CLI Reference

The ssi command-line interface provides access to every SSI capability from the terminal. It is useful for admins running batch scans, scripted automation, and quick lookups.

For installation instructions, see the SSI Developer Guide.

Command overview

ssi
├── investigate        Investigate suspicious URLs
│   ├── url            Single URL investigation
│   ├── batch          Batch investigation from file
│   ├── list           List past investigations
│   └── show           Show investigation detail
│
├── playbook           Manage playbooks
│   ├── list           List all playbooks
│   ├── show           Show playbook details
│   ├── validate       Validate playbook JSON
│   └── test-match     Test URL against patterns
│
├── wallet             Wallet extraction tools
│   ├── validate       Validate a wallet address
│   ├── scan           Scan text/file for wallets
│   ├── allowlist      Show token-network allowlist
│   ├── export         Export wallets to file
│   └── patterns       Show supported patterns
│
├── settings           Configuration management
│   ├── show           Display resolved settings
│   └── validate       Validate settings
│
└── --version          Show version

investigate

`ssi investigate url`

Run a single investigation.

ssi investigate url "<URL>" [OPTIONS]

Flag

Description

Default

--passive

Passive-only scan (no browser interaction)

false

--scan-type

Scan type: passive, active, full

full

--format

Output format: json, markdown, both

json

--output

Custom output directory

data/evidence/

--skip-whois

Skip WHOIS lookup

false

--skip-screenshot

Skip screenshot capture

false

--skip-virustotal

Skip VirusTotal check

false

--skip-urlscan

Skip urlscan.io check

false

--push-to-core

Push results to i4g core API

false

--trigger-dossier

Trigger dossier generation after push

false

Examples:

# Passive scan only
ssi investigate url "https://example.com" --passive

# Full investigation with both output formats
ssi investigate url "https://example.com" --format both

# Skip slow checks
ssi investigate url "https://example.com" --skip-whois --skip-virustotal

# Push results to core
ssi investigate url "https://example.com" --push-to-core --trigger-dossier

`ssi investigate batch`

Investigate multiple URLs from a file.

ssi investigate batch <FILE> [OPTIONS]

Flag

Description

Default

--passive

Passive-only for all URLs

false

--output

Output directory

data/evidence/

--concurrency

Parallel investigations

1

--events

Emit JSONL events to stdout

false

--resume

Skip already-completed URLs

false

--format

Input format: text (one URL per line) or json (structured)

auto-detect

Examples:

# Basic batch
ssi investigate batch urls.txt

# Parallel with event streaming
ssi investigate batch urls.txt --concurrency 3 --events > events.jsonl

# Resume interrupted batch
ssi investigate batch urls.txt --output ./results --resume

`ssi investigate list`

List past investigations from the database.

ssi investigate list

`ssi investigate show`

Display detail for a specific investigation.

ssi investigate show <SCAN_ID>

playbook

`ssi playbook list`

ssi playbook list [--json] [--dir PATH]

`ssi playbook show`

ssi playbook show <PLAYBOOK_ID> [--json] [--dir PATH]

`ssi playbook validate`

ssi playbook validate <PATH>

Validates JSON schema, template variables, and URL patterns.

`ssi playbook test-match`

ssi playbook test-match "<URL>" [--dir PATH]

Reports which playbook matches the URL.

wallet

`ssi wallet validate`

ssi wallet validate "<ADDRESS>"

Validates a wallet address and identifies the token/network.

`ssi wallet scan`

ssi wallet scan <SOURCE> [--json]

Scans a text file or raw content for wallet addresses.

`ssi wallet allowlist`

ssi wallet allowlist [--json] [--symbol SYMBOL] [--path PATH]

Displays the token-network allowlist. Filter by symbol or use a custom allowlist file.

`ssi wallet export`

ssi wallet export <FILE> [--format FORMAT] [--output PATH] [--filter/--no-filter]

Export wallets from an investigation JSON file to XLSX (default), CSV, or JSON.

`ssi wallet patterns`

ssi wallet patterns

Lists every supported token network and its detection regex.

settings

`ssi settings show`

ssi settings show

Displays the fully resolved configuration (after merging defaults, env-specific files, local overrides, and environment variables).

`ssi settings validate`

ssi settings validate

Checks that settings are valid and required services are reachable.

PreviousReports & Evidence NextConfiguration

Last updated 1 month ago

Good morning

hashtagCommand overview

hashtaginvestigate

hashtagssi investigate url

hashtagssi investigate batch

hashtagssi investigate list

hashtagssi investigate show

hashtagplaybook

hashtagssi playbook list

hashtagssi playbook show

hashtagssi playbook validate

hashtagssi playbook test-match

hashtagwallet

hashtagssi wallet validate

hashtagssi wallet scan

hashtagssi wallet allowlist

hashtagssi wallet export

hashtagssi wallet patterns

hashtagsettings

hashtagssi settings show

hashtagssi settings validate

Command overview

investigate

`ssi investigate url`

`ssi investigate batch`

`ssi investigate list`

`ssi investigate show`

playbook

`ssi playbook list`

`ssi playbook show`

`ssi playbook validate`

`ssi playbook test-match`

wallet

`ssi wallet validate`

`ssi wallet scan`

`ssi wallet allowlist`

`ssi wallet export`

`ssi wallet patterns`

settings

`ssi settings show`

`ssi settings validate`