-
Notifications
You must be signed in to change notification settings - Fork 9
Usage
Complete reference for all vt commands. Run vt --help or vt <command> --help at any time for inline help.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--verbosity |
-v |
info |
Log level: debug, info, warn, error, fatal, panic
|
--help |
Show help and the banner | ||
--version |
Print the current version |
vt template --list
# or
vt template -lExample output:
+------------------+--------------------------------------+--------+-------+------+
| ID | NAME | TYPE | CVSS | TAGS |
+------------------+--------------------------------------+--------+-------+------+
| vt-dvwa | Damn Vulnerable Web App | Lab | | php |
| vt-juice-shop | OWASP Juice Shop | Lab | | owasp|
| vt-2025-29927 | Next.js Middleware Bypass | CVE | 9.1 | ... |
| vt-xbow-001 | XBow Benchmark 001 | Bench | | ... |
+------------------+--------------------------------------+--------+-------+------+
vt template --list --filter <keyword>
# or
vt template -l -f <keyword>Examples:
# Show only PHP-based templates
vt template --list --filter php
# Show only OWASP projects
vt template --list --filter owasp
# Find SQL-related templates
vt template --list --filter sql
# Find CVE templates for Next.js
vt template --list --filter nextjsClones the vt-templates repo on first run. Subsequent calls do a git pull.
vt template --update
# or
vt template -uDisplays full metadata for a template or playbook as a formatted table.
vt inspect --id <template-id>Examples:
vt inspect --id vt-juice-shop
vt inspect --id vt-2025-29927
vt inspect --id vt-pb-0001Fields shown:
| Field | Description |
|---|---|
| ID | Unique identifier |
| Name | Human-readable name |
| Description | Purpose and background |
| Author | Template author |
| Type |
Lab, CVE, or Benchmark
|
| Targets | Attack surface categories |
| Affected Versions | Vulnerable version ranges |
| CVE / CWE | CVE and CWE identifiers |
| CVSS | Score and metrics string |
| Tags | Searchable keywords |
| References | External links |
| PoC | Proof-of-concept tool files (Nuclei, Semgrep) |
| Remediation | Suggested fixes |
| Providers | Deployment methods available |
| Post-Install | Access URLs and setup notes |
vt start --id <template-id># Optional: specify provider (only docker-compose is available today)
vt start --id <template-id> --provider docker-compose
# or
vt start --id <template-id> -p docker-composeExamples:
vt start --id vt-dvwa
vt start --id vt-juice-shop
vt start --id vt-2025-29927After startup, VT prints any post-install instructions (access URLs, default credentials, configuration steps) defined in the template.
vt stop --id <template-id># Optional: specify provider
vt stop --id <template-id> --provider docker-composeExamples:
vt stop --id vt-dvwa
vt stop --id vt-2025-29927Shows all environments currently running, across all providers.
vt psExample output:
+----------------+------------------+---------+---------------------+
| PROVIDER | TEMPLATE ID | STATUS | CREATED AT |
+----------------+------------------+---------+---------------------+
| docker-compose | vt-dvwa | running | 2026-05-17 10:23:41 |
| docker-compose | vt-juice-shop | running | 2026-05-17 10:25:02 |
+----------------+------------------+---------+---------------------+
Playbooks let you start or stop multiple templates with a single command. See the Playbooks page for the full guide.
vt playbook listvt playbook run --id <playbook-id>
# or with provider flag
vt playbook run --id <playbook-id> --provider docker-composevt playbook stop --id <playbook-id>VT starts (or stops) every template in the playbook sequentially. If one template fails, it logs the error and continues. A summary is printed at the end.
# Debug mode — shows internal steps
vt start --id vt-dvwa --verbosity debug
# Suppress info messages
vt template --list --verbosity warn| Path | Purpose |
|---|---|
~/vt-templates/ |
Local clone of the vt-templates repository |
~/.vt-cli/ |
VT state and storage |
Vulnerable Target
Usage
Reference
Contributing