Update README.md

README.md

@@ -20,17 +20,20 @@ A special thanks to [James Kettle](https://skeletonscribe.net/) for his [researc
 
 And a special thanks to [Ben Sadeghipour](https://www.nahamsec.com/) for beta testing Smuggler and for allowing me to discuss my work at [Nahamcon 2020](https://nahamcon.com)
 
+## IMPORTANT
+This tool does not guarentee no false-positives or false-negatives. Just because a mutation may report OK does not mean there isn't a desync issue, but more importantly just because the tool indicates a potential desync issue does not mean there definitely exists one. The script may encounter request processors from large entities (i.e. Google/AWS/Yahoo/Akamai/etc..) that may show false positive results.
+
 ## Installation
 
 1) git clone https://github.com/defparam/smuggler.git
 2) cd smuggler
-3) python3 smuggler.py -u <URL>
+3) python3 smuggler.py -h
 
 ## Example Usage
 
 Single Host:
 ```
-python3 smuggler.py -u <URL>
+python3 smuggler.py -u \<URL>
 ```
 
 List of hosts:
@@ -65,21 +68,21 @@ Smuggler at a minimum requires either a URL via the -u/--url argument or a list
 If the URL specifies `https://` then Smuggler will connect to the host:port using TLS. If the URL specifies `http://`
 then no SSL/TLS will be used at all. If only the host is specified then the script will default to `https://`
 
-To specify a different host header from the server address use the -v/--vhost <host> option
+Use -v/--vhost \<host> to specify a different host header from the server address
 
-Use -x/--exit_early to exit the scan of a given server when a potential issue is found. In piped mode smuggler will just continue to the next host on the list.
+Use -x/--exit_early to exit the scan of a given server when a potential issue is found. In piped mode smuggler will just continue to the next host on the list
 
-Use -m/--method <method> to specify a different HTTP verb from POST (i.e GET/PUT/PATCH/OPTIONS/CONNECT/TRACE/DELETE/HEAD/etc...)
+Use -m/--method \<method> to specify a different HTTP verb from POST (i.e GET/PUT/PATCH/OPTIONS/CONNECT/TRACE/DELETE/HEAD/etc...)
 
-Use -l/--log <file> to write output to file as well as stdout
+Use -l/--log \<file> to write output to file as well as stdout
 
 Use -q/--quiet reduce verbosity and only log issues found
 
-Use -t/--timeout <value> to specify the socket timeout. The value should be high enough to conclude that the socket is hanging, but low enough to speed up testing (default: 5)
+Use -t/--timeout \<value> to specify the socket timeout. The value should be high enough to conclude that the socket is hanging, but low enough to speed up testing (default: 5)
 
 Use --no-color to supress the output color codes printed to stdout (logs by default don't include color codes)
 
-Use -c/--configfile <configfile> to specify your smuggler mutation configuration file (default: default.py)
+Use -c/--configfile \<configfile> to specify your smuggler mutation configuration file (default: default.py)
 
 ## Config Files
 Configuration files are python files that exist in the ./config directory of smuggler. These files describe the content of the HTTP requests and the transfer-encoding mutations to test.
@@ -123,7 +126,7 @@ There are no input arguments yet on specifying your own customer headers and use
 Smuggler comes with 3 configuration files: default.py (fast), doubles.py (niche, slow), exhaustive.py (very slow)
 default.py is the fastest because it contains less mutations.
 
-specify configuration files using the -c/--configfile <configfile> command line option
+specify configuration files using the -c/--configfile \<configfile> command line option
 
 ## Payloads Directory
 Inside the Smuggler directory is the payloads directory. When Smuggler finds a potential CLTE or TECL desync issue, it will automatically dump a binary txt file of the problematic payload in the payloads directory. All payload filenames are annotated with the hostname, desync type and mutation type. Use these payloads to netcat directly to the server or to import into other analysis tools.