Every pentest I do the same thing: copy the same Authorization header
into curl, then ffuf, then nuclei. Token refreshes? Update everything.
Two targets at once? Constant confusion.
So I built scope, a lightweight CLI tool that remembers your session
(base URL, headers, proxy) and injects it automatically into whatever
tool you run.
scope new target --url https://api.target.com
scope set header "Authorization: Bearer eyJ..."
scope use target
scope curl /users # headers auto-injected
scope ffuf -w words.txt -u /FUZZ
scope nuclei -t exposures/
No GUI, no account, no cloud. Single binary, sessions stored as plain
JSON in ~/.scope/