Documentation Index Fetch the complete documentation index at: https://mintlify.com/Armur-Ai/Pentest-Swarm-AI/llms.txt
Use this file to discover all available pages before exploring further.
pentestswarm scope helps you manage the in-scope asset list for bug-bounty programs. The import subcommand pulls the current scope directly from a bug-bounty platform’s API and writes it to a local YAML file. The diff subcommand compares two scope files and reports added or removed domains and CIDRs — a key building block for continuous attack surface management (ASM) workflows where you re-import scope daily and scan only the net-new assets.Synopsis pentestswarm scope < subcomman d > [args] [flags]
Subcommands Pull the in-scope asset list for a bug-bounty program and write it to a YAML file.
Supported platforms: Platform Alias Auth env vars HackerOne h1 or hackeroneHACKERONE_API_USER, HACKERONE_API_TOKENBugcrowd bugcrowdBUGCROWD_API_TOKENIntigriti intigritiINTIGRITI_API_TOKEN
Auth token resolution order:
Environment variable (CI-friendly)
OS keychain entry (set by pentestswarm init or pentestswarm scope login)
--out
string
default: "scope.yaml"
Output file path for the imported scope definition.
pentestswarm scope import h1 shopify pentestswarm scope import bugcrowd tesla --out /tmp/tesla.yaml pentestswarm scope import intigriti acme-corp
Example output: [scope] importing h1/shopify ... [ok] wrote 47 domains + 3 CIDRs to scope.yaml Next: pentestswarm scan myshopify.com --scope scope.yaml --swarm
Example scope.yaml output structure: allowed_domains : - "*.myshopify.com" - "shopify.com" - "help.shopify.com" - "partners.shopify.com" allowed_cidrs : - "23.227.38.0/24" excluded_domains : - "status.shopify.com" excluded_cidrs : []
scope diff <prev.yaml> <current.yaml>Compare two scope YAML files and report the set-difference — which domains and CIDRs were added or removed between the two snapshots.
Emit the diff as machine-readable JSON/YAML instead of human-readable text. Useful for feeding into downstream automation.
Exit codes: Code Meaning 0Scope files are identical — no changes. 1Changes found — assets were added or removed.
The non-zero exit code on changes makes scope diff composable in shell pipelines and CI jobs:
pentestswarm scope import h1 shopify --out today.yaml pentestswarm scope diff yesterday.yaml today.yaml && echo "No new assets"
pentestswarm scope diff yesterday.yaml today.yaml --json
Human-readable output (changes found): + api.newfeature.shopify.com + staging.shopify.com - legacy.shopify.com - dev.shopify.com 45 unchanged, 2 added, 2 removed
No-changes output: ASM pipeline pattern Use scope diff to build a continuous ASM loop that only scans net-new assets:
#!/bin/bash # Daily ASM scan — only new assets DATE = $( date +%Y%m%d ) PREV = "scope-$( date -d yesterday +%Y%m%d).yaml" TODAY = "scope-${ DATE }.yaml" pentestswarm scope import h1 shopify --out " $TODAY " if ! pentestswarm scope diff " $PREV " " $TODAY " > /dev/null 2>&1 ; then echo "New assets detected — launching targeted scan" pentestswarm scope diff " $PREV " " $TODAY " --json | \ jq -r '.added_domains[]' | \ while read domain ; do pentestswarm scan " $domain " --scope " $TODAY " --mode asm --quiet & done fi
Examples # Import HackerOne scope for Shopify pentestswarm scope import h1 shopify # Import Bugcrowd scope to a custom path pentestswarm scope import bugcrowd tesla --out /tmp/tesla-scope.yaml # Import Intigriti scope pentestswarm scope import intigriti acme-corp # Diff two scope snapshots (human-readable) pentestswarm scope diff yesterday.yaml today.yaml # Diff with JSON output for scripting pentestswarm scope diff yesterday.yaml today.yaml --json # Pipe diff into a scan — CI-friendly (exit 1 when scope changed) pentestswarm scope diff prev.yaml curr.yaml || pentestswarm scan example.com --scope curr.yaml
scan Feed an imported scope.yaml into the AI swarm with --scope
playbook Use scope files with the bug-bounty playbook for structured runs
init Store platform API tokens in the OS keychain with pentestswarm init
campaign Monitor campaigns launched from scoped asset lists
