Add help information to cli

sinlimites00 · Oct 23, 2015 · 4033c59 · 4033c59
1 parent f796a01
commit 4033c59
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -5,20 +5,23 @@ This script uses a vulnerability discovered in the XML-RPC implementation in Wor
 ## Usage
 
 ```
-usage: wpxmlrpcbrute.py [-h] [-c COUNT] [-t THREADS] [-u USER] [-a USER_AGENT]
-                        [-l LEVEL]
+usage: wpxmlrpcbrute.py [-h] [-c COUNT] [-t THREADS] [-u USER] [-l LEVEL]
                         url wordlist
 
 positional arguments:
-  url
-  wordlist
+  url                   URL of WordPress site to brute force
+  wordlist              Path of the password list to use
 
 optional arguments:
   -h, --help            show this help message and exit
   -c COUNT, --count COUNT
+                        Number of passwords to send in each request. Default:
+                        100
   -t THREADS, --threads THREADS
-  -u USER, --user USER
+                        Number of threads to spawn. Default: 4
+  -u USER, --user USER  WordPress username to brute force. Default: admin
   -l LEVEL, --level LEVEL
+                        Log level (1-5). 1 = debug, 5 = critical. Default: 1
 ```
 
 ### Examples

diff --git a/wpxmlrpcbrute.py b/wpxmlrpcbrute.py
@@ -92,15 +92,18 @@ def main():
     desc = "Brute force WordPress sites vulnerable to XML-RPC amplification."
     parser = argparse.ArgumentParser(description=desc)
 
-    # TODO(dw): Add help
-    parser.add_argument('-c', '--count', type=int, default=100)
-    parser.add_argument('-t', '--threads', type=int, default=4)
-    parser.add_argument('-u', '--user', default="admin")
+    parser.add_argument('-c', '--count', type=int, default=100,
+        help="Number of passwords to send in each request. Default: 100")
+    parser.add_argument('-t', '--threads', type=int, default=4,
+        help="Number of threads to spawn. Default: 4")
+    parser.add_argument('-u', '--user', default="admin",
+        help="WordPress username to brute force. Default: admin")
     # TODO: This doesn't actually do anything
     #parser.add_argument('-a', '--user-agent', default="")
-    parser.add_argument('-l', '--level', type=int, default=1)
-    parser.add_argument('url')
-    parser.add_argument('wordlist')
+    parser.add_argument('-l', '--level', type=int, default=1,
+        help="Log level (1-5). 1 = debug, 5 = critical. Default: 1")
+    parser.add_argument('url', help="URL of WordPress site to brute force")
+    parser.add_argument('wordlist', help="Path of the password list to use")
 
     args = parser.parse_args()