twa.1

.TH TWA 1 2019-02-17 "1.11.0" "User Commands"

.SH NAME
twa \- tiny web auditor with strong opinions

.SH SYNOPSIS
\fBtwa\fR \fI[-wvcsdV]\fR \fIDOMAIN\fR

.SH DESCRIPTION
.B twa
takes a
.I DOMAIN
hosting a website and performs a short security audit.
It can be used to detect HTTP(S) issues, missing security headers,
information-leaking headers, and other potential security hazards.

.B twa
takes only one
.I DOMAIN
at a time. If you need to audit multiple sites, run the program again.

.SH OPTIONS
.TP
.B \-v
Verbose mode.
.TP
.B \-w
Perform the audit on the main
.I DOMAIN
and the
.I www.
subdomain.
.TP
.B \-c
Emit output in CSV.
.TP
.B \-s
Run testssl-based checks (skipped by default)
.TP
.B \-d
Disable scanning common development ports
.TP
.B \-V
Print the version and exit.
.TP
.B \-h
Print a help message and exit.

.SH ENVIRONMENT
.TP
.B NO_COLOR
Don't colorize output, even when on a TTY.
.TP
.B TWA_TIMEOUT
The maximum length, in seconds, for internal
.B curl
calls.
.TP
.B TWA_USER_AGENT
The User-Agent to use for all
.B curl
calls.
.TP
.B TWA_CURLOPTS
Any additional options to pass to
.B curl
calls.

.SH TEST RESULTS
Each line of output describes the result of a single test,
and follows the "\fBRESULT\fR(\fIDOMAIN\fR): explanation" format,
where \fBRESULT\fR is one of the following:
.TP
.B PASS
The test passed with flying colors.
.TP
.B MEH
The test passed, but with one or more things that could be improved.
.TP
.B FAIL
The test failed, and should be fixed.
.TP
.B UNK
The server gave us something we didn't understand.
.TP
.B SKIP
The server gave us something we understood, but that we don't handle yet.
.TP
.B FATAL
A really important test failed, and should be fixed immediately.

.SH BUGS
None known. File issues at: \fIhttps://github.com/trailofbits/twa\fR

.SH AUTHOR
\fBtwa\fR is maintained by William Woodruff (<william @ trailofbits.com>).