diff --git a/README.md b/README.md index e35c42a..c869294 100644 --- a/README.md +++ b/README.md @@ -22,23 +22,32 @@ ## Usage ``` -usage: ssh-audit.py [-1246pbcnjvlt] +usage: ssh-audit.py [options] + -h, --help print this help -1, --ssh1 force ssh version 1 only -2, --ssh2 force ssh version 2 only -4, --ipv4 enable IPv4 (order of precedence) -6, --ipv6 enable IPv6 (order of precedence) - -p, --port= port to connect -b, --batch batch output -c, --client-audit starts a server on port 2222 to audit client software config (use -p to change port; use -t to change timeout) - -n, --no-colors disable colors -j, --json JSON output - -v, --verbose verbose output -l, --level= minimum output level (info|warn|fail) + -L, --list-policies list all the official, built-in policies + -M, --make-policy= creates a policy based on the target server + (i.e.: the target server has the ideal + configuration that other servers should + adhere to) + -n, --no-colors disable colors + -p, --port= port to connect + -P, --policy= run a policy test using the specified policy -t, --timeout= timeout (in seconds) for connection and reading (default: 5) + -T, --targets= a file containing a list of target hosts (one + per line, format HOST[:PORT]) + -v, --verbose verbose output ``` * if both IPv4 and IPv6 are used, order of precedence can be set by using either `-46` or `-64`. * batch flag `-b` will output sections without header and without empty lines (implies verbose flag). diff --git a/ssh-audit.py b/ssh-audit.py index b5c9349..25d3af6 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -68,25 +68,23 @@ def usage(err: Optional[str] = None) -> None: uout.head('# {} {}, https://github.com/jtesta/ssh-audit\n'.format(p, VERSION)) if err is not None and len(err) > 0: uout.fail('\n' + err) - uout.info('usage: {0} [-h1246ptbcMPjlLnv] \n'.format(p)) + uout.info('usage: {0} [options] \n'.format(p)) uout.info(' -h, --help print this help') uout.info(' -1, --ssh1 force ssh version 1 only') uout.info(' -2, --ssh2 force ssh version 2 only') uout.info(' -4, --ipv4 enable IPv4 (order of precedence)') uout.info(' -6, --ipv6 enable IPv6 (order of precedence)') - uout.info(' -p, --port= port to connect') - uout.info(' -t, --timeout= timeout (in seconds) for connection and reading\n (default: 5)') - uout.info(' -T, --targets= a file containing a list of target hosts (one\n per line, format HOST:PORT)') - uout.info('') uout.info(' -b, --batch batch output') uout.info(' -c, --client-audit starts a server on port 2222 to audit client\n software config (use -p to change port;\n use -t to change timeout)') - uout.info(' -M, --make-policy= creates a policy based on the target server\n (i.e.: the target server has the ideal\n configuration that other servers should\n adhere to)') - uout.info(' -P, --policy= run a policy test using the specified policy') - uout.info('') uout.info(' -j, --json JSON output') uout.info(' -l, --level= minimum output level (info|warn|fail)') uout.info(' -L, --list-policies list all the official, built-in policies') + uout.info(' -M, --make-policy= creates a policy based on the target server\n (i.e.: the target server has the ideal\n configuration that other servers should\n adhere to)') uout.info(' -n, --no-colors disable colors') + uout.info(' -p, --port= port to connect') + uout.info(' -P, --policy= run a policy test using the specified policy') + uout.info(' -t, --timeout= timeout (in seconds) for connection and reading\n (default: 5)') + uout.info(' -T, --targets= a file containing a list of target hosts (one\n per line, format HOST[:PORT])') uout.info(' -v, --verbose verbose output') uout.sep() sys.exit(1)