Command Line Interface¶
The Escape CLI provides a set of commands to interact with the Escape platform.
The CLI requires an API key to authenticate with the Escape platform. Set it as an environment variable:
Command Overview¶
The Escape CLI provides the following commands:
COMMAND DESCRIPTION
profiles Interact with profiles
create-graphql Create a GRAPHQL profile
create-rest Create a REST profile
create-webapp Create a WEBAPP profile
get Get a profile
list List profiles
assets Interact with assets or integrations
create Create an asset
delete Delete an asset
get Get an asset
list List assets
update Update an asset
audit Interact with audits
list List audit logs
events Interact with events
get Get an event
list List events
issues Interact with issues
get Get an issue
list List issues
list-activities List the activities of an issue
update Update an issue
locations Interact with locations
delete Delete a location
get Get a location
list List locations
start Start a location
scans View scans results
cancel Cancel a scan
get Get scan status
ignore Ignore a scan
issues List scan issues
list List scans
start Start a scan
watch Watch a scan
tags Interact with tags
create Create a tag
list List tags
version Prints the version of the CLI
Profiles¶
Interact with your Escape profiles.
List Profiles¶
List all your Escape profiles.
Aliases: list, ls
Optional Filters:
--allShow profiles for all asset types (including ASM profiles)-d, --domain stringsdomain (e.g.example.com)-n, --initiator stringsinitiator (e.g.SCHEDULED)-k, --kind stringskind (e.g.BLST_REST)-r, --risk stringsrisk (e.g.SENSITIVE_DATA)-s, --search stringsearch (e.g.Example Profile 2)-a, --asset-id stringsasset ID (e.g.00000000-0000-0000-0000-000000000000)-i, --issue-id stringsissue ID (e.g.00000000-0000-0000-0000-000000000000)-t, --tag-id stringstag ID (e.g.00000000-0000-0000-0000-000000000000)
API Reference: GET /profiles
Example Output:
ID CREATED AT ASSET TYPE INITIATORS NAME
00000000-0000-0000-0000-000000000000 2025-08-14T11:54:56.653Z WEBAPP [SCHEDULED] Example Profile
Get Profile¶
Get details about a profile.
Aliases: get, describe Arguments: profile-id (ID of the profile)
API Reference: GET /profiles/{id}
Example Output:
ID CREATED AT CRON RISKS NAME
00000000-0000-0000-0000-000000000000 2025-04-22T14:44:19.805Z 0 9 * * 6 [SENSITIVE_DATA] Example Profile
Create REST DAST Profile¶
Create a REST DAST profile.
or
Arguments:
profile-conf.json(path to the profile configuration file)
API Reference: POST /profiles/rest
Create GRAPHQL Profile¶
Create a GRAPHQL profile.
or
Arguments:
profile-conf.json(path to the profile configuration file)
API Reference: POST /profiles/graphql
Create WEBAPP Profile¶
Create a WEBAPP profile.
Arguments:
profile-conf.json(path to the profile configuration file)
API Reference: POST /profiles/webapp
Manage Assets (Integrations)¶
Interact with your Escape assets.
List Assets¶
List all assets.
Aliases: list, ls
Optional Filters:
-m, --manually-createdFilter by manually created assets-s, --search stringSearch term to filter assets by--statuses stringsFilter by asset statuses: [DEPRECATED FALSE_POSITIVE MONITORED OUT_OF_SCOPE]-t, --types stringsFilter by asset types: [FRONTEND_ANGULAR FRONTEND_JAVASCRIPT FRONTEND_JQUERY FRONTEND_REACT FRONTEND_SVELTE FRONTEND_VUE GRAPHQL_APOLLO GRAPHQL_GRAPHQLYOGA REST_ASP_NET REST_DJANGO REST_EXPRESS_JS REST_FLASK REST_GIN REST_HONO REST_LARAVEL REST_NESTJS REST_NEXTJS REST_NUXTJS REST_RUBY_ON_RAILS REST_SPRING_BOOT REST_SYMFONY UNKNOWN]
API Reference: GET /assets
Example Output:
ID CREATED AT TYPE STATUS LAST SEEN RISKS NAME
00000000-0000-0000-0000-000000000001 2025-06-17T14:28:11.024Z REST DEPRECATED 2025-06-17T14:28:11.024Z [EXPOSED] https://example.com/api
Get Asset¶
Get detailed information about a specific asset.
Aliases: get, g Arguments: asset-id
API Reference: GET /assets/{id}
Example Output:
ID CREATED AT TYPE STATUS LAST SEEN RISKS NAME
00000000-0000-0000-0000-000000000001 2025-06-17T14:28:11.024Z REST DEPRECATED 2025-06-17T14:28:11.024Z [EXPOSED] https://example.com/api
Create Asset¶
Get detailed information about a specific asset.
or
Arguments:
asset-conf.json(path to the asset configuration file)
API Reference: POST /assets
Update Asset¶
Update an existing asset.
Aliases: update, u
Arguments:
asset-id(ID of the asset to update)
Optional Flags:
-d, --description stringdescription of the asset-f, --framework stringframework of the asset: [FRONTEND_ANGULAR FRONTEND_JAVASCRIPT FRONTEND_JQUERY FRONTEND_REACT FRONTEND_SVELTE FRONTEND_VUE GRAPHQL_APOLLO GRAPHQL_GRAPHQLYOGA REST_ASP_NET REST_DJANGO REST_EXPRESS_JS REST_FLASK REST_GIN REST_HONO REST_LARAVEL REST_NESTJS REST_NEXTJS REST_NUXTJS REST_RUBY_ON_RAILS REST_SPRING_BOOT REST_SYMFONY UNKNOWN]--owners stringslist of asset owners (email)-s, --status stringstatus of the asset: [DEPRECATED FALSE_POSITIVE MONITORED OUT_OF_SCOPE]-t, --tag-ids stringslist of tag IDs
API Reference: PUT /assets/{id}
Delete Asset¶
Delete an existing asset.
Arguments: asset-id (ID of the asset to delete)
Aliases: delete, d
API Reference: DELETE /assets/{id}
Manage Locations¶
Interact with your Escape locations.
List Locations¶
List all locations.
Aliases: list, ls
Optional Filters:
-e, --enabledFilter by enabled locations-s, --search stringSearch term to filter locations by-t, --type stringsFilter by location type (private, escape, repeater)
API Reference: GET /locations
Example Output:
Start Location¶
Start a location by its name.
Aliases: start
Arguments: location-name (name of the location to start)
Info
[The command will continue running until interrupted with Ctrl+C]
Delete Location¶
Delete a location by its ID.
Aliases: delete, del, remove\ Arguments: location-id (ID of the location to delete)
API Reference: DELETE /locations/{id}
Manage Scans¶
Interact with your Escape scans.
List Scans¶
List all scans of an application.
Aliases: ls, sc, scan\ Arguments: application-id (ID of the application)
Example Output:
ID STATUS CREATED AT PROGRESS
00000000-0000-0000-0000-000000000001 FINISHED 2025-02-05 08:34:47.541 +0000 UTC 0.000000
00000000-0000-0000-0000-000000000002 FINISHED 2025-02-02 08:27:23.919 +0000 UTC 0.000000
00000000-0000-0000-0000-000000000003 FINISHED 2025-01-31 18:35:48.477 +0000 UTC 0.000000
00000000-0000-0000-0000-000000000004 FINISHED 2025-01-30 08:25:49.656 +0000 UTC 0.000000
Start Scan¶
Start a new scan of an application.
Arguments: application-id (ID of the application to scan)
Options:
--watch,-w: Watch for scan events and follow progress--commit-hash: Commit hash--commit-link: Commit link--commit-branch: Commit branch--commit-author: Commit author--profile-picture: Commit author profile picture link--override,-c: Configuration override (JSON)
Example:
escape-cli scans start 00000000-0000-0000-0000-000000000000
escape-cli scans start 00000000-0000-0000-0000-000000000000 --commit-hash 1234567890
escape-cli scans start 00000000-0000-0000-0000-000000000000 --override '{"scan": {"read_only": true}}'
Watch Scan¶
Bind the current terminal to a scan, listen for events and print them to the terminal.
Arguments: scan-id (ID of the scan to watch)
Get Scan¶
Get detailed information about a specific scan.
Aliases: describe\ Arguments: scan-id (ID of the scan)
Example Output:
ID STATUS CREATED AT PROGRESS
00000000-0000-0000-0000-000000000001 FINISHED 2024-11-27 08:06:59.576 +0000 UTC 1.000000
Get Scan Issues¶
List all issues of a scan.
Aliases: results, res, result, iss\ Arguments: scan-id (ID of the scan)
Example Output:
ID SEVERITY TYPE CATEGORY NAME IGNORED URL
00000000-0000-0000-0000-000000000001 MEDIUM API PROTOCOL Insecure Security Policy header false https://app.escape.tech/scan/00000000-0000-0000-0000-000000000005/issues/00000000-0000-0000-0000-000000000001/overview/
00000000-0000-0000-0000-000000000002 LOW API INFORMATION_DISCLOSURE Debug mode enabled false https://app.escape.tech/scan/00000000-0000-0000-0000-000000000005/issues/00000000-0000-0000-0000-000000000002/overview/