# Jsmon CLI

## Jsmon CLI: Command Line Interface

The Jsmon Command Line Interface (`jsmon-cli`) is a fast and convenient tool designed to act as an API client for the Jsmon web application. It allows security researchers, penetration testers, and enterprises to upload targets, manage domains, view scan results, and query intelligence data directly from the terminal, enabling powerful automation and integration into existing security pipelines.

{% embed url="<https://github.com/rashahacks/jsmon-cli>" %}

### 1. Installation

The `jsmon-cli` tool is written in **Go** (Golang), which simplifies installation across different operating systems (Linux, macOS, Windows).

#### Prerequisites

You must have **Go (Golang)** installed on your system. If you do not have Go, download and install it from [golang.org](https://golang.org/).

#### Installation Command

You can install the CLI tool directly using the `go install` command:

```
go install https://github.com/jsmonhq/jsmon-cli@latest

```

Once installed, the binary will typically be available in your Go path (`$GOPATH/bin`), and you can run it using the command `jsmon-cli`.

#### Building from Source (Alternative)

For more control, you can clone the repository and build the binary yourself:

```
git clone https://github.com/jsmonhq/jsmon-cli
cd jsmon-cli
go mod download # Download dependencies
go build -o jsmon-cli # Build the binary

```

### 2. Authentication (API Key)

The Jsmon CLI requires an API key to authenticate and interact with your account and workspaces. You can find your API key by logging into the Jsmon web app and navigating to **Settings> JSMON API** > **API Keys**.

<figure><img src="/files/mBI5EfYs8psvWl1hPMy5" alt=""><figcaption></figcaption></figure>

You have two methods for providing the API key:

#### Method 1: Using the Configuration File (Recommended)

Store your API key securely in the CLI's credentials file:

1. Create the directory and file: `~/.jsmon/credentials`
2. Paste your API key as the **first line** of this file. Do not include any headers, dashes, or quotes.

```
# Example content of ~/.jsmon/credentials
YOUR_JSMON_API_KEY_HERE

```

#### Method 2: Using the `-key` Flag

You can pass the API key directly with the `-key` flag in every command.

```
jsmon-cli -u https://example.com/main.js -key <YOUR_API_KEY>

```

***Note:*** *The `--wksp` flag is **required** for all scanning and querying operations to specify the Workspace ID where the data should be stored or retrieved from.*

### 3. Core Usage and Commands

Below are the most common commands and use cases for the `jsmon-cli`.

#### Scanning Inputs

You can initiate scans using a single URL, a file containing multiple URLs, or an entire domain.

| **Command**           | **Description**                                                            | **Example**                                           |
| --------------------- | -------------------------------------------------------------------------- | ----------------------------------------------------- |
| **Scan a JS URL**     | Uploads and scans a single JavaScript file.                                | `jsmon-cli -u https://example.com/main.js -wksp <ID>` |
| **Scan a Domain**     | Recursively extracts JS URLs of a domain and scans them.                   | `jsmon-cli -d beta.example.com -wksp <ID>`            |
| **Upload File**       | Uploads a local file containing a list of JS URLs for batch scanning.      | `jsmon-cli -f /path/to/jsurls.txt -wksp <ID>`         |
| **Rescan by File ID** | Rescans a previously uploaded file using its file ID for change detection. | `jsmon-cli -fid <FILE_ID> -wksp <ID>`                 |

#### Data Retrieval and Querying

Use the `-query` flag to search and extract specific security intelligence fields from your scans.

| **Command**       | **Field**             | **Description**                                      | **Example**                                                       |
| ----------------- | --------------------- | ---------------------------------------------------- | ----------------------------------------------------------------- |
| **Get API Paths** | `field=apiPaths`      | Lists all discovered API endpoints.                  | `jsmon-cli -query "field=apiPaths domain=example.com" -wksp <ID>` |
| **Get Emails**    | `field=emails`        | Lists all exposed email addresses (PII data).        | `jsmon-cli -query "field=emails" -wksp <ID>`                      |
| **Get URLs**      | `field=extractedUrls` | Lists all URLs discovered within the JS files.       | `jsmon-cli -query "field=extractedUrls page=2" -wksp <ID>`        |
| **Get Secrets**   | `-secrets`            | View Keys and Secrets data for a specific domain.    | `jsmon-cli -secrets -jsi <DOMAIN_NAME> -wksp <ID>`                |
| **Get Full JSI**  | `-jsi`                | View all JS Intelligence data for a specific domain. | `jsmon-cli -jsi <DOMAIN_NAME> -wksp <ID>`                         |

#### Management and Utility

| **Command**        | **Description**                                              | **Example**                                 |
| ------------------ | ------------------------------------------------------------ | ------------------------------------------- |
| **View Profile**   | Shows your user profile details and current usage limits.    | `jsmon-cli -profile`                        |
| **List Domains**   | Lists all domains currently registered in your account.      | `jsmon-cli -domains`                        |
| **List Files**     | Lists all uploaded files (containing JS URLs) and their IDs. | `jsmon-cli -files`                          |
| **View URLs List** | Lists all JS URLs processed in your account.                 | `jsmon-cli -urls -us 50`                    |
| **Custom Headers** | Adds custom HTTP headers (e.g., cookies) during the scan.    | `jsmon-cli -u URL -H "Cookie: session=xyz"` |

### 4. Advanced Query Guide

The `-query` flag supports advanced filtering:

* **Filter by Domain:** `domain=example.com`
* **Include Subdomains:** `sub=true`
* **Pagination:** `page=3` (to retrieve the 3rd page of results)

For a complete guide on constructing complex queries, please refer to the dedicated **Query Data** documentation.

<a href="https://cal.com/jsmon/30min" class="button primary" data-icon="calendar-days">Want to learn more? Schedule a meeting with Jsmon Team!</a>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://knowledge.jsmon.sh/documentation/command-line-interface-cli/jsmon-cli.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.