Exec command

The exec command creates a new scan with the starting URL specified (in /starting_url, /base_scan, or /scan_template), runs it, and saves it. It can also optionally be used to generate and save a report of the scan.

To run the exec command, type exec, ex, or e at the command prompt, followed by the required command options, as described below.

Note: If no command is specified, the exec command runs by default.

Parameters

The following parameters can be included in the exec command.

Parameter

Explanation

/starting_url | /surl | /su <full_path>

Sets the starting URL for the scan. If the starting URL is defined in the scan template or base scan you do not need to define it here.

/credentials | /cred | /cr <username:password>

Specifies Automatic Login and sets the username and password. This overrides any login configured in the SCANT file (if used).

/base_scan | /base | /b <full_path>

Specifies a source scan (must include full path), whose configuration will be used for the new scan.

/dest_scan | /dest | /d <full_path>

Specifies the destination where the new scan will be saved (must include full path). If no path is specified, the scan is saved to a Temp folder, and AppScanCMD will notify you of its exact location and filename.

/scan_template | /stemplate | /st <full_path>

Specifies the scan template file.

/old_host | /ohost | /oh <full_path>

/new_host | /nhost | /nh <full_path>

These two parameters enable you to "search and replace" one host with another, in a base scan.

/login_file | /lfile | /lf <full_path>

Imports a saved login sequence.

/multi_step_file | /mstepfile | /mf <full_path>

Imports a multi-step operations file.

/manual_explore_file | /mexplorefile | /mef <full_path>

Imports a Manual Explore file (in format EXD, HAR, DAST.CONFIG or CONFIG).
Note: As of AppScan Standard Version 9.0.1, EXD files include response data. To import this data, add flag /ir. If the flag is not added, the response data will not be imported, and instead an Explore stage will be run (the saved requests will be sent) to gather new responses to analyze for testing.

/policy_file | /pfile | /pf <full_path>

Imports a test policy file.

/additional_domains | /adomains | /ad <domain>

Defines domains other than that of the starting URL to be included in the scan. If there are more than one additional domains, separate them with a comma or add multiple instances of the parameter.

/report_file | /rf <full_path>

Specifies the destination and name for the generated report (must include full path).

This field is optional. If not set, no report is generated.

Note that if /rt is defined as rc_ase no report file is needed, as the output is published to AppScan Enterprise.

/report_template | /rtemplate| /rtm <CliDefault | GuiDefault | Summary | DetailedReport | Developer | QA | SiteInventory>

Specifies the types of information that will be included in the report (see Security reports)

Default template (if none is specified): CliDefault. This is not identical to the Default template in the Reports dialog box. To use that template, specify GuiDefault.

/report_type | /rt <xml|pdf|rtf|txt|html|rc_ase>

Specifies the report format. Default is XML.

rc_ase refers to AppScan Enterprise reports and the output will be published to AppScan Enterprise using the existing settings (to see these click File > Export > Publish to AppScan Enterprise > Connection Settings).

/ase_application_name | /aan <AppScan Enterprise application name>

Specifies the AppScan Enterprise application to which the report will be published. Used only with /report_type rc_ase

/min_severity | /ms

<low|medium|high|informational>

Specifies the minimum result severity to include in reports. (non-xml reports only).

Default is "low".

/test_type|/tt <All | Application | Infrastructure | ThirdParty>

Specifies which type of tests to include in the report. Default is "All".

Flags

The following flags can be included in the exec command. Including them is the equivalent of setting them from False to True.

Flag

Explanation

/continue | /c

Continue the scan.

/explore_only | /eo

Run an Explore stage only.

/include_responses | /ir

When importing Manual Explore data (EXD file) that includes response data, include the responses (use with /mef).
Note: As of AppScan Standard Version 9.0.1, EXD files include response data. If you add this flag, and the file includes response data, it is used when analyzing for testing. If the file does not include response data, an Explore stage will be run (the saved requests will be sent) to gather new responses to analyze for testing.

/incremental | /inc

Run an incremental scan on the specified base scan, scanning only new parts of the application.

/incremental_retest | /incretest

Run an incremental scan on the specified base scan, scanning new parts of the application and also those parts of the application where an issue was previously found.

/merge_manual_explore_requests | /mmer

Apply Explore-stage Redundancy Tuning settings to Manual Explore data, to help avoid duplicate requests (use with /mef).

/multi-step | /mstep

Test multi-step operations only.

/open_proxy | /oprxy| /opr /listening_port|/lport|/lp <port number> /save_only|/saveo|/so

Open AppScan recording proxy. By default the port set in Tools > Options > Recording Proxy tab is used.

To set a different port use /listening_port <port number>.

To save as a SCAN file without running a scan, use /save_only|/saveo|/so

SCAN files are ZIP files containing several component files, including Manual Explore sequences that are saved as individual Manual_Explore_#.exd files (where "#" is a sequential number). EXD files can be imported into another scan.

/scan_log | /sl

Display the scan log during the scan.

/test_only | /to

Run a Test stage only.

/verbose | /v

Include progress lines in the output.

Examples

Below are some examples of complete commands.

Example 1

This command will start a scan with the specified starting URL, using the Regular Scan template.
appscancmd e /su https://demo.testfire.net.scan

Example 2

This will start an Explore stage only with the specified starting URL, using the Regular Scan template.

appscancmd e /su https://demo.testfire.net.scan /eo

Example 3

This scan includes a manual explore, multi-step operations, a recorded login and a test policy.
appscancmd e
/st D:\demo.testfire.net.scant
/d D:\demo.testfire.net.scan
/mef D:\ManualExplore.exd
/mf D:\MyMultistepOperation.seq
/lf D:\LoginSequence.login
/pf D:\MyTestPolicy.policy 

Example 4: Additional domains

Two or more additional domains can be defined in a single -additional_domains parameter, separated by commas, or in separate parameters.
appscancmd e
/st D:\demo.testfire.net.scant
/d D:\demo.testfire.net.scan
/mef D:\ManualExplore.exd
/ad demo.testfire.net1,demo.testfire.net2,demo.testfire.net3
/sl
OR
appscancmd e
/st D:\demo.testfire.net.scant
/d D:\demo.testfire.net.scan
/mef D:\ManualExplore.exd
/ad demo.testfire.net1
/ad demo.testfire.net2
/ad demo.testfire.net3
/sl

Example 5: Change hosts and ports

You can change both the host and the port of the scan template or base scan.
appscancmd e
/st D:\demo.testfire.net.scant
/d D:\demo.testfire.net.scan
/mef D:\ManualExplore.exd
/oh https://demo.testfire.net:80
/nh https://demo.testfire.net2:8090

Example 6: Incremental scans

These commands run Incremental scans on an existing demo.testfire.net.scan. There are two kinds of Incremental scan, for details see Incremental scans.
  • Scan only new parts of the application:
    appscancmd e
    /b D:\demo.testfire.net.scan
    /d D:\demo.testfire.net.inc.scan
    /inc
  • Scan new parts of the application and also those parts of the application where an issue was previously found:
    appscancmd e
    /b D:\demo.testfire.net.scan
    /d D:\demo.testfire.net.incretest.scan
    /incretest