A modern, powerful command-line interface for gULP — manage forensic document ingestion, querying, enrichment, and collaboration entirely from your terminal.
- 🔐 Authentication — secure login with token persistence
- 📥 Ingestion — ingest files (single/batch/wildcard), zip archives, with concurrent uploads
- 🔍 Querying — raw OpenSearch queries, Sigma rules, external plugins
- 🏷️ Enrichment — enrich documents, tag/untag, update fields
- 👥 User Management — create users, manage permissions (admin only)
- 📋 Operations — create/list/manage operations and contexts
- 🔌 Plugins — list/upload/download plugins and mapping files
- 🗺️ Enhance Maps — map document fields (e.g.,
gulp.event_code) to glyph/color per plugin - 🖼️ Glyphs — create/list/update/delete custom glyphs
- 🧩 Dynamic Extensions — load custom CLI commands from internal or user extension folders
- 📊 Stats — monitor ingestion and query requests
- 🎯 Collaboration — manage notes, links, highlights
All with beautiful terminal output, automatic tab completion, and async-first design.
# from pip
pip install gulp-cli
# or, for the latest development version:
python3 -m venv ./.venv
source ./.venv/bin/activate
git clone https://github.com/mentat-is/gulp-cli
cd gulp-cli && pip install -e .
# Verify installation
gulp-cli --helpfor the cli to work, set
"ws_ignore_missing": true(should be default in the v1.6.51 backend, though ...) in yourgulp_cfg.jsonto prevent the backend from halting operations when the CLI disconnects its websocket after sending an async request!
# Login to your gULP instance
gulp-cli auth login --url http://localhost:8080 --username admin --password admin
# Check who you are
gulp-cli auth whoami
# List operations
gulp-cli operation list
# Ingest files with wildcard
gulp-cli ingest file my_operation win_evtx 'samples/win_evtx/*.evtx'
# Query documents
gulp-cli query raw my_operation --q '{"query":{"match_all":{}}}'- Getting Started Guide — auth, first operation, first ingest
- Command Reference — all available commands and options
- Extensions Guide — dynamic extension loading and custom command contract
- Resource Management Commands — context, source, plugin, mapping, enhance-map, glyph
- Practical Examples — real-world workflows and recipes
- Troubleshooting — common issues and solutions