SWAMM - Instructions
This article describes security testing-related software whose use may be restricted or prohibited in your place of residence or your workplace. The penalties for violating laws and regulations regarding security testing-related tools can be severe. Ensuring that you are allowed to use this software is your responsibility.
The software described is a "preview release" which is not yet feature-complete and which is has not been tested on a variety of systems. Even if you are allowed to use the software, you should do so with caution, on systems which can be easily restored to their previous state if they are damaged.
This document describes all of the command-line options for She Wore A Mirrored Mask. If you are learning how to use it, I recommend going through the four tutorials linked at the end of this document first — this should answer most common questions about syntax and whatnot.
Important: if you run She Wore A Mirrored Mask with the --help option, you will see a number of options not described in this document which are labeled "this option is not currently implemented or supported". That label is the reason they're not discussed here — the code to support those options is not implemented. The only reason I didn't comment them out entirely is because it involved many fewer changes to the source code.
|-h or --help||Display the built-in help|
|--address||IP_ADDRESS||Listen on this IP address (default: all interfaces (0.0.0.0)).|
|--port||TCP_PORT||Listen on this TCP port (default: 8080).|
|--ssl-server-cert||FILE_PATH||Use the certificate contained in this file for TLS/SSL communication with clients (requires the use of --ssl-server-key).|
|--ssl-server-key||FILE_PATH||Use the private key contained in this file for TLS/SSL communication with clients (requires the use of --ssl-server-cert).|
|--console-verbosity||debug | info | warning | error | critical||Limit console output to the specified level or above. Warning: debug is extremely verbose.|
|--log||LOG_FILE_PATH||Write a log file in addition to the console output.|
|--log-verbosity||debug | info | warning | error | critical||Limit log file output to the specified level or above. Warning: debug is extremely verbose.|
|--reportfile||FILE_PATH||Write a tab-delimited report file regarding successful and failed downloads. Warning: is probably buggy, hasn't been extensively tested.|
|--no-ansi||Do not use ANSI codes to make the console output look awesome and amazing and like you are a "l33+" super-hacker hacking some radical "zero-days" and "pwning" some "boxes"|
|--masq-list||List all available masquerading profiles, then exit.|
|--masq-predefined||MASQUERADE_MODE_NAME||Use this masquerade mode (default: coyote1.1)|
|--masq-serverstring||MASQUERADE_SERVER_STRING||Send this Server HTTP header instead of the default for the specified profile.|
Non-Random URI stems
If you need to override the random generation of URI-stems, these are the options to do so.
|--uri-prefix-master||URI_PREFIX||Use this prefix as the master prefix instead of randomly-generating one.|
|--uri-prefix-read||URI_PREFIX||Use this prefix as the read-operation prefix instead of randomly-generating one.|
|--uri-prefix-write||URI_PREFIX||Use this prefix as the write-operation prefix instead of randomly-generating one.|
|--uri-prefix-append||URI_PREFIX||Use this prefix as the append-operation prefix instead of randomly-generating one.|
|--uri-prefix-delete||URI_PREFIX||Use this prefix as the delete-operation prefix instead of randomly-generating one.|
|--uri-prefix-store-add||URI_PREFIX||Use this prefix as the prefix for storing request/response pairs instead of randomly-generating one.|
|--uri-prefix-store-delete||URI_PREFIX||Use this prefix as the prefix for deleting request/response pairs instead of randomly-generating one.|
For example, to set all of the URI-stems to fixed values:
python ./swamm.py --uri-prefix-master "/CBt/" --uri-prefix-read "/CBt/3lh/" --uri-prefix-write "/CBt/moc/" --uri-prefix-append "/CBt/n4Y/" --uri-prefix-delete "/CBt/Qyv/" --uri-prefix-store-add "/CBt/BmF/" --uri-prefix-store-delete "/CBt/hpB/"