ScanMalware.com
← Back to Blog
#cli#rust#automation#devops#security#tools

Introducing the ScanMalware CLI: Powerful URL Security Analysis from Your Terminal

ScanMalware Team
3 min read

Introduction

The official ScanMalware CLI brings comprehensive URL security analysis to your terminal. Built with Rust for speed and reliability, it enables security researchers, DevOps engineers, and malware analysts to automate URL scanning in their workflows, CI/CD pipelines, and security toolchains.

GitHub Repository: https://github.com/scanmalware/scanmalware-cli

Why a CLI Tool?

Automate security workflows with programmatic access to ScanMalware:

CI/CD Integration: Verify URLs before deployment

scanmalware scan https://staging.example.com --wait || exit 1

Batch Processing: Analyze thousands of URLs from threat feeds

cat suspicious-urls.txt | scanmalware scan --batch --format json > results.ndjson

Scripting: Integrate with existing security tools

scanmalware result scan-id --format json | jq '.ip_table[] | select(.risk > 50)'

Key Features

  • Comprehensive Scanning: Submit URLs, monitor progress, retrieve results
  • Advanced Search: Search by IP, ASN, JARM, favicon, JavaScript fingerprints, OCR text, and more
  • Multiple Formats: Output as text, JSON, CSV, or raw binary data
  • Batch Processing: Process multiple URLs or results efficiently
  • System Health: Monitor service status and module availability
# Basic scanning
scanmalware scan https://example.com --wait

# Search operations
scanmalware search ip 192.168.1.1 --format json
scanmalware search js-tlsh ABC123DEF456 --limit 10

# Batch processing
cat urls.txt | scanmalware scan --batch --format json

# Health checks
scanmalware health

Installation

Quick Install (Recommended)

macOS/Linux:

curl -fsSL https://scanmalware.com/install.sh | bash

Windows:

irm https://scanmalware.com/install.ps1 | iex

Alternative Methods

Homebrew:

brew tap scanmalware/tap && brew install scanmalware/tap/scanmalware-cli

Docker:

docker run --rm jonaslejon/scanmalware-cli:latest scan https://example.com

Configuration

Configure via environment variables or command-line flags:

# Environment variables
export SCANMALWARE_BASE_URL=https://scanmalware.com/api
export SCANMALWARE_TIMEOUT=60

# Command-line flags
scanmalware --base-url https://scanmalware.com/api --timeout 60 scan https://example.com
scanmalware --quiet result scan-id-123  # Minimal output

Real-World Use Cases

SOC Automation

Process phishing reports automatically:

cat phishing-urls.txt | while read url; do
    scanmalware scan "$url" --wait
    scanmalware summary "$scan_id" >> report.txt
done

CI/CD Integration

Block deployments with security issues:

# .github/workflows/security-scan.yml
- name: Security Scan
  run: |
    docker run --rm jonaslejon/scanmalware-cli:latest \
      scan ${{ secrets.STAGING_URL }} --wait --format json > result.json
    risk=$(jq -r '.risk_score // 0' result.json)
    [ "$risk" -gt 50 ] && exit 1 || echo "Passed"

Threat Intelligence

Enrich IOC feeds with scan data:

scanmalware search ip 203.0.113.42 --format json | \
    jq -r '.results[].url' | scanmalware scan --batch

Advanced Features

Custom API Access: Query any endpoint directly

scanmalware request /api/v1/ct/certificates/example.com --format json

Binary Downloads: Retrieve PCAPs and screenshots

scanmalware download pcap scan-id-123 > capture.pcap.gz

Unix Integration: Pipe to standard tools

scanmalware recent --limit 100 --format json | jq -r '.results[] | .risk_score'

No Authentication Required

The CLI requires no API keys or authentication - just install and start scanning:

scanmalware scan https://example.com

Future Roadmap

Planned features: rate limit handling, progress bars, watch mode, export templates, plugin system, and interactive TUI.

Contributing

Open source contributions welcome! Report bugs, submit PRs, or share workflows at github.com/scanmalware/scanmalware-cli.

Getting Started

# Quick install
curl -fsSL https://scanmalware.com/install.sh | bash

# Run your first scan
scanmalware scan https://example.com --wait

# Explore available commands
scanmalware --help

Conclusion

Automate URL security analysis from your terminal with the ScanMalware CLI. Open source, no authentication required, with support for batch processing, multiple output formats, and CI/CD integration.

Get started: github.com/scanmalware/scanmalware-cli