Tasos Laskos · 312cb12a
--- a/guides/user/Command-line-user-interface.md
+++ b/guides/user/Command-line-user-interface.md
@@ -153,16 +153,20 @@ in your gems path._
 <h3 id='version'><a href='#version'>Version (--version)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 Outputs the Arachni banner and version information.
 <h3 id='verbosity'><a href='#verbosity'>Verbosity (-v)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 When verbosity is enabled Arachni will give you detailed information about what's going on during the whole process.
@@ -280,8 +284,10 @@ Arachni - Web Application Security Scanner Framework v0.4.2
 <h3 id='debug'><a href='debug'>Debug mode (--debug)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 When this flag is enabled the system will output a lot of messages detailing what's happening internally.
@@ -394,16 +400,20 @@ $ cat debug.log
 <h3 id='only-positives'><a href='#only-positives'>Only positives (--only-positives)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 This will suppress all messages except for positive matches -- vulnerabilities.
 <h3 id='http-req-limit'><a href='#http-req-limit'>HTTP request limit (--http-req-limit)</a></h3>
-*Expects*: integer
+**Expects**: integer
-*Default*: 60
+**Default**: 60
 *Multiple invocations?*: no
 Limit how many concurrent HTTP request are sent.
@@ -414,16 +424,20 @@ Limit how many concurrent HTTP request are sent.
 <h3 id='http-timeout'><a href='#http-timeout'>HTTP timeout (--http-timeout)</a></h3>
-*Expects*: integer (milliseconds)
+**Expects**: integer (milliseconds)
-*Default*: 50000
+**Default**: 50000
 *Multiple invocations?*: no
 Limit how long the HTTP client should wait for a response from the server.
 <h3 id='https-only'><a href='#https-only'>HTTP timeout (--https-only)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 Forces the system to only follow HTTPS URLs.
@@ -431,8 +445,10 @@ _(Target URL must be an HTTPS one as well.)_
 <h3 id='cookie-jar'><a href='#cookie-jar'>Cookie jar (--cookie-jar)</a></h3>
-*Expects*: cookiejar file
+**Expects**: cookiejar file
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 Arachni allows you to pass your own cookies in the form of a Netscape cookie-jar file.
@@ -446,8 +462,10 @@ You should also take a look at the _--exclude-cookie_ option discussed later.
 <h3 id='cookie-string'><a href='#cookie-string'>Cookie string (--cookie-string)</a></h3>
-*Expects*: string
+**Expects**: string
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 Cookies, as a string, to be sent to the web application.
@@ -460,8 +478,10 @@ Cookies, as a string, to be sent to the web application.
 <h3 id='user-agent'><a href='#user-agent'>User agent (--user-agent)</a></h3>
-*Expects*: string
+**Expects**: string
-*Default*: "Arachni/<version>"
+**Default**: "Arachni/<version>"
 *Multiple invocations?*: no
 You can pass your own user agent string which will be sent to the webserver under audit.
@@ -469,8 +489,10 @@ Default is _Arachni/&lt;version&gt;_.
 <h3 id='custom-header'><a href='#custom-header'>Custom header (--custom-header)</a></h3>
-*Expects*: string
+**Expects**: string
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: yes
 Allows you to specify custom headers in the form of key-value pairs.
@@ -484,8 +506,10 @@ Allows you to specify custom headers in the form of key-value pairs.
 <h3 id='authed-by'><a href='#authed-by'>Authorized by (--authed-by)</a></h3>
-*Expects*: string
+**Expects**: string
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 The string passed to this option will be included in the user-agent string and be the value of the "From" HTTP header field.
@@ -500,8 +524,10 @@ The _--authed-by_ value should contain information about the person who authoriz
 <h3 id='login-check-url'><a href='#login-check-url'>Login check URL (--login-check-url)</a></h3>
-*Expects*: string
+**Expects**: string
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 *Requires*: "login-check-pattern":#login-check-pattern
@@ -513,8 +539,10 @@ this should indicate that the scanner is logged in.
 <h3 id='login-check-pattern'><a href='#login-check-pattern'>Login check pattern (--login-check-pattern)</a></h3>
-*Expects*: string
+**Expects**: string
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 *Requires*: "login-check-url":#login-check-url
@@ -527,8 +555,10 @@ A positive match should indicate that the scanner is logged in.
 <h3 id='save-profile'><a href='#save-profile'>Save profile (--save-profile)</a></h3>
-*Expects*: filename
+**Expects**: filename
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 This option allows you to save your current running configuration, all the options passed to Arachni, to an Arachni Framework Profile (.afp) file.
@@ -542,8 +572,10 @@ This option allows you to save your current running configuration, all the optio
 <h3 id='load-profile'><a href='#load-profile'>Load profile (--load-profile)</a></h3>
-*Expects*: Arachni Framework Profile (.afp) file
+**Expects**: Arachni Framework Profile (.afp) file
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: yes
 This option allows you to load and run a saved profile.
@@ -557,8 +589,10 @@ The load profile option does not restrict your ability to specify more options o
 <h3 id='show-profile'><a href='#show-profile'>Show profile (--show-profile)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 This option will output the running configuration as a string of command line arguments.
@@ -572,8 +606,10 @@ This option will output the running configuration as a string of command line ar
 <h3 id='exclude'><a href='#exclude'>Exclude (--exclude/-e)</a></h3>
-*Expects*: regexp
+**Expects**: regexp
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: yes
 The _--exclude_ option expects a regular expression or plain string and excludes URLs matching that expression from the crawling process.
@@ -668,8 +704,10 @@ Arachni - Web Application Security Scanner Framework v0.4.2
 <h3 id='exclude-page'><a href='#exclude-page'>Exclude page by content (--exclude-page)</a></h3>
-*Expects*: regexp
+**Expects**: regexp
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: yes
 The _--exclude-page_ option expects a regular expression or plain string
@@ -677,8 +715,10 @@ and excludes pages whose content matching that expression from the crawl process
 <h3 id='include'><a href='#include'>Include (--include/-i)</a></h3>
-*Expects*: regexp
+**Expects**: regexp
-*Default*: '.*'
+**Default**: '.*'
 *Multiple invocations?*: yes
 This is the exact oposite of the _--exclude_ option.
@@ -686,8 +726,10 @@ When a regular expression is passed to the _--include_ option, *only* URLs match
 <h3 id='redundant'><a href='#redundant'>Redundant (--redundant)</a></h3>
-*Expects*: regexp:integer
+**Expects**: regexp:integer
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: yes
 The redundant option expects a regular expression and a counter, like so:
@@ -701,8 +743,10 @@ This option is useful when auditing a website that has a lot of redundant pages
 <h3 id='auto-redundant'><a href='#auto-redundant'>Auto-redundant (--auto-redundant)</a></h3>
-*Expects*: integer
+**Expects**: integer
-*Default*: disabled (with a value of 10 if none has been specified)
+**Default**: disabled (with a value of 10 if none has been specified)
 *Multiple invocations?*: no
 The auto-redundant option sets the limit of how many URLs with identical parameters
@@ -735,40 +779,50 @@ http://test.com/path.php?stuff=blah&stuff2=1
 <h3 id='follow-subdomains'><a href='#follow-subdomains'>Follow subdomains (-f/--follow-subdomains)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 This flag will cause Arachni to follow links to subdomains.
 <h3 id='depth'><a href='#depth'>Depth limit (--depth)</a></h3>
-*Expects*: integer
+**Expects**: integer
-*Default*: infinite
+**Default**: infinite
 *Multiple invocations?*: no
 It specifies how deep into the site structure the crawler should go.
 <h3 id='link-count'><a href='#link-count'>Link count limit (--link-count)</a></h3>
-*Expects*: integer
+**Expects**: integer
-*Default*: infinite
+**Default**: infinite
 *Multiple invocations?*: no
 It specifies how many links the crawler should follow.
 <h3 id='redirect-limit'><a href='#redirect-limit'>Redirect limit (--redirect-limit)</a></h3>
-*Expects*: integer
+**Expects**: integer
-*Default*: infinite
+**Default**: infinite
 *Multiple invocations?*: no
 It specifies how many redirects the crawler should follow.
 <h3 id='extend-paths'><a href='#extend-paths'>Extend paths (--extend-paths)</a></h3>
-*Expects*: file
+**Expects**: file
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: yes
 Allows you to extend the scope of the audit by supplementing the paths discovered by the crawler with the paths in the file.
@@ -776,8 +830,10 @@ The file must contains one path per line.
 <h3 id='restrict-paths'><a href='#restrict-paths'>Restrict paths (--restrict-paths)</a></h3>
-*Expects*: file
+**Expects**: file
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: yes
 Uses the paths contained in file instead of performing a crawl.
@@ -787,32 +843,40 @@ Uses the paths contained in file instead of performing a crawl.
 <h3 id='audit-links'><a href='#audit-links'>Audit links (--audit-links/-g)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 Tells Arachni to audit the link elements of the page and their variables.
 <h3 id='audit-forms'><a href='#audit-forms'>Audit forms (--audit-forms/-p)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 Tells Arachni to audit the form elements of the page and their inputs.
 <h3 id='audit-cookies'><a href='#audit-cookies'>Audit cookies (--audit-cookies/-c)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 Tells Arachni to audit the cookies of the page.
 <h3 id='exclude-cookie'><a href='#exclude-cookie'>Exclude cookie (--exclude-cookie)</a></h3>
-*Expects*: cookie name
+**Expects**: cookie name
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: yes
 Tells Arachni to exclude -- not audit -- a cookie by name.
@@ -824,16 +888,20 @@ This is very unlikely but it's better to err on the side of caution.
 <h3 id='exclude-vector'><a href='#exclude-vector'>Exclude cookie (--exclude-vector)</a></h3>
-*Expects*: input name
+**Expects**: input name
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: yes
 Tells Arachni to exclude -- not audit -- an input vector by name.
 <h3 id='audit-headers'><a href='#audit-headers'>Audit headers (--audit-headers)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 Tells Arachni to audit the HTTP headers of the page.
@@ -845,8 +913,10 @@ Tells Arachni to audit the HTTP headers of the page.
 <h3 id='audit-cookies-extensively'><a href='#audit-cookies-extensively'>Audit cookies extensively (--audit-cookies-extensively)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 If enabled Arachni will submit all links and forms of the page along with the cookie permutations.
@@ -855,8 +925,10 @@ If enabled Arachni will submit all links and forms of the page along with the co
 <h3 id='fuzz-methods'><a href='#fuzz-methods'>Fuzz methods (--fuzz-methods)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 If enabled Arachni will submit all links and forms using both the _GET_ and _POST_
@@ -866,8 +938,10 @@ HTTP request methods.
 <h3 id='exclude-binaries'><a href='#exclude-binaries'>Exclude binaries (--exclude-binaries)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 Disables inclusion of binary HTTP response bodies in the audit.
@@ -878,8 +952,10 @@ Disables inclusion of binary HTTP response bodies in the audit.
 <h3 id='lsmod'><a href='#lsmod'>List modules (--lsmod)</a></h3>
-*Expects*: regular expression
+**Expects**: regular expression
-*Default*: disabled OR .*
+**Default**: disabled OR .*
 *Multiple invocations?*: yes
 Tells Arachni to list all available modules based on the regular expressions provided and exit.
@@ -1016,8 +1092,10 @@ Path:   /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/xs
 <h3 id='modules'><a href='#modules'>Modules (--modules/-m)</a></h3>
-*Expects*: modname,modname,... OR '*'
+**Expects**: modname,modname,... OR '*'
-*Default*: '*' -- all modules
+**Default**: '*' -- all modules
 *Multiple invocations?*: no
 Tells Arachni which modules to load.
@@ -1054,8 +1132,10 @@ The above will load all modules except for the 'backup_files' and 'xss' modules.
 <h3 id='lsrep'><a href='#lsrep'>List reports (--lsrep)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 Lists all available reports.
@@ -1221,8 +1301,10 @@ Path:   /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/stdout.r
 <h3 id='repload'><a href='#repload'>Load a report (--repload)</a></h3>
-*Expects*: Arachni Framework Report (.afr) file
+**Expects**: Arachni Framework Report (.afr) file
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 Tells Arachni to load an Arachni Framework Report (.afr) file.
@@ -1373,8 +1455,10 @@ Arachni - Web Application Security Scanner Framework v0.4.2
 <h3 id='report'><a href='#report'>Report (--report)</a></h3>
-*Expects*: repname
+**Expects**: repname
-*Default*: stdout
+**Default**: stdout
 *Multiple invocations?*: yes
 Tells Arachni which report component to use.
@@ -1483,8 +1567,10 @@ Arachni - Web Application Security Scanner Framework v0.4.2
 <h3 id='lsplug'><a href='#lsplug'>List plugins (--lsplug)</a></h3>
-*Expects*: <n/a>
+**Expects**: <n/a>
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 Lists all available plugins.
@@ -1979,8 +2065,10 @@ Path:   /home/zapotek/workspace/arachni/plugins/form_dicattack.rb
 <h3 id='plugin'><a href='#plugin'>Plugin (--plugin)</a></h3>
-*Expects*: plugin name
+**Expects**: plugin name
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: yes
 Tells Arachni which plugin components to run.
@@ -2285,24 +2373,30 @@ Arachni - Web Application Security Scanner Framework v0.4.2
 <h3 id='proxy_server'><a href='#proxy_server'>Proxy server (--proxy)</a></h3>
-*Expects*: server:port
+**Expects**: server:port
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 Tells Arachni to send all requests via a proxy server.
 <h3 id='proxy-auth'><a href='#proxy-auth'>Proxy authentication (--proxy-auth)</a></h3>
-*Expects*: username:password
+**Expects**: username:password
-*Default*: disabled
+**Default**: disabled
 *Multiple invocations?*: no
 Tells Arachni authenticate itself with the proxy server using the supplied username and password.
 <h3 id='proxy-type'><a href='#proxy-type'>Proxy type (--proxy-type)</a></h3>
-*Expects*: http, http_1_0, socks4, socks5, socks4a
+**Expects**: http, http_1_0, socks4, socks5, socks4a
-*Default*: disabled OR http
+**Default**: disabled OR http
 *Multiple invocations?*: no
 Tells Arachni what protocol to use to connect and comunicate with the proxy server.