Add CLI docs

DataDog · Aug 8, 2024 · 8afeba7 · 8afeba7
1 parent 49e9478
commit 8afeba7
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 14 deletions.
diff --git a/cmd/grimoire/lookup_flags.go b/cmd/grimoire/lookup_flags.go
@@ -15,12 +15,12 @@ var extendSearchWindow time.Duration
 
 // CLI flags shared between 'shell' and 'stratus-red-team' commands
 func initLookupFlags(cmd *cobra.Command) {
-	cmd.Flags().DurationVarP(&timeout, "timeout", "", 15*time.Minute, "TODO")
-	cmd.Flags().DurationVarP(&lookupInterval, "interval", "", 5*time.Second, "TODO")
-	cmd.Flags().DurationVarP(&extendSearchWindow, "extend-search-window", "", 0, "TODO")
-	cmd.Flags().IntVarP(&maxEvents, "max-events", "", 0, "TODO")
-	cmd.Flags().BoolVarP(&writeEventsOnly, "only-write-events", "", false, "TODO")
+	cmd.Flags().DurationVarP(&timeout, "timeout", "", 15*time.Minute, "Maximum time to wait for events to appear in CloudTrail logs")
+	cmd.Flags().DurationVarP(&lookupInterval, "interval", "", 5*time.Second, "Interval to check for new events. You might need to increase this if you're hitting AWS API rate limits")
+	cmd.Flags().DurationVarP(&extendSearchWindow, "extend-search-window", "", 0, "Extend the end of the search window by this amount of time")
+	cmd.Flags().IntVarP(&maxEvents, "max-events", "", 0, "Maximum number of events to retrieve before exiting")
+	cmd.Flags().BoolVarP(&writeEventsOnly, "only-write-events", "", false, "Only consider write events and ignore read-only ones")
 
-	cmd.Flags().StringSliceVarP(&includeEvents, "include-events", "", []string{}, "TODO")
-	cmd.Flags().StringSliceVarP(&excludeEvents, "exclude-events", "", []string{}, "TODO")
+	cmd.Flags().StringSliceVarP(&includeEvents, "include-events", "", []string{}, "Only consider specific CloudTrail events. Comma-separated and using the format 'service:Operation' (e.g. 's3:PutObject')")
+	cmd.Flags().StringSliceVarP(&excludeEvents, "exclude-events", "", []string{}, "Exclude specific CloudTrail events. Comma-separated and using the format 'service:Operation' (e.g. 's3:PutObject')")
 }
diff --git a/cmd/grimoire/shell.go b/cmd/grimoire/shell.go
@@ -34,7 +34,7 @@ func NewShellCommand() *cobra.Command {
 	shellCmd := &cobra.Command{
 		Use:          "shell",
 		SilenceUsage: true,
-		Example:      "TODO",
+		Example:      "Run an interactive shell. Grimoire will inject a unique identifier to your HTTP user agent when using the AWS CLI.",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			command := ShellCommand{
 				OutputFile:   outputFile,
@@ -49,9 +49,9 @@ func NewShellCommand() *cobra.Command {
 	}
 
 	initLookupFlags(shellCmd)
-	shellCmd.Flags().StringVarP(&outputFile, "output", "o", "", "TODO")
-	shellCmd.Flags().StringVarP(&commandToRun, "command", "c", "", "TODO")
-	shellCmd.Flags().StringVarP(&scriptToRun, "script", "", "", "TODO")
+	shellCmd.Flags().StringVarP(&outputFile, "output", "o", "", "Output file to write CloudTrail events to. Grimoire will overwrite the file if it exists, and create otherwise.")
+	shellCmd.Flags().StringVarP(&commandToRun, "command", "c", "", "Command to execute in the shell (instead of running an interactive shell)")
+	shellCmd.Flags().StringVarP(&scriptToRun, "script", "", "", "Path to a script to execute in the shell (instead of running an interactive shell)")
 
 	return shellCmd
 }

diff --git a/cmd/grimoire/stratus-red-team.go b/cmd/grimoire/stratus-red-team.go
@@ -39,7 +39,7 @@ func NewStratusRedTeamCommand() *cobra.Command {
 	stratusRedTeamCommand := &cobra.Command{
 		Use:          "stratus-red-team",
 		SilenceUsage: true,
-		Example:      "TODO",
+		Example:      "Detonate a Stratus Red Team attack technique",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			if stratusRedTeamAttackTechnique == "" {
 				return errors.New("missing Stratus Red Team attack technique")
@@ -56,8 +56,8 @@ func NewStratusRedTeamCommand() *cobra.Command {
 		},
 	}
 
-	stratusRedTeamCommand.Flags().StringVarP(&stratusRedTeamAttackTechnique, "attack-technique", "", "", "TODO")
-	stratusRedTeamCommand.Flags().StringVarP(&outputFile, "output", "o", "", "TODO")
+	stratusRedTeamCommand.Flags().StringVarP(&stratusRedTeamAttackTechnique, "attack-technique", "", "", "Stratus Red Team attack technique to detonate. Use 'stratus list' to list available attack techniques or browse https://stratus-red-team.cloud/attack-techniques/list/.")
+	stratusRedTeamCommand.Flags().StringVarP(&outputFile, "output", "o", "", "Output file to write CloudTrail events to. Grimoire will overwrite the file if it exists, and create otherwise.")
 	initLookupFlags(stratusRedTeamCommand)
 
 	return stratusRedTeamCommand