https://github.com/saferwall/cli
saferwall-cli :wrench: helps you scan, re-scan and download samples using the Saferwall API.
https://github.com/saferwall/cli
cli cli-tool command-line-tool malware-analysis saferwall
Last synced: 3 months ago
JSON representation
saferwall-cli :wrench: helps you scan, re-scan and download samples using the Saferwall API.
- Host: GitHub
- URL: https://github.com/saferwall/cli
- Owner: saferwall
- License: apache-2.0
- Created: 2021-06-04T19:30:10.000Z (about 5 years ago)
- Default Branch: main
- Last Pushed: 2026-04-07T06:48:53.000Z (3 months ago)
- Last Synced: 2026-04-07T08:26:08.628Z (3 months ago)
- Topics: cli, cli-tool, command-line-tool, malware-analysis, saferwall
- Language: Go
- Homepage: https://saferwall.com
- Size: 10 MB
- Stars: 7
- Watchers: 1
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# saferwall-cli
A CLI tool to interact with Saferwall.com to scan, rescan and download malware samples.
## Install
You can either download pre-built binaries or build the tool yourself.
```sh
go install github.com/saferwall/cli@latest
```
## Getting Started
To use the CLI you need a [Saferwall](https://saferwall.com) account. Run the `init` command to interactively set up your credentials:
```sh
saferwall-cli init
```
This launches an interactive prompt that asks for:
- **URL** — the Saferwall API endpoint (defaults to `https://api.saferwall.com`)
- **Username** — your Saferwall account username
- **Password** — your Saferwall account password
The credentials are saved to `~/.config/saferwall/config.toml`. To reconfigure, delete that file and run `init` again.
The CLI can also be used with a self-hosted Saferwall deployment by providing your own API URL during init.
## Usage
```
Available Commands:
init Configure saferwall CLI credentials
scan Upload and scan files
rescan Rescan an existing file using its hash
view View scan results for a file by its SHA256 hash
download Download a sample (and its artifacts)
souk Populate malware-souk database
version Version number
```
### Scan
Upload and scan files. Supports scanning a single file or an entire directory.
```sh
# Scan a single file
saferwall-cli scan /path/to/sample
# Scan an entire directory
saferwall-cli scan /path/to/directory
# Scan with parallel uploads
saferwall-cli scan -p 4 /path/to/directory
# Force rescan if the file already exists
saferwall-cli scan -f /path/to/sample
# Enable detonation with custom timeout and OS
saferwall-cli scan -d -t 30 -o win-7 /path/to/sample
```
| Flag | Short | Default | Description |
|------|-------|---------|-------------|
| `--force` | `-f` | `false` | Force rescan if the file already exists |
| `--parallel` | `-p` | `1` | Number of files to scan in parallel |
| `--enableDetonation` | `-d` | `false` | Enable detonation (dynamic analysis) |
| `--timeout` | `-t` | `15` | Detonation duration in seconds |
| `--os` | `-o` | `win-10` | Preferred OS for detonation (`win-7` or `win-10`) |
### Rescan
Rescan an existing file by its SHA256 hash, or rescan a batch of hashes from a text file.
```sh
saferwall-cli rescan
```
### View
View scan results for a file by its SHA256 hash. Displays file identification (hashes, size), properties (format, packer, timestamps), classification verdict, and antivirus detection results. For archive files, it shows a summary table of all contained files.
```sh
saferwall-cli view
```
### Download
Download a sample by its SHA256 hash, or provide a text file with one hash per line to download in batch.
```sh
# Single sample
saferwall-cli download
# Batch from a text file
saferwall-cli download hashes.txt
# Extract from zip (password: infected) instead of keeping the .zip
saferwall-cli download -x
```