Updated Usage Documentation (markdown)

2024-11-21 18:41:35 +01:00 · 2017-06-13 00:09:25 +02:00 · 2017-06-13 00:09:25 +02:00 · eaf6d2fb80
commit eaf6d2fb80
parent 56ef2b9ad5
1 changed files with 10 additions and 3 deletions
--- a/Usage-Documentation.md
+++ b/Usage-Documentation.md
@ -24,15 +24,22 @@ All options requiring a value can be called with or without '=' e.g. ``testssl.s
                                   (if pattern not a number: word match)
 ##### INPUT PARAMETERS

-     URI                           host|host:port|URL|URL:port   (port 443 is assumed unless otherwise specified)
+     URI                           {host,ip,URL}:<port>   (port 443 is assumed unless otherwise specified)
+                                   Please be careful: if checks for the IP address might not hit the vhost you want.
+
     pattern                       an ignore case word pattern of cipher hexcode or any other string in the name, kx or bits
     protocol                      is one of ftp,smtp,pop3,imap,xmpp,telnet,ldap (for the latter two you need e.g. the supplied openssl)
    --file <fname>                 Mass testing option: Reads command lines from <fname> in plaintext format, one line per instance.
                                   Comments via # allowed, EOF signals end of <fname>. Implicitly turns on "--warnings batch".
                                   Per default mass testing is being run in serial mode, i.e. one line after the other is processed and invoked.
-                                   Besides having individual command line options per line in the supplied file you can additionally specify options on the command line. The command line options in the file and on the command line must not conflict.
+                                   Besides having individual command line options per line in the supplied file you can additionally specify options on the command line. 
+                                   The command line options in the file and on the command line must not conflict.
                                   
-                                   Alternatively <fname> can be in nmap's greppable output format (-oG). Currently only 1x port per line is allowed. The ports can be different per line, however per mass testing run they can be either STARTTLS enabled ports OR plain TLS/SSL ports.
+                                   Alternatively <fname> can be in nmap's grep(p)able output format (-oG). Only open ports will be considered. Currently only 1x port per line is allowed. 
+                                   The ports can be different per line, however per mass testing run they can be either STARTTLS enabled ports OR plain TLS/SSL ports, not both. 
+                                   nmap returns in that putput always IP addresses and -- only if there's a PTR DNS record available -- a hostname. 
+                                   Unfortunately this hostname from nmap is not checked whether it matches the IP (A or AAAA record). testssl.sh does this for you: 
+                                   if the A record of the hostname matches the IP address, the hostname is used and not the IP address. Please be careful: checks for the IP address might not hit the vhost you want.

     --mode <serial|parallel>      Mass testing to be done serial (default) or parallel (--parallel is shortcut for the latter)