Command-line interface for the OpenHack security platform.
Project description
OpenHack CLI
openhack-cli is the command-line interface for the OpenHack
security platform. It does one thing: talk to the OpenHack app in an
authenticated way, so that humans and agents can drive the platform from a
terminal or a script. No scanning happens in the CLI itself — it's a thin,
authenticated client over the OpenHack API.
Install
pipx install openhack-cli # recommended (isolated)
# or
pip install openhack-cli
From source:
git clone <this repo> && cd openhack-cli
pip install -e .
Requires Python 3.9+.
Driving the CLI from an automated agent? See
AGENT.md— an exhaustive, copy-pasteable command + field reference covering every command group, with allowed enum values and--jsonoutput for automation.
Quick start
openhack-cli auth login # device-code login in your browser
openhack-cli orgs list # list your organizations
openhack-cli orgs use acme # pick the active org
openhack-cli projects list # list projects
openhack-cli projects use web # pick the active project
openhack-cli scans list # scans for the active project
openhack-cli vulns list # vulnerabilities across recent scans
Authentication
Login uses the same device-code flow as the OpenHack web app:
auth logincallsPOST /api/cli/authand prints a short code + URL.- Your browser opens; you sign in, choose an organization, and approve.
- The CLI polls
POST /api/cli/auth/polluntil approval, then stores the issued token.
The token is a long-lived, org-scoped API key sent as
Authorization: Bearer openhack_… on every request. It is stored at
$XDG_CONFIG_HOME/openhack/config.json (default ~/.config/openhack/config.json)
with 0600 permissions.
openhack-cli auth status # who am I / active context
openhack-cli auth token # print the raw token (scripting)
openhack-cli auth logout # remove local credentials
Commands
| Group | Command | Description |
|---|---|---|
auth |
login, logout, status/whoami, token |
Manage credentials |
orgs |
list, use <id|slug> |
List / select organizations |
projects |
list, get, use, create |
Manage projects |
scans |
list, get <scan_id>, trigger-full |
View / trigger scans |
vulns |
list, groups, report, get, edit |
View, report, and edit project vulnerabilities |
pentest |
list, get, create |
Pentesting engagements |
pentest findings |
[engagement] |
Findings in an engagement (defaults to latest) |
pentest finding |
get, create, update, delete, link, unlink |
Single finding: view / create / patch / delete / cross-reference |
config |
show, set, path |
CLI configuration |
For an exhaustive, example-driven command reference (aimed at automation and
agents), see AGENT.md.
Scripting & agents
Pass --json (global flag) to get machine-readable output from any command:
openhack-cli --json scans list
openhack-cli --json vulns list --severity critical
Configuration can be driven entirely by environment variables (handy in CI):
| Variable | Purpose |
|---|---|
OPENHACK_TOKEN |
API token (overrides stored credentials) |
OPENHACK_APP_URL |
App base URL (default https://app.openhack.com) |
OPENHACK_DEV |
Set to 1 to target the local dev server (http://localhost:9080) |
XDG_CONFIG_HOME |
Where the config file lives |
Targeting an environment
Production (https://app.openhack.com) is the default. For local dev work
(http://localhost:9080), the easiest option is to export OPENHACK_DEV once —
then every command targets localhost with no flags:
export OPENHACK_DEV=1 # add to your ~/.zshrc for permanent dev mode
openhack-cli auth login # now logs in against localhost:9080
openhack-cli scans list
Or use the --local flag per-command (shorthand for --app-url http://localhost:9080):
openhack-cli --local auth login
The app URL is resolved with this precedence (highest first):
--app-url/--localflagOPENHACK_APP_URLenv varOPENHACK_DEV=1→http://localhost:9080- saved config (last login, or
openhack-cli config set app_url <url>) - built-in default
https://app.openhack.com
Exit codes: 0 success, 1 API/usage error, 2 auth error, 130 interrupted.
Configuration
openhack-cli config show
openhack-cli config set app_url https://your-openhack-host
openhack-cli config path
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file openhack_cli-0.1.0.tar.gz.
File metadata
- Download URL: openhack_cli-0.1.0.tar.gz
- Upload date:
- Size: 25.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9d4b5eadb5ffb9cb7d81d7694bed31bf2ab34bb735cb2a436d2e83879be2e414
|
|
| MD5 |
7f03c679607781cd53d0de13b89b25c4
|
|
| BLAKE2b-256 |
7b9285578ccb84176caee4babde720d5c08dcaae3f382cec5c3d431a65ba3d42
|
File details
Details for the file openhack_cli-0.1.0-py3-none-any.whl.
File metadata
- Download URL: openhack_cli-0.1.0-py3-none-any.whl
- Upload date:
- Size: 30.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2ba39b2d80c270bf57694e6a530f19e347856dd08241760345687bfc3f413f25
|
|
| MD5 |
76aac5c20ef4dc623627f2b75f22e8d5
|
|
| BLAKE2b-256 |
6a221c127fde100b671d61ae62d2524285d5b525e48d919c86c0eadd9a8abc22
|