-
Notifications
You must be signed in to change notification settings - Fork 6
CLI Reference
Peter Mueller edited this page Apr 3, 2026
·
2 revisions
Complete command reference for the Vespasian CLI.
Convenience command that crawls a target and generates a specification in one step.
vespasian scan <url> [flags]
| Flag | Description | Default |
|---|---|---|
--api-type |
API type: auto, rest, graphql, wsdl
|
auto |
-H, --header |
Auth headers to inject (repeatable) | |
-o, --output |
Output spec file | stdout |
--depth |
Max crawl depth | 3 |
--max-pages |
Max pages to visit | 100 |
--timeout |
Maximum duration for the entire scan | 10m |
--scope |
same-origin or same-domain
|
same-origin |
--headless |
Browser mode | true |
--proxy |
Proxy URL for headless browser (e.g., http://127.0.0.1:8080) |
|
--confidence |
Min classification confidence | 0.5 |
--probe |
Enable active probing | true |
--deduplicate |
Deduplicate endpoints before probing | true |
--dangerous-allow-private |
Disable SSRF protection for private targets | false |
--no-request-id |
Disable auto X-Vespasian-Request-Id header | false |
-v, --verbose |
Show requests in real-time | false |
vespasian scan https://app.example.com -o api.yaml
vespasian scan https://app.example.com -H "Authorization: Bearer <token>" -o api.yaml
vespasian scan https://app.example.com --api-type graphql -o schema.graphql
vespasian scan https://app.example.com --proxy http://127.0.0.1:8080 -o api.yamlCaptures HTTP traffic by driving a headless browser through the target application.
vespasian crawl <url> [flags]
| Flag | Description | Default |
|---|---|---|
-H, --header |
Auth headers to inject (repeatable) | |
-o, --output |
Capture output file | stdout |
--depth |
Max crawl depth | 3 |
--max-pages |
Max pages to visit | 100 |
--timeout |
Maximum duration for the entire crawl | 10m |
--scope |
same-origin or same-domain
|
same-origin |
--headless |
Browser mode | true |
--proxy |
Proxy URL for headless browser | |
--no-request-id |
Disable auto X-Vespasian-Request-Id header | false |
-v, --verbose |
Show requests in real-time | false |
vespasian crawl https://app.example.com -o capture.json
vespasian crawl https://app.example.com -H "Cookie: session=abc" -o capture.jsonConverts traffic captures from external tools into the Vespasian capture format.
vespasian import <format> <file> [flags]
Supported formats: burp, har, mitmproxy
| Flag | Description | Default |
|---|---|---|
-o, --output |
Capture output file | stdout |
-v, --verbose |
Show imported requests | false |
vespasian import burp traffic.xml -o capture.json
vespasian import har recording.har -o capture.json
vespasian import mitmproxy flows -o capture.jsonProduces an API specification from a capture file.
vespasian generate <api-type> <capture-file> [flags]
API types: rest, graphql, wsdl
| Flag | Description | Default |
|---|---|---|
-o, --output |
Output file | stdout |
--confidence |
Min classification confidence | 0.5 |
--probe |
Enable active probing | true |
--deduplicate |
Deduplicate endpoints before probing | true |
--dangerous-allow-private |
Disable SSRF protection for private targets | false |
-v, --verbose |
Show discovered endpoints | false |
vespasian generate rest capture.json -o api.yaml
vespasian generate graphql capture.json -o schema.graphql
vespasian generate wsdl capture.json -o service.wsdl| Flag | Description |
|---|---|
--no-banner |
Suppress the startup banner |
-v, --verbose |
Verbose output |
Vespasian is built by Praetorian. Learn more about the Praetorian Guard attack surface management platform. Licensed under Apache 2.0.