Signing up
If you haven't done so yet, the fastest way to get started is to sign up for a free plan at https://mayhem4api.forallsecure.com/signup. If you already have an account, then you are ready to go for the next steps!
Installation
The Mayhem for API CLI is available to download for various common platforms.
ℹ️ The CLI will automatically keep itself updated when used as we make fixes and bug improvements.
MacOS
curl -Lo mapi https://mayhem4api.forallsecure.com/downloads/cli/latest/macos/mapi \
&& chmod +x mapi
Here's an easy way to add the mapi
executable to your path:
sudo mv mapi /usr/local/bin
You may download this SHA256 checksum or this SHA512 checksum to verify the integrity of the file you downloaded.
Linux (64-bit)
curl -Lo mapi https://mayhem4api.forallsecure.com/downloads/cli/latest/linux-musl/mapi \
&& chmod +x mapi
Here's an easy way to add the mapi
executable to your path:
sudo mkdir -p /usr/local/bin/
sudo install mapi /usr/local/bin/
You may download this SHA256 checksum or this SHA512 checksum to verify the integrity of the file you downloaded.
Windows (64-bit)
From a Windows 10 terminal (PowerShell or cmd
):
curl.exe -Lo mapi.exe https://mayhem4api.forallsecure.com/downloads/cli/latest/windows-amd64/mapi.exe
or download :
https://mayhem4api.forallsecure.com/downloads/cli/latest/windows-amd64/mapi.exe
You may download this SHA256 checksum or this SHA512 checksum to verify the integrity of the file you downloaded.
Test it out!
Make sure the CLI works by running:
mapi --help
Authentication
The mapi
CLI communicates with our API using
OAuth 2.0 Bearer Tokens. The token
will be read by the environment variable, MAPI_TOKEN
, if available.
To get a new token, visit the "Manage API Tokens page"
to create a new token, <NEW_TOKEN>
, and login:
$ mapi login <NEW_TOKEN>
Welcome to Mayhem for API! We have saved a new API token in
your local settings at '/Users/mapi_fuzzer/Library/Preferences/rs.mapi/mapi.toml':
3BzW...
Setting the displayed API Token to the environment variable, MAPI_TOKEN
, will
allow you to run the CLI on other computers, such as part of your Continuous
Integration build.
Now you can try contacting the API. Let's get the list of targets to which you have access:
mapi target list
You should see an (empty) list of API targets. Let's add our first target so that list won't stay empty for long.