Documentation Index
Fetch the complete documentation index at: https://docs.vigolium.com/llms.txt
Use this file to discover all available pages before exploring further.
Vigolium supports multiple scanning modes depending on what you have available: just a URL, source code, an AI agent, or all of the above. This document helps you pick the right mode and understand the execution pipeline.
Scanning Modes at a Glance
| Mode | What You Need | Command | What It Does |
|---|
| Lite | URL | vigolium scan -t URL --strategy lite | Audit only, no discovery |
| Balanced | URL | vigolium scan -t URL | Discovery + spidering + known-issue-scan + dynamic-assessment |
| Deep | URL | vigolium scan -t URL --strategy deep | Adds external harvesting to balanced |
| Extension | URL + JS extensions | vigolium run extension -t URL --ext script.js | Run only custom extension modules |
| Agent — Query | Source code + provider | vigolium agent query --prompt-template security-code-review --source ./app | One-shot AI code review |
| Agent — Swarm | URL (+ optional source) | vigolium agent swarm -t URL [--source ./app] | AI plans modules + JS extensions, native scanner runs them |
| Agent — Autopilot | URL (+ optional source) | vigolium agent autopilot -t URL [--source ./app] | AI drives bash/files/CLI autonomously |
| Agent — Archon | Source code | vigolium agent archon --source ./app --mode deep | Multi-phase whitebox security audit |
Decision Guide
Do you have application source code?
├── No
│ ├── Quick single-URL test? ──────────────── vigolium scan-url <URL>
│ ├── Want fast results? ──────────────────── vigolium scan -t URL --strategy lite
│ ├── Standard scan? ──────────────────────── vigolium scan -t URL
│ ├── Maximum external recon? ─────────────── vigolium scan -t URL --strategy deep
│ ├── AI-guided targeted scan? ────────────── vigolium agent swarm -t URL
│ ├── AI-driven autonomous pentest? ───────── vigolium agent autopilot -t URL
│ └── Custom extension scripts only? ──────── vigolium run extension -t URL --ext script.js
│
└── Yes
├── One-shot code review? ──────────────── vigolium agent query --prompt-template security-code-review --source ./app
├── Multi-phase code audit? ────────────── vigolium agent archon --source ./app --mode deep
├── AI-guided dynamic scan w/ source? ──── vigolium agent swarm -t URL --source ./app --code-audit
└── Autonomous pentest w/ source? ──────── vigolium agent autopilot -t URL --source ./app
Phase Execution Pipeline
Phases execute in this order. Each strategy enables a subset of these phases:
1. Heuristics Check Pre-flight probe (detect WAF, redirects, tech stack)
2. External Harvesting Query Wayback, CommonCrawl, AlienVault OTX, URLScan, VirusTotal
3. Discovery Content discovery (brute-force dirs/files, JS analysis)
4. Spidering Browser-based crawling (Chromium), SPA support, form filling
5. KnownIssueScan Nuclei templates + Kingfisher secret scanning
6. Dynamic-Assessment Active + passive scanner modules against all discovered endpoints
7. Extension Custom JS extension modules (when `--only extension` or `--ext` is used)
Strategy Comparison
| Phase | Lite | Balanced | Deep |
|---|
| External Harvesting | - | - | yes |
| Discovery | - | yes | yes |
| Spidering | - | yes | yes |
| KnownIssueScan | - | yes | yes |
| Dynamic-Assessment | yes | yes | yes |
--strategy is not specified.
Phase Aliases
The canonical phase names are discovery, spidering, dynamic-assessment, and extension. The following aliases work with --only and --skip:
| Alias | Canonical Phase |
|---|
deparos | discovery |
discover | discovery |
spitolas | spidering |
audit | dynamic-assessment |
dast | dynamic-assessment |
assessment | dynamic-assessment |
ext | extension |
Phase Control: --only and --skip
These two flags are mutually exclusive. Using both produces an error.
--only <phase> — Run a Single Phase
Disables all other phases and turns off heuristics.
# Run only content discovery
vigolium scan -t https://example.com --only discovery
# Run only the dynamic-assessment phase (active + passive vulnerability scan)
vigolium scan -t https://example.com --only dynamic-assessment
# Aliases also work:
# vigolium scan -t https://example.com --only audit
# Run only custom extensions (skip built-in modules)
vigolium scan -t https://example.com --only extension --ext my-scanner.js
# Or using the alias:
vigolium scan -t https://example.com --only ext --ext my-scanner.js
ingestion, discovery (deparos/discover), spidering (spitolas), external-harvest, known-issue-scan, dynamic-assessment (audit/dast/assessment), extension (ext).
--skip <phase> — Skip Specific Phases
Disables named phases while keeping all others enabled by the strategy.
# Skip spidering in a balanced scan
vigolium scan -t https://example.com --skip spidering
# Skip both discovery and known-issue-scan
vigolium scan -t https://example.com --skip discovery --skip known-issue-scan
vigolium run <phase> Shortcut
vigolium run <phase> is a direct alias for vigolium scan --only <phase>:
# These are equivalent:
vigolium run discovery -t https://example.com
vigolium scan -t https://example.com --only discovery
# Run only extension modules:
vigolium run extension -t https://example.com --ext my-scanner.js
Scanning Profiles
A scanning strategy only toggles phases on/off. A scanning profile goes further — it bundles strategy, pace, scope, discovery, spidering, and module configuration into a single YAML file that overrides the main config when selected.
Using a Profile
# Use the built-in standard profile
vigolium scan -t https://example.com --scanning-profile standard
# Use a custom profile by name (resolved from profiles_dir)
vigolium scan -t https://example.com --scanning-profile api-pentest
# Use a profile by path
vigolium scan -t https://example.com --scanning-profile ~/profiles/custom.yaml
# List available profiles and strategies
vigolium strategy ls
Creating a Custom Profile
Create a YAML file in ~/.vigolium/profiles/. The first line can contain a # description: comment that appears in vigolium strategy ls.
A profile can override any combination of these config sections (omitted sections keep their main config values):
# description: Fast API-focused scan with minimal discovery
scanning_strategy:
default_strategy: lite
scanning_pace:
concurrency: 100
rate_limit: 200
discovery:
mode: files_only
known_issue_scan:
enrich_targets: false # host-level only (faster)
dynamic-assessment:
max_findings_per_module: 10 # cap noisy modules
enabled_modules:
active_modules:
- sqli-error-based
- xss-reflected-brutelogic
passive_modules:
- all
scope:
path:
include:
- "/api/*"
scanning_strategy, scanning_pace, discovery, spidering, known_issue_scan, dynamic-assessment, external_harvester, mutation_strategy, scope.
Profile Configuration
Set a default profile or change the profiles directory in vigolium-configs.yaml:
scanning_strategy:
scanning_profile: "" # empty = no profile, use default_strategy
profiles_dir: ~/.vigolium/profiles/ # directory for profile YAML files
Override Precedence
Profiles slot between CLI flags and the main config file:
- CLI flags (
--strategy, -c, --discover-max-time, etc.)
--scanning-profile / scanning_strategy.scanning_profile- Main config file (
vigolium-configs.yaml)
- Built-in defaults
Source-Aware Scanning
Source code-aware analysis lives in agent mode, not in the native scanner. Use vigolium agent swarm --source <path> for AI-driven route extraction + code audit + targeted scanning, vigolium agent autopilot --source <path> for autonomous pentest with code context, or vigolium agent archon --source <path> --mode deep for a standalone multi-phase whitebox audit.
See Agent Mode for the full overview.
