Skip to main content
cyberstrike serve starts a long-running HTTP server that exposes the full CyberStrike API. Use it to run CyberStrike headlessly on a remote machine, integrate with external tools, or allow multiple clients to share a single agent runtime. 
cyberstrike serve [flags]
cyberstrike serve requires the CYBERSTRIKE_SERVER_PASSWORD environment variable to be set before it will start. This password protects the API from unauthorised access.
export CYBERSTRIKE_SERVER_PASSWORD=yourpassword
cyberstrike serve

Flags

--port
number
default:"4096"
Port to listen on. Can also be set via the server.port field in the global config file; the CLI flag takes precedence.
--hostname
string
default:"127.0.0.1"
Hostname or IP address to bind to. Defaults to 127.0.0.1 (loopback only). Set to 0.0.0.0 to accept connections from any interface, or use --mdns to do this automatically.
--mdns
boolean
default:"false"
Enable mDNS service discovery. When enabled, the server announces itself on the local network under the configured domain and the hostname defaults to 0.0.0.0.
--mdns-domain
string
default:"cyberstrike.local"
Custom mDNS service domain name used when --mdns is enabled.
--cors
string[]
Additional origins to allow for CORS. May be specified multiple times. Combined with any origins set in the global config.

Examples

export CYBERSTRIKE_SERVER_PASSWORD=secret
cyberstrike serve

Startup output

cyberstrike server listening on http://127.0.0.1:4096

Connecting to a running server

Once cyberstrike serve is running, connect to it from another process using cyberstrike run --attach: 
cyberstrike run --attach http://127.0.0.1:4096 "scan the authentication endpoints"
You can also pass --dir to specify the working directory on the remote server: 
cyberstrike run \
  --attach http://remote.host:4096 \
  --dir /opt/targets \
  "enumerate the target"

Configuration priority

Network options are resolved in this order (highest priority first):
  1. CLI flag (e.g. --port 8080)
  2. Global config (server.port in the CyberStrike global config file)
  3. Default value
This means you can set persistent server defaults in config and override them per-run with flags.

Use cases

Install CyberStrike on a jump box or cloud instance, start the server, and connect to it from your local machine using cyberstrike run --attach.
# On the remote machine
export CYBERSTRIKE_SERVER_PASSWORD=secret
cyberstrike serve --hostname 0.0.0.0 --port 4096

# On your local machine
cyberstrike run --attach http://remote-host:4096 "run the assessment"
Start the server at the beginning of a pipeline, run multiple cyberstrike run --attach commands against it, and shut it down when done.
export CYBERSTRIKE_SERVER_PASSWORD=$CI_SECRET
cyberstrike serve --port 4096 &
SERVER_PID=$!

cyberstrike run --attach http://localhost:4096 "phase 1: recon"
cyberstrike run --attach http://localhost:4096 --continue "phase 2: exploitation"

kill $SERVER_PID
Expose the server on your local network so team members on the same subnet can connect without knowing the IP address.
export CYBERSTRIKE_SERVER_PASSWORD=shared-secret
cyberstrike serve --mdns --mdns-domain cyberstrike.local

Build docs developers (and LLMs) love

Get started for freeTalk to us