CLI Reference

OpenSploit provides both an interactive TUI and command-line options for automation and scripting.

Overview

When run without arguments, OpenSploit launches the TUI. For non-interactive use, pass commands directly.

opensploit              # Start TUI
opensploit run "..."    # Run non-interactive
opensploit serve        # Start API server

Core Commands

tui

Start the terminal user interface.

opensploit tui [directory]

| Flag | Description | |------|-------------| | --continue, -c | Resume last session | | --session, -s | Resume specific session | | --prompt | Start with initial prompt | | --model, -m | Use specific model | | --agent | Use specific agent | | --port | Backend server port | | --hostname | Backend server hostname |

run

Run OpenSploit non-interactively with a prompt.

opensploit run "<prompt>"
opensploit run --file targets.txt "Scan all targets"

| Flag | Description | |------|-------------| | --command | Execute as shell command | | --continue, -c | Continue last session | | --session, -s | Continue specific session | | --share | Share session when complete | | --model, -m | Use specific model | | --agent | Use specific agent | | --file, -f | Include file content | | --format | Output format (text, json) | | --title | Session title | | --attach | Attach to running server | | --port | Server port |

Tip

Use --format json for machine-parseable output in CI/CD pipelines.

serve

Start a headless HTTP server for API access.

opensploit serve

| Flag | Description | |------|-------------| | --port | Server port (default: 9321) | | --hostname | Server hostname | | --mdns | Enable mDNS discovery | | --cors | CORS allowed origins |

web

Start headless server with web interface.

opensploit web

| Flag | Description | |------|-------------| | --port | Server port | | --hostname | Server hostname | | --mdns | Enable mDNS discovery | | --cors | CORS allowed origins |

attach

Connect TUI to a running backend server.

opensploit attach

| Flag | Description | |------|-------------| | --dir | Working directory | | --session, -s | Session to resume |

Agent Commands

agent create

Create a new agent with custom configuration.

opensploit agent create

agent list

Display all available agents.

opensploit agent list

Authentication

auth login

Configure API keys for providers.

opensploit auth login

auth list

Show authenticated providers.

opensploit auth list
opensploit auth ls

auth logout

Clear provider credentials.

opensploit auth logout [provider]

Model Commands

models

List available models.

opensploit models
opensploit models anthropic

| Flag | Description | |------|-------------| | --refresh | Refresh model list | | --verbose | Show detailed info |

Session Commands

session list

Display all sessions.

opensploit session list

| Flag | Description | |------|-------------| | --max-count, -n | Limit results | | --format | Output format |

export

Export session as JSON.

opensploit export <sessionID>

import

Import session from file or share URL.

opensploit import <file>
opensploit import https://opensploit.ai/share/abc123

MCP Commands

mcp add

Add an MCP server.

opensploit mcp add <name> <command>

mcp list

List configured MCP servers.

opensploit mcp list

mcp auth

Authenticate with MCP server.

opensploit mcp auth <name>

mcp logout

Remove MCP server authentication.

opensploit mcp logout <name>

mcp debug

Debug MCP server connection.

opensploit mcp debug <name>

Statistics

stats

Show token usage and costs.

opensploit stats

| Flag | Description | |------|-------------| | --days | Time period (default: 30) | | --tools | Show tool usage | | --models | Show model breakdown | | --project | Filter by project |

System Commands

upgrade

Update to latest or specific version.

opensploit upgrade
opensploit upgrade 1.2.3

| Flag | Description | |------|-------------| | --method, -m | Update method |

uninstall

Remove OpenSploit.

opensploit uninstall

| Flag | Description | |------|-------------| | --keep-config, -c | Keep config files | | --keep-data, -d | Keep data files | | --dry-run | Preview removal | | --force, -f | Skip confirmation |

Warning

Uninstall removes all OpenSploit files. Use --keep-data to preserve session history.

Global Flags

These flags work with any command.

| Flag | Description | |------|-------------| | --help, -h | Show help | | --version, -v | Show version | | --print-logs | Print debug logs | | --log-level | Set log verbosity |

Environment Variables

| Variable | Description | |----------|-------------| | OPENSPLOIT_CONFIG | Config file path | | OPENSPLOIT_CONFIG_CONTENT | Inline config JSON | | OPENSPLOIT_DISABLE_AUTOUPDATE | Disable update checks | | OPENSPLOIT_ENABLE_EXPERIMENTAL | Enable experimental features |

Provider API Keys:

| Variable | Provider | |----------|----------| | ANTHROPIC_API_KEY | Anthropic | | OPENAI_API_KEY | OpenAI | | GOOGLE_API_KEY | Google | | GROQ_API_KEY | Groq | | TOGETHER_API_KEY | Together AI | | MISTRAL_API_KEY | Mistral |

Examples

Non-interactive scan

opensploit run "Scan 10.10.10.1 for open ports and services"

Resume and continue

opensploit --continue

CI/CD integration

opensploit run \
  --format json \
  --model anthropic/claude-sonnet-4-5 \
  "Security audit of the codebase" \
  > audit.json

Start API server

opensploit serve --port 8080 --cors "http://localhost:3000"

Export session

opensploit export abc123 > session.json