Other Commands

The following list of commands are available in addition to the web security testing modes:


The "swagger" command helps you split a swagger definition file into individual requests saved into separate files. Each file can be then used with the various testing tools. The "swagger" command is most useful when testing web APIs.

Consider the following example:

$ cohesion swagger api-spec.json spec/

The folder "spec" now contains the request files for fuzzing. Consult with the swagger command manual for more information.


The "dump" command is used to export and preview the contents of serialized files. These are files normally produced with some types of specialist tools such as SecApps Fuzzer and SecApps Rest.

Use the following command to dump a request:

$ cohesion dump request.rest


With the "show" command you can explore various Cohesion aspects such as the list of vulnerabilities, the list of vulnerability checks, severity levels and more.

For example, execute the following command to show the list of severity levels and their corresponding values. This is useful to configure various aspects of other tools.

$ cohesion show levels


This documentation is also available in Cohesion itself. To access the docs use the "docs" command.

$ cohesion docs

The docs view is fully interactive. You can access various topics using the built-in interactive menu.


Cohesion is a commercial software product. Use the license command to preview your current license.

$ cohesion license