Skip to content

Commit d5a1a1c

Browse files
committed
Improve command quality
1 parent 2b4600d commit d5a1a1c

16 files changed

Lines changed: 377 additions & 164 deletions

assets/commands/apropos.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,9 @@ Search with **regex**
2020

2121
```apropos -r "[network.*config]"```
2222

23-
Show **long descriptions**
23+
**Match all** keywords (AND)
2424

25-
```apropos -l [keyword]```
25+
```apropos -a [keyword1] [keyword2]```
2626

2727
# SYNOPSIS
2828

@@ -32,15 +32,15 @@ Show **long descriptions**
3232

3333
**apropos** searches the manual page names and short descriptions for keywords, helping you find relevant commands when you don't know the exact name.
3434

35-
The search queries the whatis database built by mandb. Multiple keywords are OR'd together; use regex for AND behavior.
35+
The search queries the whatis database built by mandb. By default each keyword is treated as a regular expression. Multiple keywords are OR'd together; use **-a** to require all of them to match.
3636

3737
# PARAMETERS
3838

3939
**-e**, **--exact**
4040
> Search for exact keyword match
4141
4242
**-r**, **--regex**
43-
> Interpret keyword as regular expression
43+
> Interpret each keyword as a regular expression. This is the default behaviour.
4444
4545
**-w**, **--wildcard**
4646
> Interpret keyword as shell wildcard
@@ -49,7 +49,7 @@ The search queries the whatis database built by mandb. Multiple keywords are OR'
4949
> Search only specified manual sections
5050
5151
**-l**, **--long**
52-
> Don't truncate output lines
52+
> Do not trim output to the terminal width.
5353
5454
**-a**, **--and**
5555
> Require all keywords to match

assets/commands/bd.md

Lines changed: 28 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -4,58 +4,66 @@ Navigate to parent directories by name
44

55
# TLDR
66

7-
**Go back** to parent directory by name
7+
**Go back** to a parent directory by name (or its first few letters)
88

9-
```bd [dirname]```
9+
```bd [name]```
1010

11-
**List** parent directories
11+
**Case-sensitive** match
1212

13-
```bd -l```
13+
```bd -s [name]```
14+
15+
**Run a command** in a parent directory without changing to it
16+
17+
```ls `bd [name]` ```
1418

1519
# SYNOPSIS
1620

17-
**bd** _directory-name_
21+
**bd** [_-si_] _name_
1822

1923
# DESCRIPTION
2024

21-
**bd** (back directory) is a bash utility for quickly navigating to parent directories by name instead of using multiple `cd ../../../` commands. It searches upward in the directory tree for a matching directory name.
25+
**bd** (back directory) is a bash utility for quickly navigating to a parent directory by name instead of typing multiple `cd ../../../` commands. It searches upward in the current path for a directory whose name matches (matching on the first few letters is enough).
2226

23-
The tool simplifies navigation in deep directory structures.
27+
If several ancestors share the same name, bd jumps to the closest one (the immediate parent is not considered a match). It is installed as a shell alias so the directory change persists in your shell:
28+
29+
```alias bd=". bd -si"```
2430

2531
# PARAMETERS
2632

27-
**-l**, **--list**
28-
> List all parent directories
33+
**-s**
34+
> Case-sensitive matching (the default alias uses **-si** for case-insensitive).
2935
30-
**-h**, **--help**
31-
> Show help
36+
**-i**
37+
> Case-insensitive matching (no-op when already the default).
3238
3339
# WORKFLOW
3440

3541
```bash
3642
# Current path: /home/user/projects/myapp/src/components
37-
# Jump to 'myapp' directory
43+
# Jump up to 'myapp'
3844
bd myapp
3945
# Now in: /home/user/projects/myapp
4046

41-
# List available parent directories
42-
bd -l
47+
# Or just the first letters
48+
bd my
49+
50+
# Use a parent path inline without leaving the current directory
51+
cp file.txt `bd projects`
4352
```
4453

4554
# FEATURES
4655

47-
- Fuzzy matching on directory names
48-
- Tab completion support
49-
- Fast parent directory navigation
50-
- Integration with bash/zsh
56+
- Prefix matching on parent directory names
57+
- Bash completion support (via the bundled completion file)
58+
- Closest-match resolution when names repeat in the path
5159

5260
# CAVEATS
5361

54-
Requires installation and sourcing in shell config. Only works upward (not sideways). Name must be unique in path. Not available by default on most systems.
62+
Requires installation and an alias in your shell config (the alias sources the script so the `cd` sticks). Only walks upward through the current path, not into sibling trees. Built for bash; separate ports exist for zsh and fish. Not available by default on most systems.
5563

5664
# HISTORY
5765

58-
**bd** was created by Vignesh Warar around **2013** to simplify navigating up directory trees by name.
66+
**bd** was created by Vigneshwaran Raveendran (vigneshwaranr) to simplify navigating up directory trees by name.
5967

6068
# SEE ALSO
6169

assets/commands/conda-export.md

Lines changed: 29 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -22,14 +22,35 @@ environment specification exporter
2222

2323
# PARAMETERS
2424

25+
**-n**, **--name** _name_
26+
> Name of environment to export. Defaults to the active environment.
27+
28+
**-p**, **--prefix** _path_
29+
> Full path to the environment to export (alternative to **--name**).
30+
31+
**-f**, **--file** _file_
32+
> Write output to a file. Format is auto-detected from the filename. Defaults to standard output.
33+
34+
**--format** _format_
35+
> Output format: yaml (default), json, explicit, or requirements.
36+
2537
**--no-builds**
26-
> Exclude build strings from output.
38+
> Exclude build strings from the dependency list, making the file more portable.
2739
2840
**--from-history**
29-
> Only include packages explicitly requested.
41+
> Only include packages explicitly requested, omitting transitive dependencies.
3042
31-
**-n**, **--name** _name_
32-
> Name of environment to export.
43+
**-c**, **--channel** _channel_
44+
> Additional channel to include in the export.
45+
46+
**--override-channels**
47+
> Do not include channels from .condarc.
48+
49+
**--ignore-channels**
50+
> Do not prepend channel names to package specs.
51+
52+
**--json**
53+
> Report output as JSON, suitable for programmatic use.
3354
3455
# CONFIGURATION
3556

@@ -41,9 +62,11 @@ environment specification exporter
4162
4263
# DESCRIPTION
4364

44-
**conda export** outputs the current environment specification in YAML format. This can be used to recreate the environment on another system.
65+
**conda export** outputs the current environment specification in YAML format by default. This can be used to recreate the environment on another system with **conda env create -f environment.yml**.
66+
67+
**conda export** is the newer subcommand and supports multiple output formats via **--format**. The traditional **conda env export** remains supported and produces equivalent YAML.
4568

46-
Use **--from-history** for more portable exports that don't include transitive dependencies.
69+
Use **--from-history** for more portable exports that omit transitive dependencies and platform-specific build strings.
4770

4871
# SEE ALSO
4972

assets/commands/cryptsetup-luksformat.md

Lines changed: 36 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -28,23 +28,47 @@ LUKS provides standardized on-disk encryption with multiple key slots, secure ke
2828

2929
# PARAMETERS
3030

31-
**--label** _label_
32-
> Set LUKS2 label
33-
3431
**--type** _type_
35-
> LUKS type (luks1, luks2)
32+
> LUKS type: luks1 or luks2. Defaults to luks2.
33+
34+
**-c**, **--cipher** _cipher_
35+
> Encryption cipher specification. Compiled-in default (typically aes-xts-plain64).
36+
37+
**-s**, **--key-size** _bits_
38+
> Key size in bits, must be a multiple of 8. For XTS the volume key is split between two ciphers, so 512 yields AES-256.
39+
40+
**-h**, **--hash** _hash_
41+
> Hash algorithm used in the LUKS key setup and volume key digest.
42+
43+
**-i**, **--iter-time** _ms_
44+
> Milliseconds to spend on PBKDF passphrase processing. Higher values increase brute-force resistance.
3645
37-
**--cipher** _cipher_
38-
> Encryption cipher
46+
**--pbkdf** _algo_
47+
> PBKDF algorithm for LUKS2: pbkdf2, argon2i, or argon2id (the default).
3948
40-
**--key-size** _bits_
41-
> Key size in bits
49+
**-d**, **--key-file** _file_
50+
> Read the passphrase from a file. Use - to read from standard input.
4251
43-
**--hash** _hash_
44-
> Hash algorithm for PBKDF
52+
**-l**, **--keyfile-size** _bytes_
53+
> Read at most this many bytes from the key file.
54+
55+
**-y**, **--verify-passphrase**
56+
> Ask for the passphrase twice and fail if the entries differ.
57+
58+
**-q**, **--batch-mode**
59+
> Suppress all confirmation questions. Useful for scripting.
60+
61+
**--use-urandom**, **--use-random**
62+
> Select the kernel RNG (/dev/urandom or /dev/random) used to generate the volume key.
63+
64+
**--sector-size** _bytes_
65+
> Encryption sector size for LUKS2: a power of two between 512 and 4096.
66+
67+
**--label** _label_
68+
> Set the LUKS2 device label.
4569
46-
**--iter-time** _ms_
47-
> PBKDF iteration time in milliseconds
70+
**--integrity** _algo_
71+
> Enable authenticated disk encryption with the given integrity algorithm (LUKS2 only).
4872
4973
# CAVEATS
5074

assets/commands/dockdiver.md

Lines changed: 61 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1,65 +1,99 @@
11
# TAGLINE
22

3-
Docker image secrets scanner
3+
explore and extract Docker registry contents
44

55
# TLDR
66

7-
**Scan Docker Hub** for secrets
7+
**List all repositories** in a registry
88

9-
```dockdiver -u [username]```
9+
```dockdiver -url [registry_host] -list```
1010

11-
**Scan specific image**
11+
**Dump a specific repository**
1212

13-
```dockdiver -i [image:tag]```
13+
```dockdiver -url [registry_host] -dump [repository]```
1414

15-
**Scan with output** file
15+
**Dump every repository** into a directory
1616

17-
```dockdiver -u [username] -o [results.txt]```
17+
```dockdiver -url [registry_host] -dump-all -dir [output_dir]```
1818

19-
**Scan with custom** patterns
19+
**Authenticate with basic** credentials
2020

21-
```dockdiver -i [image:tag] -p [patterns.json]```
21+
```dockdiver -url [registry_host] -username [user] -password [pass] -list```
22+
23+
**Use a bearer token** and skip TLS verification
24+
25+
```dockdiver -url [registry_host] -bearer [token] -insecure -dump-all```
2226

2327
# SYNOPSIS
2428

2529
**dockdiver** [_options_]
2630

2731
# PARAMETERS
2832

29-
**-u** _USERNAME_
30-
> Docker Hub username to scan.
33+
**-url** _STRING_
34+
> Base URL or hostname of the Docker registry (required).
35+
36+
**-port** _INT_
37+
> Registry port used when not specified in the URL. Default 5000.
38+
39+
**-list**
40+
> List all repositories in the registry.
41+
42+
**-dump** _REPOSITORY_
43+
> Download a single repository (manifest, config blob, and layer tarballs).
44+
45+
**-dump-all**
46+
> Download all repositories found in the registry.
47+
48+
**-dir** _DIRECTORY_
49+
> Output directory for dumped files. Default docker_dump.
50+
51+
**-username** _STRING_
52+
> Username for HTTP Basic authentication.
53+
54+
**-password** _STRING_
55+
> Password for HTTP Basic authentication.
56+
57+
**-bearer** _STRING_
58+
> Bearer token for the Authorization header.
59+
60+
**-headers** _JSON_
61+
> Custom request headers as JSON, e.g. '{"X-Custom": "Value"}'.
62+
63+
**-insecure**
64+
> Skip TLS certificate verification.
3165
32-
**-i** _IMAGE_
33-
> Specific image to analyze.
66+
**-rate** _INT_
67+
> Requests per second. Default 3.
3468
35-
**-o** _FILE_
36-
> Output file for results.
69+
**-timeout** _DURATION_
70+
> HTTP request timeout, e.g. 10s or 500ms. Default 30s.
3771
38-
**-p** _FILE_
39-
> Custom pattern file.
72+
**-proxy** _URL_
73+
> Proxy URL (http, https, or socks5).
4074
41-
**-v**
42-
> Verbose output.
75+
**-proxy-username** _STRING_
76+
> Username for SOCKS5 proxy authentication.
4377
44-
**--help**
45-
> Display help information.
78+
**-proxy-password** _STRING_
79+
> Password for SOCKS5 proxy authentication.
4680
4781
# DESCRIPTION
4882

49-
**dockdiver** is a security tool for analyzing Docker images and Docker Hub repositories for exposed secrets, credentials, and sensitive information. It scans image layers to identify potentially dangerous data leakage.
83+
**dockdiver** is a Go utility that enumerates and extracts the contents of a Docker registry exposed over the Registry HTTP API V2. It can list repositories, dump a single repository, or dump every repository, retrieving manifests, configuration blobs, and layer tarballs while verifying each blob with its SHA256 digest.
5084

51-
The tool searches for common secret patterns including API keys, passwords, private keys, and credentials embedded in Docker images. It can scan individual images or entire user repositories.
85+
It is aimed at penetration testing, bug bounty, and CTF scenarios where a registry (often a self-hosted one on port 5000) is reachable and may expose images that contain source code, configuration, or credentials. Authentication via Basic credentials or a bearer token, custom headers, proxy support, and a configurable request rate make it suitable for working against access-controlled or rate-limited registries.
5286

53-
dockdiver helps security teams audit container images before deployment and identify credential exposure in public registries.
87+
This tool targets the registry itself rather than the public Docker Hub web interface, and it downloads raw image data for offline inspection rather than scanning layers for secrets on its own.
5488

5589
# CAVEATS
5690

57-
Scanning large images may take time. Some secrets may be obfuscated or encoded. Only scans accessible images. Pattern matching may produce false positives.
91+
Only registries reachable over the HTTP API V2 are supported. Use against registries you are authorized to access. Dumping all repositories can transfer large amounts of data; the default rate of 3 requests per second limits load and helps avoid tripping rate limits.
5892

5993
# HISTORY
6094

61-
dockdiver was created as a security research tool to address the widespread problem of secrets being accidentally committed to Docker images. It automates the discovery of exposed credentials in container registries.
95+
dockdiver is an open-source Go tool published on GitHub by MachiavelliII. It ships with a registry lab environment in its lab directory for safe testing.
6296

6397
# SEE ALSO
6498

65-
[dive](/man/dive)(1), [trivy](/man/trivy)(1), [grype](/man/grype)(1)
99+
[dive](/man/dive)(1), [trivy](/man/trivy)(1), [grype](/man/grype)(1), [docker-pull](/man/docker-pull)(1)

assets/commands/docker-images.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ list Docker images stored locally
4343
> Filter output.
4444
4545
**--format** _string_
46-
> Format output using Go template.
46+
> Format output using a custom template: table, table TEMPLATE, json, or a Go template string.
4747
4848
**--no-trunc**
4949
> Don't truncate output.
@@ -54,5 +54,5 @@ list Docker images stored locally
5454

5555
# SEE ALSO
5656

57-
[docker-image-ls](/man/docker-image-ls)(1), [docker-rmi](/man/docker-rmi)(1)
57+
[docker-image-ls](/man/docker-image-ls)(1), [docker-rmi](/man/docker-rmi)(1), [docker-pull](/man/docker-pull)(1)
5858

0 commit comments

Comments
 (0)