Clean, modular CLI for Hack The Box Labs API
Project description
HTB CLI
A clean, modular command-line interface for the Hack The Box Labs API.
Features
- Machines: List, spawn (by name!), stop, reset, submit flags, todo list, writeups
- Challenges: Browse, start docker containers, download files, submit flags
- Sherlocks: DFIR investigation challenges with multi-task support
- VPN: Manage VPN connections and download configs
- Seasons: Arena/competitive season support
- Search: Global search across machines, challenges, and users
Installation
pipx install htb-terminal
To enable OS keyring storage:
pipx install "htb-terminal[auth]"
If a keyring backend isn’t available on your system, the CLI automatically falls back to the
config file token at ~/.config/htb-cli/token.
Check if keyring is installed:
python -c "import keyring; print(keyring.__version__)"
If you already installed htb-terminal without extras:
pipx inject htb-terminal keyring
Setup
Get your API token from HTB App Token Settings.
# Recommended: store token securely (keyring if available)
htb auth set
# Option 2: Environment variable (overrides stored token)
export HTB_TOKEN='your-token-here' # add to ~/.bashrc to persist
If keyring is unavailable, the token is stored in ~/.config/htb-cli/token with mode 0600.
Usage
# Quick status
htb status
htb whoami
htb search "linux"
# Auth
htb auth set
htb auth show
htb auth status
htb auth unset
# Machines (supports name or ID!)
htb machine list
htb machine list --retired
htb machine list --difficulty easy
htb machine list --sort name
htb machine list --search "gavel"
htb machine info Gavel
htb machine info 811
htb machine spawn Gavel # By name
htb machine spawn 811 # By ID
htb machine active
htb machine achievement Gavel # Shareable achievement URL
htb machine achievement # Uses active machine
htb machine stop
htb machine reset
htb machine own 'flag'
htb machine unreleased
htb machine todo # Your todo list
htb machine add-todo Gavel # Toggle todo (add/remove)
htb machine writeup Gavel # Official writeup (VIP)
# Challenges
htb challenge list
htb challenge list --category web
htb challenge list --difficulty easy
htb challenge list --category forensics --difficulty easy --unsolved
htb challenge list --retired
htb challenge categories
htb challenge info "Reminiscent"
htb challenge active # Show running docker instance
htb challenge start "Reminiscent"
htb challenge stop "Reminiscent"
htb challenge download "Reminiscent"
htb challenge download "Reminiscent" -o ./downloads/
htb challenge own 'HTB{flag}' --challenge "Reminiscent"
# Sherlocks
htb sherlock list
htb sherlock info "Meerkat"
htb sherlock tasks "Meerkat" # List questions
htb sherlock download "Meerkat"
htb sherlock download "Meerkat" -o ./downloads/
htb sherlock own "Meerkat" "answer" --task 1
# VPN
htb vpn status
htb vpn status labs
htb vpn status competitive
htb vpn connections
htb vpn servers # Defaults to labs
htb vpn servers --product competitive
htb vpn servers --product starting_point
htb vpn switch 123
htb vpn download 123 # TCP by default
htb vpn download 123 --udp # UDP variant
htb vpn download 123 -o ./downloads/
# Seasons/Arena
htb season list
htb season machines
htb season active
htb season rank # Current season
htb season rank 9 # Specific season
htb season leaderboard --limit 20
htb season leaderboard 9 --limit 10
htb season own 'flag'
JSON Output
All commands support --raw / -r flag for JSON output:
# Get machine IP
htb machine active -r | jq '.info.ip'
# List machine names
htb machine list -r | jq '.data[].name'
# Script example
IP=$(htb machine active -r | jq -r '.info.ip')
nmap -sV $IP
API Reference
Full API docs: https://gubarz.github.io/unofficial-htb-api/
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file htb_terminal-1.1.2.tar.gz.
File metadata
- Download URL: htb_terminal-1.1.2.tar.gz
- Upload date:
- Size: 20.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0b48849130404b1268b17f3e1e5ea95081e3d03aaefc08e4cec0f961f6f2980c
|
|
| MD5 |
5de954a8e7ebee340beb2f0f1850957d
|
|
| BLAKE2b-256 |
4c638b559eccd84745492c36e07e46d6eb29b7525055fc2531c730531b166ba0
|
Provenance
The following attestation bundles were made for htb_terminal-1.1.2.tar.gz:
Publisher:
publish.yml on Shadow21AR/htb-cli
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
htb_terminal-1.1.2.tar.gz -
Subject digest:
0b48849130404b1268b17f3e1e5ea95081e3d03aaefc08e4cec0f961f6f2980c - Sigstore transparency entry: 928313939
- Sigstore integration time:
-
Permalink:
Shadow21AR/htb-cli@3113f1e7f666e6db9b77425fc0646de344d63df4 -
Branch / Tag:
refs/tags/v1.1.2 - Owner: https://github.com/Shadow21AR
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@3113f1e7f666e6db9b77425fc0646de344d63df4 -
Trigger Event:
push
-
Statement type:
File details
Details for the file htb_terminal-1.1.2-py3-none-any.whl.
File metadata
- Download URL: htb_terminal-1.1.2-py3-none-any.whl
- Upload date:
- Size: 25.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
13bffed7c574d9692e3a7284fe81ac87ebf9fbea3c4d51ca672dc7d85cd38c5a
|
|
| MD5 |
7850b90264afc7e51122d49269f829d8
|
|
| BLAKE2b-256 |
83559311cf9c9f696f9194d9a2793fced8b686d2047213ff4a96aa8862caae83
|
Provenance
The following attestation bundles were made for htb_terminal-1.1.2-py3-none-any.whl:
Publisher:
publish.yml on Shadow21AR/htb-cli
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
htb_terminal-1.1.2-py3-none-any.whl -
Subject digest:
13bffed7c574d9692e3a7284fe81ac87ebf9fbea3c4d51ca672dc7d85cd38c5a - Sigstore transparency entry: 928313941
- Sigstore integration time:
-
Permalink:
Shadow21AR/htb-cli@3113f1e7f666e6db9b77425fc0646de344d63df4 -
Branch / Tag:
refs/tags/v1.1.2 - Owner: https://github.com/Shadow21AR
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@3113f1e7f666e6db9b77425fc0646de344d63df4 -
Trigger Event:
push
-
Statement type: