Skip to main content

Usage

vulcn record <url> [options]

Arguments

ArgumentDescriptionRequired
urlStarting URL to record fromYes

Options

OptionDescriptionDefault
-o, --output <file>Output file pathsession.vulcn.yml
-b, --browser <browser>Browser to use (chromium, firefox, webkit)chromium
--headlessRun in headless modefalse

Description

The record command opens a browser window and captures your interactions with a web application. Every click, form input, and navigation is recorded into a session file that can be replayed with security payloads.

Examples

Basic Recording

vulcn record https://example.com
This opens Chromium, records your interactions, and saves to session.vulcn.yml.

Custom Output File

vulcn record https://example.com --output login-flow.vulcn.yml

Use Firefox

vulcn record https://example.com --browser firefox

Headless Recording

Headless recording is generally not recommended as you can’t see what you’re recording. It’s useful for automated scenarios where you control the page programmatically.
vulcn record https://example.com --headless

Session File Format

The recorded session is saved as a YAML file: 
name: Session 2026-02-06
startUrl: https://example.com
browser: chromium
steps:
  - id: step_001
    type: navigate
    url: https://example.com
    timestamp: 1707192000000

  - id: step_002
    type: click
    selector: "#login-button"
    timestamp: 1707192005000

  - id: step_003
    type: fill
    selector: "input[name='username']"
    value: testuser
    timestamp: 1707192010000

  - id: step_004
    type: fill
    selector: "input[name='password']"
    value: "********"
    timestamp: 1707192015000

  - id: step_005
    type: click
    selector: "button[type='submit']"
    timestamp: 1707192020000

Step Types

TypeDescriptionFields
navigatePage navigationurl
clickMouse clickselector
fillText inputselector, value
selectDropdown selectionselector, value
checkCheckbox toggleselector

Tips

Focus on input fields: Record interactions that involve user input—forms, search boxes, comments. These are the injection points Vulcn will test.
Keep sessions focused: Record one workflow per session (login, search, checkout). This makes it easier to identify which workflow triggered a vulnerability.
Vulcn automatically masks password fields in the session file. The actual values are not stored—only that a password field was filled.