API Reference

Complete reference for Apache Sling Auditor command-line interface.

Command Structure

1
python auditor.py -t <target_url> [options]

Required Arguments

1	-t, --target

Target URL to scan.

Format:

1

http://hostname:port

1

https://hostname:port

Examples:

1
2
-t http://example.com:4502
-t https://secure.aem:4503

Required: Yes

Optional Arguments

Authentication

1	-u, --username

Username for authentication.

Example:

1
-u admin

Default: None

1	-p, --password

Password for authentication.

Example:

1
-p password

Default: None

Scan Configuration

1

--mode

Scan mode selection.

Options:

• 1

  quick

  - Fast security assessment

• 1

  full

  - Comprehensive audit (default)

• 1

  stealth

  - Low-profile scanning

Example:

1
--mode quick

Default:

1

full

1	--wordlist

Path to wordlist file for path enumeration.

Example:

1
--wordlist wordlists/sling_paths.txt

Default: None

1

--exploit

Enable exploitation mode to generate PoCs and validate vulnerabilities.

Example:

1
--exploit

Default: Disabled

1	--brute-force

Enable brute force login testing.

Example:

1
--brute-force

Default: Disabled

1	--username-wordlist

Path to username wordlist for brute force attacks.

Example:

1
--username-wordlist wordlists/usernames.txt

Default: Uses default wordlist from config

1	--password-wordlist

Path to password wordlist for brute force attacks.

Example:

1
--password-wordlist wordlists/passwords.txt

Default: Uses default wordlist from config

Network Configuration

1

--proxy

Proxy URL for routing traffic.

Format:

1

http://hostname:port

1

https://hostname:port

Example:

1
--proxy http://127.0.0.1:8080

Default: None

1	--user-agent

Custom User-Agent string.

Example:

1
--user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"

Default: Standard browser User-Agent

1

--cookies

Cookies to include with requests.

Format:

1

"key1=val1; key2=val2"

Example:

1
--cookies "session=abc123; token=xyz789"

Default: None

1	-T, --timeout

Request timeout in seconds.

Example:

1
--timeout 30

Default:

1

10

1	-k, --insecure

Allow insecure SSL connections (ignore certificate errors).

Example:

1
-k

Default: SSL verification enabled

Performance

1

--threads

Number of concurrent threads/requests.

Example:

1
--threads 10

Default:

1

5

Note: Higher values = faster but more resource-intensive

Output

1	-o, --output

Output directory for scan results.

Example:

1
-o /path/to/output

Default:

1

scan_results

1	-v, --verbose

Enable verbose output for detailed information.

Example:

1
-v

Default: Disabled

Help

1	-h, --help

Show help message and exit.

Example:

1
-h

Complete Option List

1

--target

1

-t

1

--username

1

-u

1

--password

1

-p

1

--mode

1

full

1

--wordlist

1

--exploit

1

--brute-force

1

--username-wordlist

1

--password-wordlist

1

--proxy

1

--user-agent

1

--cookies

1

--timeout

1

-T

1

--insecure

1

-k

1

--threads

1

--output

1

-o

1

scan_results

1

--verbose

1

-v

1

--help

1

-h

Usage Examples

Basic Scan

1
python auditor.py -t http://target.com:4502

Quick Scan

1
python auditor.py -t http://target.com:4502 --mode quick

Authenticated Scan

1
python auditor.py -t http://target.com:4502 -u admin -p password

With Exploitation

1
python auditor.py -t http://target.com:4502 --exploit

Brute Force

1
2
3
4
python auditor.py -t http://target.com:4502 \
  --brute-force \
  --username-wordlist wordlists/usernames.txt \
  --password-wordlist wordlists/passwords.txt

Through Proxy

1
2
python auditor.py -t http://target.com:4502 \
  --proxy http://127.0.0.1:8080

Custom Configuration

1
2
3
4
5
6
python auditor.py -t http://target.com:4502 \
  --user-agent "Custom Agent" \
  --cookies "session=abc123" \
  --timeout 30 \
  --threads 10 \
  -v

Complete Example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
python auditor.py -t http://target.com:4502 \
  --mode full \
  --wordlist wordlists/sling_paths_extended.txt \
  --exploit \
  --brute-force \
  --username-wordlist wordlists/aem_usernames.txt \
  --password-wordlist wordlists/common_passwords.txt \
  --proxy http://127.0.0.1:8080 \
  --user-agent "Mozilla/5.0" \
  --cookies "session=abc123" \
  --timeout 15 \
  --threads 10 \
  -o /path/to/output \
  -v

Exit Codes

• 0: Success
• 1: Error (invalid arguments, connection errors, etc.)

Environment Variables

The auditor respects the following environment variables:

• HTTP_PROXY: HTTP proxy URL
• HTTPS_PROXY: HTTPS proxy URL
• NO_PROXY: Comma-separated list of hosts to bypass proxy

Return Values

The auditor returns a JSON report to the output directory containing:

• scan_info: Target, mode, duration, timestamps
• target_info: Version detection, product information
• security_findings: All findings categorized by severity (critical, high, medium, low, info)
• vulnerabilities: CVE detection results with test details
• exposed_apis: Discovered API endpoints
• authentication: Auth test results, valid credentials, brute force results
• configuration: OSGI and dispatcher configuration findings
• content_security: Exposed paths and sensitive content
• exploit_results: Exploitation outcomes (if

  1

  --exploit

  enabled)

Report Format: Currently only JSON reports are generated. HTML and text summary reports are planned for future releases.

Error Handling

Common errors and solutions:

Invalid URL

1
Error: Target URL must include scheme (http:// or https://)

Solution: Ensure URL includes protocol (http:// or https://)

Connection Errors

1
Request error: Connection refused

Solution: Check target URL, network connectivity, firewall rules

SSL Errors

1
SSL: CERTIFICATE_VERIFY_FAILED

Solution: Use

1

-k

Timeout Errors

1
Request timeout: http://target.com:4502

Solution: Increase timeout with

1

--timeout

Need examples? Check out the Usage Guide or Examples!