Jsmon CLI

Jsmon CLI: Command Line Interface

The Jsmon Command Line Interface (jsmon-cli) is a fast and convenient tool designed to act as an API client for the Jsmon web application. It allows security researchers, penetration testers, and enterprises to upload targets, manage domains, view scan results, and query intelligence data directly from the terminal, enabling powerful automation and integration into existing security pipelines.

GitHub - rashahacks/jsmon-cliGitHub

1. Installation

The jsmon-cli tool is written in Go (Golang), which simplifies installation across different operating systems (Linux, macOS, Windows).

Prerequisites

You must have Go (Golang) installed on your system. If you do not have Go, download and install it from golang.org.

Installation Command

You can install the CLI tool directly using the go install command:

go install https://github.com/rashahacks/jsmon-cli@latest

Once installed, the binary will typically be available in your Go path ($GOPATH/bin), and you can run it using the command jsmon-cli.

Building from Source (Alternative)

For more control, you can clone the repository and build the binary yourself:

git clone https://github.com/rashahacks/jsmon-cli
cd jsmon-cli
go mod download # Download dependencies
go build -o jsmon-cli # Build the binary

2. Authentication (API Key)

The Jsmon CLI requires an API key to authenticate and interact with your account and workspaces. You can find your API key by logging into the Jsmon web app and navigating to Settings> JSMON API > API Keys.

You have two methods for providing the API key:

Method 1: Using the Configuration File (Recommended)

Store your API key securely in the CLI's credentials file:

1. Create the directory and file: ~/.jsmon/credentials

2. Paste your API key as the first line of this file. Do not include any headers, dashes, or quotes.

# Example content of ~/.jsmon/credentials
YOUR_JSMON_API_KEY_HERE

Method 2: Using the -key Flag

You can pass the API key directly with the -key flag in every command.

jsmon-cli -u https://example.com/main.js -key <YOUR_API_KEY>

Note: The --wksp flag is required for all scanning and querying operations to specify the Workspace ID where the data should be stored or retrieved from.

3. Core Usage and Commands

Below are the most common commands and use cases for the jsmon-cli.

Scanning Inputs

You can initiate scans using a single URL, a file containing multiple URLs, or an entire domain.

Data Retrieval and Querying

Use the -query flag to search and extract specific security intelligence fields from your scans.

Management and Utility

4. Advanced Query Guide

The -query flag supports advanced filtering:

• Filter by Domain: domain=example.com

• Include Subdomains: sub=true

• Pagination: page=3 (to retrieve the 3rd page of results)

For a complete guide on constructing complex queries, please refer to the dedicated Query Data documentation.

Want to learn more? Schedule a meeting with Jsmon Team!