Commands

The CLI gives you access to the full range of Velociraptor’s features from your terminal. Whether you are running VQL queries, managing artifacts, mounting disk images or collection containers, or configuring the server, the CLI gives you a direct way to work with Velociraptor without the graphical interface.

Browse the command groups listed below to find the documentation for each command and its subcommands. You can also run velociraptor --help from your terminal for a quick overview of the available commands.

• The "acl" command group

Manipulate ACLs (access control lists).

• The "artifacts" command group

Commands for working with artifacts

• The "collector" command

Build an offline collector

• The "config" command group

Commands for working with the config

• The "deaddisk" command

Create a deaddisk configuration

• The "fs" command group

Run filesystem commands.

• The "fuse" command

Mount collection containers on folders.

• The "query" command

Run VQL queries on the command line.

• The "server_service" command group

Manipulate the Velociraptor server service on Windows.

• The "service" command group

Manipulate the Velociraptor client service on Windows and macOS.

• The "tools" command group

Commands for working with the tools inventory.

• The "user" command group

Commands for working with users

• Miscellaneous commands

All other commands not previously covered.