list 34 --enrich
# Filter by high severity only
domainraptor assess list 34 --min-severity high
# Export as JSON
domainraptor assess list 34 --json > vulns.jsonExample Output:
ℹ Found 52 vulnerabilities (min severity: low)
Vulnerabilities - Scan 34 (52 total)
┏━━━━━━━━━━━━━━━━━┳━━━━━━━━━━┳━━━━━━━━┳━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ CVE ID ┃ Severity ┃ CVSS ┃ Affected ┃ Description ┃
┡━━━━━━━━━━━━━━━━━╇━━━━━━━━━━╇━━━━━━━━╇━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━┩
│ CVE-2022-3358 │ HIGH │ 7.5 │ 168.119.238.139 │ OpenSSL cipher... │
│ CVE-2023-2650 │ MEDIUM │ 6.5 │ 168.119.238.139 │ ASN.1 processing... │
│ CVE-2022-1292 │ HIGH │ 7.3 │ 168.119.238.139 │ c_rehash script... │
└─────────────────┴──────────┴────────┴───────────────────┴────────────────────────┘
With --enrich flag:
The --enrich option fetches official CVE descriptions from the NVD API:
- Full vulnerability descriptions
- Accurate CVSS v3 scores
- Severity levels (CRITICAL, HIGH, MEDIUM, LOW)
⚠️ Note: NVD API has rate limits (~5 req/30s without API key). For faster enrichment, setNVD_API_KEYin~/.domainraptor/.env.
Perform a complete security assessment:
# Step 1: Check vulnerabilities
domainraptor assess vulns example.com
# Step 2: Check configuration
domainraptor assess config example.com
# Step 3: Check outdated software
domainraptor assess outdated example.comOr run all assessments and generate a report:
# Run discovery first
domainraptor discover -T example.com
# Run all assessments
domainraptor assess vulns example.com
domainraptor assess config example.com
domainraptor assess outdated example.com
# Generate comprehensive report
domainraptor report generate example.com -f html -o security_assessment.html --remediation| Severity | Description | Action Required |
|---|---|---|
| CRITICAL | Immediate exploitation risk | Fix immediately |
| HIGH | Significant security risk | Fix within 24-48 hours |
| MEDIUM | Moderate security concern | Fix within 1-2 weeks |
| LOW | Minor security improvement | Fix when convenient |
| INFO | Informational finding | Review and assess |
Each finding includes remediation guidance. Generate a report with remediation steps:
domainraptor report generate example.com --remediation -f html -o report.htmlCommon remediations:
| Issue | Remediation |
|---|---|
| TLS 1.0/1.1 enabled | Configure server to use TLS 1.2+ only |
| DNSSEC not enabled | Enable DNSSEC at your DNS provider |
| DMARC missing | Add DMARC TXT record to DNS |
| Missing security headers | Configure web server to add headers |
| Outdated software | Update to latest stable versions |
Enrich stored CVEs (or a single CVE id) with CISA KEV, EPSS and Exploit-DB intelligence. None of these sources require an API key.
domainraptor assess exploits example.com
domainraptor assess exploits CVE-2021-44228What it does:
- CISA KEV — flags CVEs in the Known Exploited Vulnerabilities catalogue (actively exploited in the wild).
- EPSS — fetches the FIRST.org probability score (0.0-1.0) and percentile of exploitation in the next 30 days.
- Exploit-DB — finds public proof-of-concept entries and records source URLs.
The CVEs in the most recent stored scan for the target are enriched in place. Passing a CVE id (e.g. CVE-2021-44228) enriches that single id without needing a prior scan.
Options:
| Option | Short | Description | Default |
|---|---|---|---|
--kev-only |
Only show vulns in the CISA KEV catalogue | False |
|
--min-epss |
Minimum EPSS score (0.0-1.0) to display | 0.0 |
|
--save/--no-save |
Save enriched results back to the database | False |
Examples:
# Enrich every CVE in the latest scan of example.com
domainraptor assess exploits example.com
# Only CVEs CISA has flagged as actively exploited
domainraptor assess exploits example.com --kev-only
# Only high-probability EPSS entries (≥0.5 = 50%)
domainraptor assess exploits example.com --min-epss 0.5
# Persist the enriched data back for reporting
domainraptor assess exploits example.com --save
# Inspect a single CVE without a stored scan
domainraptor assess exploits CVE-2021-44228Example output:
ℹ Enriching 5 CVE(s)...
Exploit enrichment for example.com
┏━━━━━━━━━━━━━━━┳━━━━━━━━━━┳━━━━━┳━━━━━━━┳━━━━━━┳━━━━━━━━━━━┓
┃ CVE ┃ Severity ┃ KEV ┃ EPSS ┃ %ile ┃ Exploit-DB┃
┡━━━━━━━━━━━━━━━╇━━━━━━━━━━╇━━━━━╇━━━━━━━╇━━━━━━╇━━━━━━━━━━━┩
│ CVE-2021-44228│ critical │ YES │ 0.975 │ 1.00 │ 3 │
│ CVE-2023-2650 │ medium │ - │ 0.054 │ 0.93 │ 0 │
│ CVE-2022-3358 │ high │ - │ 0.018 │ 0.85 │ 1 │
└───────────────┴──────────┴─────┴───────┴──────┴───────────┘
✓ KEV: 1 | EPSS: 5 (≥0.5: 1) | Exploits: 2 of 5
Risk-score impact: KEV adds +30, EPSS ≥ 0.5 adds +10, each public exploit adds +15 (capped at 30). See Risk Algorithm for the full breakdown.
Report integration: Enriched data also surfaces in HTML / Markdown / JSON reports:
-
in_cisa_kev(boolean) and a 🚨 KEV badge in HTML -
epss_scoreandepss_percentile -
has_known_exploitandexploit_refs[]with source + download URLs
← Discover Commands | Next: Report Commands →
DomainRaptor v0.2.0 | GitHub | Report Issue | MIT License