1TWA(1) User Commands TWA(1)
2
6 twa - tiny web auditor with strong opinions
7
10 twa [-wvcsdV] DOMAIN
11
14 twa takes a DOMAIN hosting a website and performs a short security
15 audit. It can be used to detect HTTP(S) issues, missing security head‐
16 ers, information-leaking headers, and other potential security hazards.
17 twa takes only one DOMAIN at a time. If you need to audit multiple
19 sites, run the program again.
20
23 -v Verbose mode.
24 -w Perform the audit on the main DOMAIN and the www. subdomain.
26 -c Emit output in CSV.
28 -s Run testssl-based checks (skipped by default)
30 -d Disable scanning common development ports
32 -V Print the version and exit.
34 -h Print a help message and exit.
36
39 NO_COLOR
40 Don't colorize output, even when on a TTY.
41 TWA_TIMEOUT
43 The maximum length, in seconds, for internal curl calls.
44 TWA_USER_AGENT
46 The User-Agent to use for all curl calls.
47 TWA_CURLOPTS
49 Any additional options to pass to curl calls.
50
53 Each line of output describes the result of a single test, and follows
54 the "RESULT(DOMAIN): explanation" format, where RESULT is one of the
55 following:
56 PASS The test passed with flying colors.
58 MEH The test passed, but with one or more things that could be
60 improved.
61 FAIL The test failed, and should be fixed.
63 UNK The server gave us something we didn't understand.
65 SKIP The server gave us something we understood, but that we don't
67 handle yet.
68 FATAL A really important test failed, and should be fixed immediately.
70
73 None known. File issues at: https://github.com/trailofbits/twa
74
77 twa is maintained by William Woodruff (<william @ trailofbits.com>).
781.10.0 2019-02-17 TWA(1)