Cosmo CLI

The Cosmo CLI is the official Command Line Interface that lets you interact with Cosmo. With the Cosmo CLI you can perform every operation enabled on the Cosmo platform (eg: create new scan or download reports).

Download

Download the latest version of the CLI for your OS from the release page of the official open source GitHub repository.

Usage

Using the CLI is simple. The base syntax is:

cosmo [command] [arguments]

All the CLI commands implemented are detailed in the table below:

Description	Command
List user	`cosmo user list`
List objects	`cosmo object list`
Delete object	`cosmo object delete <ID>`
Create object	`cosmo object new <NAME> <DESCRIPTION> <TAGS>...`
List scans	`cosmo scan list`
Delete scan	`cosmo scan delete <ID>`
Create scan	`cosmo scan new --output <OUTPUT> --report <REPORT> <OBJECT_ID> <FILENAME> <SCAN_TYPE> <ANALYSIS_TYPES>...`

info

All commands require access. This can be provided through an --api-key <API_KEY> argument to the command or set as the environment variable COSMO_API_KEY.

Features in detail

The Cosmo CLI allows you to perform all the actions described below.

List user

With this command you can verify what user is linked to an <API_KEY>.

cosmo --api-key <API_KEY> user list

List objects

With this command you can list objects associated with a user.

cosmo --api-key <API_KEY> object list

Delete object

With this command you can delete an object associated with a user.

cosmo --api-key <API_KEY> object delete <ID>

Create object

With this command you can create an object.

cosmo --api-key <API_KEY> object new <NAME> <DESCRIPTION> <TAGS>...

List scans

With this command you can list scans associated with a user.

cosmo --api-key <API_KEY> scan list

Delete scan

With this command you can delete a scan associated with a user.

cosmo --api-key <API_KEY> object delete <ID>

Create scan

info

Refer to this section of the documentation if you are unsure of what kind of file you should upload to Cosmo.

With this command you can ask Cosmo to start a new scan on the specified firmware image.

cosmo --api-key <API_KEY> scan new --output <OUTPUT> --report <REPORT> <OBJECT_ID> <FILENAME> <SCAN_TYPE> <ANALYSIS_TYPES>...

info

The optional --output argument is a file where all scan results get saved in JSON format. The optional --report argument is a file where an HTML scan overview report gets saved.

Supported analyses

All the supported analysis - for each firmware type - are listed below.

Linux/Container Analysis

hardening (Binary Analysis)
cve-check (CVE Check)
security-scan (Security Scan)
password-hash (Password Hash)
crypto (Crypto Analyzer)
kernel (Kernel Security)
software-bom(Software Bill of Materials)
static-code (Code Analysis)

UEFI Analysis

access (Access Rights Analysis)
intel-boot-guard (Intel BootGuard Analysis)
surface (Attack Surface Analysis)
secure-boot (Secure Boot Analysis)
uefi-security-scan (Security Scan)
peim-dxe (PEIM/DXE Analysis)

Vxworks Analysis

functions (Functions Analysis)
symbols (Symbols Analysis)
tasks (Tasks Analysis)
capabilities (Capabilities Analysis)

Supported firmware types

All the firmware type supported by the Cosmo CLI are listed below.

info

Types and subtypes are only required to create new scans using the scan new command.

`type`	description
`linux`	Generic Linux firmare image analysis
`docker`	Full Docker image analysis
`lxc`	LXC container image analysis
`uefi`	UEFI Bios analysis
`vxworks`	VxWorks image analysis

Cosmo CLI

Download​

Usage​

info

Features in detail​

List user​

List objects​

Delete object​

Create object​

List scans​

Delete scan​

Create scan​

info

info

Supported analyses​

Linux/Container Analysis​

UEFI Analysis​

Vxworks Analysis​

Supported firmware types​

info

Download

Usage

Features in detail

List user

List objects

Delete object

Create object

List scans

Delete scan

Create scan

Supported analyses

Linux/Container Analysis

UEFI Analysis

Vxworks Analysis

Supported firmware types