update documentation

dfir-dd · Feb 28, 2024 · 00ee4d5 · 00ee4d5
1 parent 801bbc8
commit 00ee4d5
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 72 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,12 +1,12 @@
 [package]
 name = "dionysos"
-version = "1.2.5"
+version = "1.2.6"
 edition = "2018"
 description = "Scanner for various IoCs"
 homepage = "https://www.github.com/dfir-dd/dionysos"
 repository = "https://www.github.com/dfir-dd/dionysos"
 license = "GPL-3.0"
-authors = ["Jan Starke <jasa@dfir-dd.de>"]
+authors = ["Jan Starke <jasa@posteo.de>"]
 categories = ["command-line-utilities", "filesystem"]
 keywords = ["cli", "forensics", "security"]
 rust-version = "1.63"

diff --git a/README.md b/README.md
@@ -28,76 +28,62 @@ cargo install dionysos
 
 # Usage
 ```
-dionysos 1.0.1
-Jan Starke <Jan.Starke@t-systems.com>
-Scanner for various IoCs
-
-USAGE:
-    dionysos [OPTIONS]
-
-OPTIONS:
-    -P, --path <PATH>
-            path which must be scanned
-
-    -f, --format <OUTPUT_FORMAT>
-            output format [default: txt] [possible values: csv, txt, json]
-
-    -Y, --yara <YARA>
-            use yara scanner with the specified ruleset. This can be a single file, a zip file or a
-            directory containing lots of yara files. Yara files must end with 'yar' or 'yara', and
-            zip files must end with 'zip'
-
-        --yara-timeout <YARA_TIMEOUT>
-            timeout for the yara scanner, in seconds [default: 240]
-
-    -s, --print-strings
-            print matching strings (only used by yara currently)
-
-        --evtx
-            also do YARA scan in Windows EVTX records (exported as JSON)
-
-        --reg
-            also do YARA scan in Windows registry hive files
-
-    -C, --scan-compressed
-            allow yara to scan compressed files. Currently, xz, bz2 and gz are supported
-
-        --decompression-buffer <DECOMPRESSION_BUFFER_SIZE>
-            maximum size (in MiB) of decompression buffer (per thread), which is used to scan
-            compressed files [default: 128]
-
-    -H, --file-hash <FILE_HASH>
-            Hash of file to match against. Use any of MD5, SHA1 or SHA256. This parameter can be
-            specified multiple times
-
-    -F, --filename <FILENAMES>
-            regular expression to match against the basename of files. This parameter can be
-            specified multiple times
-
-        --levenshtein
-            run the Levenshtein scanner
-
-    -p, --threads <THREADS>
-            use the specified NUMBER of threads [default: 16]
-
-        --progress
-            display a progress bar (requires counting the number of files to be scanned before a
-            progress bar can be displayed)
-
-    -L, --log-file <LOG_FILE>
-            path of the file to write logs to. Logs will always be appended
-
-    -h, --help
-            Print help information
-
-    -q, --quiet
-            Less output per occurrence
-
-    -v, --verbose
-            More output per occurrence
-
-    -V, --version
-            Print version information
+Usage: dionysos [OPTIONS]
+
+Options:
+  -v, --verbose...
+          Increase logging verbosity
+  -q, --quiet...
+          Decrease logging verbosity
+  -P, --path <PATH>
+          path which must be scanned
+  -f, --format <OUTPUT_FORMAT>
+          output format [default: txt] [possible values: csv, txt, json]
+  -O, --output-file <OUTPUT_FILE>
+          path of the file to write results to. Specify '-' write to STDOUT,
+          which is the default
+  -Y, --yara <YARA>
+          use yara scanner with the specified ruleset. This can be a single
+          file, a zip file or a directory containing lots of yara files. Yara
+          files must end with 'yar' or 'yara', and zip files must end with 'zip'
+      --yara-timeout <YARA_TIMEOUT>
+          timeout for the yara scanner, in seconds [default: 240]
+  -s, --print-strings
+          print matching strings (only used by yara currently)
+      --evtx
+          also do YARA scan in Windows EVTX records (exported as JSON)
+      --reg
+          also do YARA scan in Windows registry hive files
+  -C, --scan-compressed
+          allow yara to scan compressed files. Currently, xz, bz2 and gz are
+          supported
+      --decompression-buffer <DECOMPRESSION_BUFFER_SIZE>
+          maximum size (in MiB) of decompression buffer (per thread), which is
+          used to scan compressed files [default: 128]
+      --exclude-pattern <EXCLUDE_PATTERN>
+          do not scan files whose names match the specified regular expression
+          (case sensitive match)
+  -H, --file-hash <FILE_HASH>
+          Hash of file to match against. Use any of MD5, SHA1 or SHA256. This
+          parameter can be specified multiple times
+  -F, --filename <FILENAMES>
+          regular expression to match against the basename of files. This
+          parameter can be specified multiple times
+      --levenshtein
+          run the Levenshtein scanner
+  -p, --threads <THREADS>
+          use the specified NUMBER of threads [default: 24]
+      --progress
+          display a progress bar (requires counting the number of files to be
+          scanned before a progress bar can be displayed)
+  -L, --log-file <LOG_FILE>
+          path of the file to write error logs to. Error logs will always be
+          appended Be aware that this are not the results (e.g. matching yara
+          rules) of this program
+  -h, --help
+          Print help
+  -V, --version
+          Print version
 ```
 
 # Developer guide