Cosmo CLI

The Cosmo CLI is the official Command Line Interface that lets you interact with Cosmo. With the Cosmo CLI you can perform every operation enabled on the Cosmo platform (eg: create new scan or download reports).

Download

Download the latest version of the CLI for your OS from the release page of the official open source GitHub repository.

Usage

Using the CLI is simple. The base syntax is:

cosmo [command] [arguments]

All the CLI commands implemented are detailed in the table below:

Description	Command
List personal projects	`cosmo list` `cosmo ls`
List personal projects (output in json)	`cosmo list --output json`
Create a new analysis *	`cosmo create --file <FILE> --name <NAME> --type <TYPE> --subtype <SUBTYPE>` `cosmo new --file <FILE> --name <NAME> --type <TYPE> --subtype <SUBTYPE>`
View project results overview	`cosmo overview --id <PROJECT_ID>` `cosmo show --id <PROJECT_ID>`
View analysis results*	`cosmo analysis --id <PROJECT_ID> --analysis <ANALYSIS>`
View analysis results (output in json)	`cosmo analysis --id <PROJECT_ID> --analysis <ANALYSIS> --output json`
View paginated analysis results*	`cosmo analysis --id <PROJECT_ID> --analysis <ANALYSIS> --page 1 --per-page 10`
Delete project	`cosmo delete --id <PROJECT_ID>` `cosmo rm --id <PROJECT_ID>`
Log out	`cosmo logout`

info

The PROJECT_ID argument can be retrieved from the cosmo list output or by inspecting the URL of the online dashboard.

Features in detail

The Cosmo CLI allows you to perform all the actions described below.

This command lets you perform the sign-in into the Cosmo platform.

cosmo login

info

You can avoid to perform this command directly: the CLI will ask you to sign-in when running a command for the first time.

Logout

This command performs the logout action. After logout any command will be rejected until the next login.

cosmo logout

Create new scan

info

Refer to this section of the documentation if you are unsure of what kind of file you should upload to Cosmo.

With this command you can ask Cosmo to start a new scan on the specified firware image.

cosmo create --file <FILE> --name <NAME> --type <TYPE> --subtype <SUBTYPE>

or the equivalent

cosmo new --file <FILE> --name <NAME> --type <TYPE> --subtype <SUBTYPE>

Delete existing reports

With this command you can ask Cosmo to delete an existing report.

cosmo delete --id <PROJECT_ID>

or the equivalent

cosmo rm --id <PROJECT_ID>

info

The PROJECT_ID argument can be retrieved from the cosmo list output or by inspecting the URL of the online dashboard.

List personal reports

With this command you can ask Cosmo to list all the reports previously created.

cosmo list

or the equivalent

cosmo ls

You can use the --output json flag to format the list output in json:

cosmo list --output json

Get the report overview

With this command you can ask Cosmo to show the overview of the report identified by PROJECT_ID.

cosmo overview --id <PROJECT_ID>

or the equivalent

cosmo show --id <PROJECT_ID>

View analysis results

With this command you can ask Cosmo to show the whole analysis result.

The analysis type is passed as an argument with the flag --analysis.

cosmo analysis --id <PROJECT_ID> --analysis <ANALYSIS>

Use the --output json flag to format the analysis output in json:

cosmo analysis --id <PROJECT_ID> --analysis <ANALYSIS> --output json

For a paginated analysis result you can use the --page (page) and --per-page (size) flags:

cosmo analysis --id <PROJECT_ID> --analysis <ANALYSIS> --page 1 --per-page 10

info

All the possible values for the --analysis flags are reported in the Supported Analyses section.

Supported analyses

All the supported analysis - for each firmware type - are listed below.

Linux/Container Analysis

hardening (Binary Analysis)
cve-check (CVE Check)
security-scan (Security Scan)
password-hash (Password Hash)
crypto (Crypto Analyzer)
nvram (NVRAM Analysis)
kernel (Kernel Security)
software-bom(Software Bill of Materials)
static-code (Code Analysis)

UEFI Analysis

access (Access Rights Analysis)
intel-boot-guard (Intel BootGuard Analysis)
surface (Attack Surface Analysis)
secure-boot (Secure Boot Analysis)
uefi-security-scan (Security Scan)
peim-dxe (PEIM/DXE Analysis)

Vxworks Analysis

functions (Functions Analysis)
symbols (Symbols Analysis)
tasks (Tasks Analysis)
capabilities (Capabilities Analysis)

Supported types

All the type and subtype combinations supported by the Cosmo CLI are listed below.

info

Types and subtypes are only required to create new scans using the create or new commands.

`type`	`subtype`	description
`linux`	`generic`	Generic Linux firmare image analysis
`linux`	`yocto`	Yocto Linux firmare image analysis
`linux`	`buildroot`	Buildroot Linux firmare image analysis
`linux`	`openwrt`	OpenWRT Linux firmare image analysis
`container`	`docker`	Full Docker image analysis
`container`	`docker-lite`	Fast Docker image analysis (only `cve-check` analysis performed)
`container`	`lxc`	LXC container image analysis
`uefi`	`generic`	UEFI Bios analysis
`vxworks`	`generic`	VxWorks image analysis

caution

The docker-lite scan subtype is currently in beta and only available through the Cosmo CLI.

Cosmo CLI

Download​

Usage​

info

Features in detail​

Login​

info

Logout​

Create new scan​

info

Delete existing reports​

info

List personal reports​

Get the report overview​

View analysis results​

info

Supported analyses​

Linux/Container Analysis​

UEFI Analysis​

Vxworks Analysis​

Supported types​

info

caution

Download

Usage

Features in detail

Login

Logout

Create new scan

Delete existing reports

List personal reports

Get the report overview

View analysis results

Supported analyses

Linux/Container Analysis

UEFI Analysis

Vxworks Analysis

Supported types