CLI Reference
The BlackRainbow CLI is available as br or blackrainbow.
Global Options
br --version # Print version and exit
br --help # Print help and exit
br init
Create a new engagement config from a template.
br init [OPTIONS]
| Option | Type | Default | Description |
|---|---|---|---|
--template | Choice | network | Template to use |
--output | String | blackrainbow.yaml | Output file path |
Templates
| Template | Target Type | Use Case |
|---|---|---|
network | network-service | Infrastructure assessment |
webapp | web-application | Web application testing |
ad | active-directory | Active Directory assessment |
ai | ai-system | AI/ML system red teaming |
Examples
# Default network assessment template
br init
# Web application template
br init --template webapp
# Custom output path
br init --template ad --output engagements/corp-ad.yaml
Will not overwrite an existing file. Exits with error if the output path already exists.
br run
Execute an engagement.
br run [OPTIONS]
| Option | Type | Default | Description |
|---|---|---|---|
--config | String | blackrainbow.yaml | Config file path |
--plugins | String | from config | Override plugins (comma-separated) |
--target | String | from config | Override target host |
--dry-run | Flag | false | Preview without executing |
--max-attempts | Integer | 5 | Max iterations per plugin |
--start-stage | String | -- | Start from a specific kill chain stage |
--resolve-deps | Flag | false | Resolve upstream dependencies |
Examples
# Run with default config
br run
# Dry run to preview attack plan
br run --dry-run
# Override target
br run --target 192.168.1.50
# Override plugins
br run --plugins recon,credential-access
# Custom config
br run --config engagements/webapp.yaml
# Start from a specific kill chain stage
br run --start-stage credential-access
# Combine overrides
br run --config corp.yaml --target 192.168.1.50 --plugins recon --dry-run
Execution Flow
- Load and validate YAML config
- Apply CLI overrides
- Initialize plugins, strategies, and target
- Connect to target (skipped in dry-run)
- Generate attack sequences
- Apply strategies (transform)
- Execute sequences (skipped in dry-run)
- Grade results
- Print summary
br report
Generate an engagement report from results.
br report [OPTIONS]
| Option | Type | Default | Description |
|---|---|---|---|
--config | String | blackrainbow.yaml | Config file (for output settings) |
--format | Choice | from config | Override output format |
--output | String | from config | Override output directory |
Formats
| Format | Description |
|---|---|
markdown | Markdown with embedded code blocks |
json | Structured JSON |
html | Standalone HTML |
pdf | PDF for stakeholder delivery |
Examples
# Generate report using config settings
br report
# Override format
br report --format pdf
# Override output directory
br report --output ./deliverables/
br plugins
Manage and list plugins.
br plugins [SUBCOMMAND]
br plugins list
List all registered plugins.
br plugins list
Registered Plugins
┏━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┓
┃ ID ┃ Description ┃ Category ┃
┡━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━┩
│ recon │ Network and service enumeration │ recon │
│ credential-access │ Password attacks and hash extraction │ credential│
│ web-exploit │ Web application attack sequences │ web │
│ ad-enum │ Active Directory enumeration │ ad-attack │
│ privesc │ Privilege escalation checks │ privesc │
└───────────────────┴─────────────────────────────────────────┴───────────┘
br plugins info
Show details for a specific plugin.
br plugins info recon
Plugin: recon
Description: Network and service enumeration, OSINT, target profiling
Category: recon
Severity: medium
Targets: network-service, web-application
ATT&CK: T1046, T1595.002
br ui
Launch the web dashboard.
br ui [OPTIONS]
| Option | Type | Default | Description |
|---|---|---|---|
--port | Integer | 8080 | Dashboard port |
--host | String | 127.0.0.1 | Bind address |
Examples
# Launch on default port
br ui
# Custom port
br ui --port 9090
Opens a browser-based dashboard showing engagement results, findings, and reports.
br status
Show framework status.
br status
BlackRainbow
Plugins: 12 registered
Strategies: 3 registered
Targets: 5 registered
Model: connected (ollama @ localhost:11434)
Exit Codes
| Code | Meaning |
|---|---|
0 | Success |
1 | Config not found or invalid |
2 | Target unreachable |
3 | Plugin error |
4 | Execution error |
Environment Variables
| Variable | Description | Default |
|---|---|---|
BR_CONFIG | Default config file path | blackrainbow.yaml |
BR_MODEL_HOST | Model provider endpoint | http://localhost:11434 |
BR_OUTPUT_DIR | Default output directory | ./reports/ |
BR_LOG_LEVEL | Logging verbosity | info |
# Use environment variables
export BR_CONFIG=engagements/default.yaml
export BR_LOG_LEVEL=debug
br run