Running the Card Recon CLI

Running the Card Recon CLI executable immediately attempts a scan.

When the Card Recon runs, it looks for these files in its directory:

cardrecon.cfg: default Card Recon configuration file.
<license-file-name>.li2: Offline License File; Card Recon looks for any file ending with .li2.

If it finds any of these files in the directory that the Card Recon executable occupies, it will try to load them when the Card Recon runs.

The Card Recon CLI automatically loads cardrecon.cfg when run, altering your scan configuration. If your loaded cardrecon.cfg is set up for Card Recon to load a specific journal file, Card Recon loads that journal file when run with cardrecon.cfg.

If you do not want to load these files when you run the Card Recon CLI, use the -c and -journal flags OR remove these files from the directory.

For more information, see Card Recon CLI Options.

Running the Card Recon CLI on Windows

Locate the Windows CLI executable: cr_x.x.x.exe

There are 2 ways to run the Windows CLI.

Method 1

Locate cr_x.x.x.exe in Windows Explorer.
Right-click cr_x.x.x.exe, select Run as administrator and enter the administrator password if prompted.
In the terminal, Card Recon will prompt you to validate your license.
Log in using one of the three methods (see Logging into Card Recon for more information):
- Ground Labs Login.
- Use an Online Token.
- Use Offline License File.

Card Recon may ask you to select a Client and Project Group. If you are the only user or the licensee, select Default Client and Default Project when prompted . If not, check with your system administrator or the licensee.

Card Recon will run with default settings – i.e. it scans all local storage with default search parameters (see Selecting Card Data Types for more information).

Method 2

Click Start to open the Start Menu.
Enter cmd to search for cmd.exe, or find it in Start > All Programs > Accessories > Command Prompt.
Right-click cmd.exe or the Command Prompt program and select Run as administrator. Enter the administrator password if prompted.
In the newly-opened Command Prompt window, navigate to the folder where your Card Recon executable is located.

# If your Card Recon executable is in the Downloads folder cd c:\User\username\Downloads\
To run the Card Recon executable with default settings, issue this command:

# Run a default scan, save a compliance report and an encrypted database journal file. cr_x.x.x.exe -j journal-filename.jnl -password-inline password

Saving a database journal file allows you to inspect and remediate matches in the Card Recon GUI.
Card Recon prompts you to validate your license.
Log in using one of the three methods (see Logging into Card Recon for more information):
- Ground Labs Login.
- Use an Online Token.
- Use Offline License file.
Card Recon may ask you to select a Client and Project Group. If you are the only user or the licensee, select Default Client and Default Project when prompted . If not, check with your system administrator or the licensee.
Once logged in, Card Recon runs a scan with default settings. When the scan completes, Card Recon automatically saves a compliance report.

To inspect and remediate matches found by Card Recon, load the database journal file (e.g. journal-filename.jnl) saved by the Card Recon CLI in the Card Recon GUI (see Results and Remediation).

Running the Card Recon CLI on Linux and Unix-like Systems

In the Terminal, locate the Card Recon executable. E.g. cr_linux26_x.x.x.
Open your terminal and run:

chmod u+x cr_linux26_x.x.x
Run the following command as root:

# Run a default scan, save a compliance report and an encrypted database journal file. ./cr_linux26_x.x.x -j journal-filename.jnl -password-inline password
Card Recon prompts you to validate your license.

Managing licenses
Project and license groups are usually used by the licensees or IT administrators who manage your software licenses to assign permissions to certain groups of users.

If you are not sure of which project or license group to use, contact your IT administrator or the licensee for more information. If you are the licensee, IT administrator, or the only user, you can choose Default Project or Default Client.

For more information on how to manage your licenses, please see Card Recon Licensing.
Log in using one of the three methods (see Logging into Card Recon for more information):
- Ground Labs Login.
- Use an Online Token.
- Use Offline License File.
Card Recon may ask you to select a Client and Project Group. If you are the only user or the licensee, select Default Client and Default Project when prompted . If not, check with your system administrator or the licensee.

If you have not assigned a license to the current Target, Card Recon will return a list of licenses available in your Ground Labs Services Portal.
Card Recon CLI displaying the list of available licenses when attempting to scan a Target without an assigned license.

Card Recon should ask you to confirm authorization of the Target. For more information on Card Recon licensing, see Card Recon Licensing.

Card Recon starts scanning the Target with default settings.

Once done, Card Recon automatically saves a compliance report. To inspect and remediate matches found by Card Recon, load the database journal file (e.g. journal-filename.jnl) saved by the Card Recon CLI in the Card Recon GUI (see Results and Remediation).

To open these files, issue the following command as administrator:

# Where <filename>.pdf is the file saved by Card Recon that you want to open. chmod 644 <filename>.pdf

If you are running the Card Recon CLI with sudo, then Card Recon saves files (configuration files, database journal files, and compliance reports) as root.