Scanning a target
Basic scan
cyweb scan https://target.com
This runs all 4,527 rules against the target, prints findings to stdout, and exits with code 1 if any vulnerabilities are found.
Spider mode
Crawl the target first, then scan every discovered path:
cyweb scan https://target.com --spider --spider-depth 3
Authenticated scanning
Bearer token
cyweb scan https://target.com --auth-bearer "YOUR_TOKEN_HERE"
Cookie
cyweb scan https://target.com --auth-cookie "session=abc123"
HTTP Basic
cyweb scan https://target.com --auth-basic "user:pass"
Scan from a file
Provide a list of URLs, one per line:
cyweb scan -f targets.txt
Output formats
# JSON (machine-readable)
cyweb scan https://target.com --output results.json
# SARIF (GitHub Code Scanning / IDE integration)
cyweb scan https://target.com --output results.sarif
The format is auto-detected from the file extension (.json or .sarif).
Performance tuning
cyweb scan https://target.com \
--threads 20 \
--timeout 10 \
--max-paths 5000 \
--follow-redirects
| Flag | Default | Description |
|---|---|---|
--threads | 10 | Concurrent request threads |
--timeout | 5 | Per-request timeout in seconds |
--max-paths | 10000 | Maximum paths to test |
--follow-redirects | false | Follow HTTP 3xx redirects |
--user-agent | cyweb/0.7.0 | Custom User-Agent header |