diff --git a/cmd/grimoire/lookup_flags.go b/cmd/grimoire/lookup_flags.go index f0c2f97..4d29495 100644 --- a/cmd/grimoire/lookup_flags.go +++ b/cmd/grimoire/lookup_flags.go @@ -15,12 +15,12 @@ var extendSearchWindow time.Duration // CLI flags shared between 'shell' and 'stratus-red-team' commands func initLookupFlags(cmd *cobra.Command) { - cmd.Flags().DurationVarP(&timeout, "timeout", "", 15*time.Minute, "TODO") - cmd.Flags().DurationVarP(&lookupInterval, "interval", "", 5*time.Second, "TODO") - cmd.Flags().DurationVarP(&extendSearchWindow, "extend-search-window", "", 0, "TODO") - cmd.Flags().IntVarP(&maxEvents, "max-events", "", 0, "TODO") - cmd.Flags().BoolVarP(&writeEventsOnly, "only-write-events", "", false, "TODO") + cmd.Flags().DurationVarP(&timeout, "timeout", "", 15*time.Minute, "Maximum time to wait for events to appear in CloudTrail logs") + cmd.Flags().DurationVarP(&lookupInterval, "interval", "", 5*time.Second, "Interval to check for new events. You might need to increase this if you're hitting AWS API rate limits") + cmd.Flags().DurationVarP(&extendSearchWindow, "extend-search-window", "", 0, "Extend the end of the search window by this amount of time") + cmd.Flags().IntVarP(&maxEvents, "max-events", "", 0, "Maximum number of events to retrieve before exiting") + cmd.Flags().BoolVarP(&writeEventsOnly, "only-write-events", "", false, "Only consider write events and ignore read-only ones") - cmd.Flags().StringSliceVarP(&includeEvents, "include-events", "", []string{}, "TODO") - cmd.Flags().StringSliceVarP(&excludeEvents, "exclude-events", "", []string{}, "TODO") + cmd.Flags().StringSliceVarP(&includeEvents, "include-events", "", []string{}, "Only consider specific CloudTrail events. Comma-separated and using the format 'service:Operation' (e.g. 's3:PutObject')") + cmd.Flags().StringSliceVarP(&excludeEvents, "exclude-events", "", []string{}, "Exclude specific CloudTrail events. Comma-separated and using the format 'service:Operation' (e.g. 's3:PutObject')") } diff --git a/cmd/grimoire/shell.go b/cmd/grimoire/shell.go index 822708e..779b915 100644 --- a/cmd/grimoire/shell.go +++ b/cmd/grimoire/shell.go @@ -34,7 +34,7 @@ func NewShellCommand() *cobra.Command { shellCmd := &cobra.Command{ Use: "shell", SilenceUsage: true, - Example: "TODO", + Example: "Run an interactive shell. Grimoire will inject a unique identifier to your HTTP user agent when using the AWS CLI.", RunE: func(cmd *cobra.Command, args []string) error { command := ShellCommand{ OutputFile: outputFile, @@ -49,9 +49,9 @@ func NewShellCommand() *cobra.Command { } initLookupFlags(shellCmd) - shellCmd.Flags().StringVarP(&outputFile, "output", "o", "", "TODO") - shellCmd.Flags().StringVarP(&commandToRun, "command", "c", "", "TODO") - shellCmd.Flags().StringVarP(&scriptToRun, "script", "", "", "TODO") + shellCmd.Flags().StringVarP(&outputFile, "output", "o", "", "Output file to write CloudTrail events to. Grimoire will overwrite the file if it exists, and create otherwise.") + shellCmd.Flags().StringVarP(&commandToRun, "command", "c", "", "Command to execute in the shell (instead of running an interactive shell)") + shellCmd.Flags().StringVarP(&scriptToRun, "script", "", "", "Path to a script to execute in the shell (instead of running an interactive shell)") return shellCmd } diff --git a/cmd/grimoire/stratus-red-team.go b/cmd/grimoire/stratus-red-team.go index 7cc8eea..3999dc9 100644 --- a/cmd/grimoire/stratus-red-team.go +++ b/cmd/grimoire/stratus-red-team.go @@ -39,7 +39,7 @@ func NewStratusRedTeamCommand() *cobra.Command { stratusRedTeamCommand := &cobra.Command{ Use: "stratus-red-team", SilenceUsage: true, - Example: "TODO", + Example: "Detonate a Stratus Red Team attack technique", RunE: func(cmd *cobra.Command, args []string) error { if stratusRedTeamAttackTechnique == "" { return errors.New("missing Stratus Red Team attack technique") @@ -56,8 +56,8 @@ func NewStratusRedTeamCommand() *cobra.Command { }, } - stratusRedTeamCommand.Flags().StringVarP(&stratusRedTeamAttackTechnique, "attack-technique", "", "", "TODO") - stratusRedTeamCommand.Flags().StringVarP(&outputFile, "output", "o", "", "TODO") + stratusRedTeamCommand.Flags().StringVarP(&stratusRedTeamAttackTechnique, "attack-technique", "", "", "Stratus Red Team attack technique to detonate. Use 'stratus list' to list available attack techniques or browse https://stratus-red-team.cloud/attack-techniques/list/.") + stratusRedTeamCommand.Flags().StringVarP(&outputFile, "output", "o", "", "Output file to write CloudTrail events to. Grimoire will overwrite the file if it exists, and create otherwise.") initLookupFlags(stratusRedTeamCommand) return stratusRedTeamCommand