Scanning Modes Overview - Vigolium Documentation

Vigolium supports multiple scanning modes depending on what you have available: just a URL, source code, an AI agent, or all of the above. This document helps you pick the right mode and understand the execution pipeline.

Scanning Modes at a Glance

Mode	What You Need	Command	What It Does
Lite	URL	`vigolium scan -t URL --strategy lite`	Audit only, no discovery
Balanced	URL	`vigolium scan -t URL`	Discovery + spidering + known-issue-scan + dynamic-assessment
Deep	URL	`vigolium scan -t URL --strategy deep`	Adds external harvesting to balanced
Extension	URL + JS extensions	`vigolium run extension -t URL --ext script.js`	Run only custom extension modules
Agent, Query	Source code + provider	`vigolium agent query --prompt-template security-code-review --source ./app`	One-shot AI code review
Agent, Swarm	URL (+ optional source)	`vigolium agent swarm -t URL [--source ./app]`	AI plans modules + JS extensions, native scanner runs them
Agent, Autopilot	URL (+ optional source)	`vigolium agent autopilot -t URL [--source ./app]`	AI drives bash/files/CLI autonomously
Agent, Audit	Source code	`vigolium agent audit --source ./app --mode deep`	Multi-phase whitebox security audit (driver dispatcher: `--driver auto\|both\|audit\|piolium`)

Decision Guide

Do you have application source code?
├── No
│   ├── Quick single-URL test? ──────────────── vigolium scan-url <URL>
│   ├── Want fast results? ──────────────────── vigolium scan -t URL --strategy lite
│   ├── Standard scan? ──────────────────────── vigolium scan -t URL
│   ├── Maximum external recon? ─────────────── vigolium scan -t URL --strategy deep
│   ├── AI-guided targeted scan? ────────────── vigolium agent swarm -t URL
│   ├── AI-driven autonomous pentest? ───────── vigolium agent autopilot -t URL
│   └── Custom extension scripts only? ──────── vigolium run extension -t URL --ext script.js
│
└── Yes
    ├── One-shot code review? ──────────────── vigolium agent query --prompt-template security-code-review --source ./app
    ├── Multi-phase code audit? ────────────── vigolium agent audit --source ./app --mode deep
    ├── AI-guided dynamic scan w/ source? ──── vigolium agent swarm -t URL --source ./app --code-audit
    └── Autonomous pentest w/ source? ──────── vigolium agent autopilot -t URL --source ./app

Phase Execution Pipeline

Phases execute in this order. Each strategy enables a subset of these phases:

Heuristics Check     Pre-flight probe (detect WAF, redirects, tech stack)
External Harvesting  Query Wayback, CommonCrawl, AlienVault OTX, URLScan, VirusTotal
Discovery            Content discovery (brute-force dirs/files, JS analysis)
Spidering            Browser-based crawling (Chromium), SPA support, form filling
KnownIssueScan       Nuclei templates + Kingfisher secret scanning
Dynamic-Assessment   Active + passive scanner modules against all discovered endpoints
                        (user-supplied JS/YAML extensions also dispatch here)

Strategy Comparison

Phase	Lite	Balanced	Deep
External Harvesting	-	-	yes
Discovery	-	yes	yes
Spidering	-	yes	yes
KnownIssueScan	-	yes	yes
Dynamic-Assessment	yes	yes	yes

Balanced is the default strategy when --strategy is not specified.

Phase Aliases

The canonical phase names are discovery, spidering, dynamic-assessment, and extension. The following aliases work with --only and --skip:

Alias	Canonical Phase
`deparos`	`discovery`
`discover`	`discovery`
`spitolas`	`spidering`
`audit`	`dynamic-assessment`
`dast`	`dynamic-assessment`
`assessment`	`dynamic-assessment`
`ext`	`extension`

Phase Control: `--only` and `--skip`

These two flags are mutually exclusive. Using both produces an error.

`--only <phase>`: Run a Single Phase

Disables all other phases and turns off heuristics.

# Run only content discovery
vigolium scan -t https://example.com --only discovery

# Run only the dynamic-assessment phase (active + passive vulnerability scan)
vigolium scan -t https://example.com --only dynamic-assessment
# Aliases also work:
# vigolium scan -t https://example.com --only audit

# Run only custom extensions (skip built-in modules)
vigolium scan -t https://example.com --only extension --ext my-scanner.js
# Or using the alias:
vigolium scan -t https://example.com --only ext --ext my-scanner.js

Valid values: ingestion, discovery (deparos/discover), spidering (spitolas), external-harvest, known-issue-scan, dynamic-assessment (audit/dast/assessment), extension (ext).

`--skip <phase>`: Skip Specific Phases

Disables named phases while keeping all others enabled by the strategy.

# Skip spidering in a balanced scan
vigolium scan -t https://example.com --skip spidering

# Skip both discovery and known-issue-scan
vigolium scan -t https://example.com --skip discovery --skip known-issue-scan

`vigolium run <phase>` Shortcut

vigolium run <phase> is a direct alias for vigolium scan --only <phase>:

# These are equivalent:
vigolium run discovery -t https://example.com
vigolium scan -t https://example.com --only discovery

# Run only extension modules:
vigolium run extension -t https://example.com --ext my-scanner.js

Scanning Profiles

A scanning strategy only toggles phases on/off. A scanning profile goes further, it bundles strategy, pace, scope, discovery, spidering, and module configuration into a single YAML file that overrides the main config when selected.

Using a Profile

# Use the built-in standard profile
vigolium scan -t https://example.com --scanning-profile standard

# Use a custom profile by name (resolved from profiles_dir)
vigolium scan -t https://example.com --scanning-profile api-pentest

# Use a profile by path
vigolium scan -t https://example.com --scanning-profile ~/profiles/custom.yaml

# List available profiles and strategies
vigolium strategy ls

Creating a Custom Profile

Create a YAML file in ~/.vigolium/profiles/. The first line can contain a # description: comment that appears in vigolium strategy ls. A profile can override any combination of these config sections (omitted sections keep their main config values):

# description: Fast API-focused scan with minimal discovery
scanning_strategy:
  default_strategy: lite

scanning_pace:
  concurrency: 100
  rate_limit: 200

discovery:
  mode: files_only

known_issue_scan:
  enrich_targets: false         # host-level only (faster)

dynamic-assessment:
  max_findings_per_module: 10   # cap noisy modules
  enabled_modules:
    active_modules:
      - sqli-error-based
      - xss-reflected-brutelogic
    passive_modules:
      - all

scope:
  path:
    include:
      - "/api/*"

Overridable sections: scanning_strategy, scanning_pace, discovery, spidering, known_issue_scan, dynamic-assessment, external_harvester, mutation_strategy, scope.

Profile Configuration

Set a default profile or change the profiles directory in vigolium-configs.yaml:

scanning_strategy:
  scanning_profile: ""                    # empty = no profile, use default_strategy
  profiles_dir: ~/.vigolium/profiles/     # directory for profile YAML files

Override Precedence

Profiles slot between CLI flags and the main config file:

CLI flags (--strategy, -c, --discover-max-time, etc.)
--scanning-profile / scanning_strategy.scanning_profile
Main config file (vigolium-configs.yaml)
Built-in defaults

Source-Aware Scanning

Source code-aware analysis lives in agent mode, not in the native scanner. Use vigolium agent swarm --source <path> for AI-driven route extraction + code audit + targeted scanning, vigolium agent autopilot --source <path> for autonomous pentest with code context, or vigolium agent audit --source <path> --mode deep for a standalone multi-phase whitebox audit. See Agent Mode for the full overview.

​Scanning Modes at a Glance

​Decision Guide

​Phase Execution Pipeline

​Strategy Comparison

​Phase Aliases

​Phase Control: --only and --skip

​--only <phase>: Run a Single Phase

​--skip <phase>: Skip Specific Phases

​vigolium run <phase> Shortcut

​Scanning Profiles

​Using a Profile

​Creating a Custom Profile

​Profile Configuration

​Override Precedence

​Source-Aware Scanning