> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vigolium.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Scanning Modes Overview

> Pick the right scanning mode based on what you have: a URL, source code, an AI agent, or all of the above.

<Frame caption="Vigolium Native Scan">
  <img src="https://mintcdn.com/vigolium/7sCvbc6tyfE0FRFM/images/vigolium-native-scan.png?fit=max&auto=format&n=7sCvbc6tyfE0FRFM&q=85&s=c8a94abe488e2008abfb50402b64251f" alt="Vigolium Native Scan" width="2872" height="1750" data-path="images/vigolium-native-scan.png" />
</Frame>

Vigolium supports multiple scanning modes depending on what you have available: just a URL, source code, an AI agent, or all of the above. This document helps you pick the right mode and understand the execution pipeline.

## Scanning Modes at a Glance

| Mode                 | What You Need           | Command                                                                      | What It Does                                                                                   |
| -------------------- | ----------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
| **Lite**             | URL                     | `vigolium scan -t URL --strategy lite`                                       | Audit only, no discovery                                                                       |
| **Balanced**         | URL                     | `vigolium scan -t URL`                                                       | Discovery + spidering + known-issue-scan + dynamic-assessment                                  |
| **Deep**             | URL                     | `vigolium scan -t URL --strategy deep`                                       | Adds external harvesting to balanced                                                           |
| **Extension**        | URL + JS extensions     | `vigolium run extension -t URL --ext script.js`                              | Run only custom extension modules                                                              |
| **Agent, Query**     | Source code + provider  | `vigolium agent query --prompt-template security-code-review --source ./app` | One-shot AI code review                                                                        |
| **Agent, Swarm**     | URL (+ optional source) | `vigolium agent swarm -t URL [--source ./app]`                               | AI plans modules + JS extensions, native scanner runs them                                     |
| **Agent, Autopilot** | URL (+ optional source) | `vigolium agent autopilot -t URL [--source ./app]`                           | AI drives bash/files/CLI autonomously                                                          |
| **Agent, Audit**     | Source code             | `vigolium agent audit --source ./app --mode deep`                            | Multi-phase whitebox security audit (driver dispatcher: `--driver auto\|both\|audit\|piolium`) |

## Decision Guide

```
Do you have application source code?
├── No
│   ├── Quick single-URL test? ──────────────── vigolium scan-url <URL>
│   ├── Want fast results? ──────────────────── vigolium scan -t URL --strategy lite
│   ├── Standard scan? ──────────────────────── vigolium scan -t URL
│   ├── Maximum external recon? ─────────────── vigolium scan -t URL --strategy deep
│   ├── AI-guided targeted scan? ────────────── vigolium agent swarm -t URL
│   ├── AI-driven autonomous pentest? ───────── vigolium agent autopilot -t URL
│   └── Custom extension scripts only? ──────── vigolium run extension -t URL --ext script.js
│
└── Yes
    ├── One-shot code review? ──────────────── vigolium agent query --prompt-template security-code-review --source ./app
    ├── Multi-phase code audit? ────────────── vigolium agent audit --source ./app --mode deep
    ├── AI-guided dynamic scan w/ source? ──── vigolium agent swarm -t URL --source ./app --code-audit
    └── Autonomous pentest w/ source? ──────── vigolium agent autopilot -t URL --source ./app
```

## Phase Execution Pipeline

Phases execute in this order. Each strategy enables a subset of these phases:

```
1. Heuristics Check     Pre-flight probe (detect WAF, redirects, tech stack)
2. External Harvesting  Query Wayback, CommonCrawl, AlienVault OTX, URLScan, VirusTotal
3. Discovery            Content discovery (brute-force dirs/files, JS analysis)
4. Spidering            Browser-based crawling (Chromium), SPA support, form filling
5. KnownIssueScan       Nuclei templates + Kingfisher secret scanning
6. Dynamic-Assessment   Active + passive scanner modules against all discovered endpoints
                        (user-supplied JS/YAML extensions also dispatch here)
```

## Strategy Comparison

| Phase               | Lite | Balanced | Deep |
| ------------------- | :--: | :------: | :--: |
| External Harvesting |   -  |     -    |  yes |
| Discovery           |   -  |    yes   |  yes |
| Spidering           |   -  |    yes   |  yes |
| KnownIssueScan      |   -  |    yes   |  yes |
| Dynamic-Assessment  |  yes |    yes   |  yes |

**Balanced** is the default strategy when `--strategy` is not specified.

## Phase Aliases

The canonical phase names are `discovery`, `spidering`, `dynamic-assessment`, and `extension`. The following aliases work with `--only` and `--skip`:

| Alias        | Canonical Phase      |
| ------------ | -------------------- |
| `deparos`    | `discovery`          |
| `discover`   | `discovery`          |
| `spitolas`   | `spidering`          |
| `audit`      | `dynamic-assessment` |
| `dast`       | `dynamic-assessment` |
| `assessment` | `dynamic-assessment` |
| `ext`        | `extension`          |

## Phase Control: `--only` and `--skip`

These two flags are **mutually exclusive**. Using both produces an error.

### `--only <phase>`: Run a Single Phase

Disables all other phases and turns off heuristics.

```bash theme={null}
# Run only content discovery
vigolium scan -t https://example.com --only discovery

# Run only the dynamic-assessment phase (active + passive vulnerability scan)
vigolium scan -t https://example.com --only dynamic-assessment
# Aliases also work:
# vigolium scan -t https://example.com --only audit

# Run only custom extensions (skip built-in modules)
vigolium scan -t https://example.com --only extension --ext my-scanner.js
# Or using the alias:
vigolium scan -t https://example.com --only ext --ext my-scanner.js
```

Valid values: `ingestion`, `discovery` (`deparos`/`discover`), `spidering` (`spitolas`), `external-harvest`, `known-issue-scan`, `dynamic-assessment` (`audit`/`dast`/`assessment`), `extension` (`ext`).

### `--skip <phase>`: Skip Specific Phases

Disables named phases while keeping all others enabled by the strategy.

```bash theme={null}
# Skip spidering in a balanced scan
vigolium scan -t https://example.com --skip spidering

# Skip both discovery and known-issue-scan
vigolium scan -t https://example.com --skip discovery --skip known-issue-scan
```

### `vigolium run <phase>` Shortcut

`vigolium run <phase>` is a direct alias for `vigolium scan --only <phase>`:

```bash theme={null}
# These are equivalent:
vigolium run discovery -t https://example.com
vigolium scan -t https://example.com --only discovery

# Run only extension modules:
vigolium run extension -t https://example.com --ext my-scanner.js
```

## Scanning Profiles

A **scanning strategy** only toggles phases on/off. A **scanning profile** goes further, it bundles strategy, pace, scope, discovery, spidering, and module configuration into a single YAML file that overrides the main config when selected.

### Using a Profile

```bash theme={null}
# Use the built-in standard profile
vigolium scan -t https://example.com --scanning-profile standard

# Use a custom profile by name (resolved from profiles_dir)
vigolium scan -t https://example.com --scanning-profile api-pentest

# Use a profile by path
vigolium scan -t https://example.com --scanning-profile ~/profiles/custom.yaml

# List available profiles and strategies
vigolium strategy ls
```

### Creating a Custom Profile

Create a YAML file in `~/.vigolium/profiles/`. The first line can contain a `# description:` comment that appears in `vigolium strategy ls`.

A profile can override any combination of these config sections (omitted sections keep their main config values):

```yaml theme={null}
# description: Fast API-focused scan with minimal discovery
scanning_strategy:
  default_strategy: lite

scanning_pace:
  concurrency: 100
  rate_limit: 200

discovery:
  mode: files_only

known_issue_scan:
  enrich_targets: false         # host-level only (faster)

dynamic-assessment:
  max_findings_per_module: 10   # cap noisy modules
  enabled_modules:
    active_modules:
      - sqli-error-based
      - xss-reflected-brutelogic
    passive_modules:
      - all

scope:
  path:
    include:
      - "/api/*"
```

Overridable sections: `scanning_strategy`, `scanning_pace`, `discovery`, `spidering`, `known_issue_scan`, `dynamic-assessment`, `external_harvester`, `mutation_strategy`, `scope`.

### Profile Configuration

Set a default profile or change the profiles directory in `vigolium-configs.yaml`:

```yaml theme={null}
scanning_strategy:
  scanning_profile: ""                    # empty = no profile, use default_strategy
  profiles_dir: ~/.vigolium/profiles/     # directory for profile YAML files
```

### Override Precedence

Profiles slot between CLI flags and the main config file:

1. CLI flags (`--strategy`, `-c`, `--discover-max-time`, etc.)
2. `--scanning-profile` / `scanning_strategy.scanning_profile`
3. Main config file (`vigolium-configs.yaml`)
4. Built-in defaults

## Source-Aware Scanning

Source code-aware analysis lives in agent mode, not in the native scanner. Use `vigolium agent swarm --source <path>` for AI-driven route extraction + code audit + targeted scanning, `vigolium agent autopilot --source <path>` for autonomous pentest with code context, or `vigolium agent audit --source <path> --mode deep` for a standalone multi-phase whitebox audit.

See [Agent Mode](/agentic-scan/agent-mode) for the full overview.
