Sponsor:

Your company here, and a link to your site. Click to find out more.

twa - Man Page

tiny web auditor with strong opinions

Synopsis

twa [-wvcsdV] DOMAIN

Description

twa takes a DOMAIN hosting a website and performs a short security audit. It can be used to detect HTTP(S) issues, missing security headers, information-leaking headers, and other potential security hazards.

twa takes only one DOMAIN at a time. If you need to audit multiple sites, run the program again.

Options

-v

Verbose mode.

-w

Perform the audit on the main DOMAIN and the www. subdomain.

-c

Emit output in CSV.

-s

Run testssl-based checks (skipped by default)

-d

Disable scanning common development ports

-V

Print the version and exit.

-h

Print a help message and exit.

Environment

NO_COLOR

Don't colorize output, even when on a TTY.

TWA_TIMEOUT

The maximum length, in seconds, for internal curl calls.

TWA_USER_AGENT

The User-Agent to use for all curl calls.

TWA_CURLOPTS

Any additional options to pass to curl calls.

Test Results

Each line of output describes the result of a single test, and follows the "RESULT(DOMAIN): explanation" format, where RESULT is one of the following:

PASS

The test passed with flying colors.

MEH

The test passed, but with one or more things that could be improved.

FAIL

The test failed, and should be fixed.

UNK

The server gave us something we didn't understand.

SKIP

The server gave us something we understood, but that we don't handle yet.

FATAL

A really important test failed, and should be fixed immediately.

Bugs

None known. File issues at: https://github.com/trailofbits/twa

Author

twa is maintained by William Woodruff (<william @ trailofbits.com>).

Info

2019-02-17 1.10.0