Improve command detail quality

Author: SimonSchubert

assets/commands/7za.md

@@ -63,19 +63,28 @@ standalone file archiver from the 7-Zip family
 > Compression level (0-9)
 
 **-t**_type_
-> Archive type (7z, zip, gzip, bzip2, tar)
+> Archive type (7z, zip, gzip, bzip2, xz, tar)
 
 **-r**
 > Recurse subdirectories
 
 **-y**
 > Assume yes to queries
 
+**-si**
+> Read from stdin
+
+**-so**
+> Write to stdout
+
+**-mhe=on**
+> Encrypt archive headers (7z format)
+
 # DESCRIPTION
 
 **7za** is the standalone version of the 7-Zip command-line tool. Unlike **7z** which may use external plugins, 7za includes all codecs in a single executable.
 
-7za supports fewer formats than the full 7z but is more portable as a single binary. It handles 7z, ZIP, GZIP, BZIP2, TAR, and XZ formats.
+7za supports fewer formats than the full 7z but is more portable as a single binary. It handles 7z, ZIP, GZIP, BZIP2, XZ, TAR, and CAB formats.
 
 The command syntax is identical to **7z**. For scripts that only need common formats, 7za is often preferred for its simplicity and reliability.
 

assets/commands/aa-audit.md

@@ -16,17 +16,13 @@ Set a profile to audit mode from a **specific directory**
 
 ```sudo aa-audit -d /path/to/profiles [profile_name]```
 
-**Remove** audit mode for a profile
-
-```sudo aa-audit -r [profile_name]```
-
 Set a profile to audit mode **without reloading** it
 
 ```sudo aa-audit --no-reload [profile_name]```
 
 # SYNOPSIS
 
-**aa-audit** _executable_ [_executable_ ...] [_-d /path/to/profiles_] [_--no-reload_] [_-r_]
+**aa-audit** _executable_ [_executable_ ...] [_-d /path/to/profiles_] [_--no-reload_]
 
 # DESCRIPTION
 
@@ -40,9 +36,6 @@ Set a profile to audit mode **without reloading** it
 **--no-reload**
 > Prevents automatic profile reloading after modifications
 
-**-r, --remove**
-> Deactivates audit mode for the specified profile(s)
-
 **-h, --help**
 > Display help information
 

assets/commands/aa-unconfined.md

@@ -4,18 +4,22 @@ Find network-listening processes without AppArmor profiles
 
 # TLDR
 
-List **unconfined processes** using the ss command (default)
+**List unconfined processes** with open network sockets (using ss by default)
 
 ```sudo aa-unconfined```
 
-Use **netstat** instead of ss to detect open network sockets
+**Use netstat** instead of ss to detect open network sockets
 
 ```sudo aa-unconfined --with-netstat```
 
-Show all processes with TCP/UDP ports and **no profiles** (paranoid mode)
+**Show all processes** from /proc with TCP/UDP ports without confinement
 
 ```sudo aa-unconfined --paranoid```
 
+**Show only server processes** (those with listening sockets)
+
+```sudo aa-unconfined --show=server```
+
 # SYNOPSIS
 
 **aa-unconfined** [_--paranoid_] [_--with-ss_ | _--with-netstat_]
@@ -29,16 +33,19 @@ This tool is useful for identifying services that may benefit from AppArmor conf
 # PARAMETERS
 
 **--paranoid**
-> Examines all processes from the /proc filesystem that have active TCP or UDP ports without AppArmor confinement
+> Examines all processes from the /proc filesystem that have active TCP or UDP ports without AppArmor confinement. Equivalent to --show=all.
+
+**--show=**_MODE_
+> Determines the set of processes displayed: all (all processes), network (processes with any sockets), server (processes with listening sockets), client (processes with non-listening sockets).
 
 **--with-ss**
-> Uses the ss(8) utility to identify network socket listeners (default)
+> Uses the ss(8) utility to identify network socket listeners (default).
 
 **--with-netstat**
-> Uses the netstat(8) command for network socket discovery instead of ss
+> Uses the netstat(8) command for network socket discovery instead of ss. Used as fallback when ss is not available.
 
-**-h, --help**
-> Display help information
+**-h**, **--help**
+> Display help information.
 
 # CAVEATS
 

assets/commands/act.md

@@ -24,6 +24,14 @@ Run with **secrets** from file
 
 ```act --secret-file [.secrets]```
 
+**Dry run** to see what would be executed
+
+```act -n```
+
+Run with a specific **platform image**
+
+```act -P ubuntu-latest=catthehacker/ubuntu:act-latest```
+
 # SYNOPSIS
 
 **act** [_-W workflow_] [_-j job_] [_-e event_] [_--secret-file file_] [_options_]
@@ -55,7 +63,19 @@ The tool supports most GitHub Actions features including matrix builds, secrets,
 > Load environment variables from file
 
 **-P** _platform_, **--platform** _platform_
-> Custom Docker image for platform (e.g., ubuntu-latest=nektos/act-environments-ubuntu:18.04)
+> Custom Docker image for platform (e.g., ubuntu-latest=catthehacker/ubuntu:act-latest)
+
+**--input** _input_
+> Set a workflow input (KEY=VALUE)
+
+**--input-file** _file_
+> Load workflow inputs from file
+
+**--matrix** _matrix_
+> Select specific matrix configuration to run
+
+**--action-offline-mode**
+> Don't pull images or fetch remote actions if already cached
 
 **-l**, **--list**
 > List available workflows and jobs

assets/commands/adb-devices.md

@@ -1,6 +1,6 @@
 # TAGLINE
 
-connected Android device lister
+list connected Android devices
 
 # TLDR
 

assets/commands/adb-forward.md

@@ -8,7 +8,7 @@ Android device port forwarder
 
 ```adb forward tcp:[8080] tcp:[8080]```
 
-Forward to a **Unix domain socket**
+Forward to a **Unix abstract domain socket**
 
 ```adb forward tcp:[8080] localabstract:[socket_name]```
 
@@ -24,6 +24,10 @@ Remove **all** forwards
 
 ```adb forward --remove-all```
 
+Forward to a **specific device** by serial number
+
+```adb -s [serial] forward tcp:[8080] tcp:[8080]```
+
 # SYNOPSIS
 
 **adb forward** [_--no-rebind_] _local_ _remote_
@@ -39,19 +43,22 @@ Common uses include debugging apps with remote debuggers, accessing development
 # PARAMETERS
 
 **tcp:**_port_
-> TCP port number
+> TCP port number. Remote may be "tcp:0" to pick any open port.
 
 **localabstract:**_name_
-> Unix domain socket in abstract namespace
+> Unix domain socket in abstract namespace.
 
 **localreserved:**_name_
-> Unix domain socket in reserved namespace
+> Unix domain socket in reserved namespace.
 
 **localfilesystem:**_name_
-> Unix domain socket in filesystem namespace
+> Unix domain socket in filesystem namespace.
 
 **jdwp:**_pid_
-> JDWP (Java Debug Wire Protocol) for process ID
+> JDWP (Java Debug Wire Protocol) for process ID.
+
+**vsock:**_CID:port_
+> vsock address (CID and port).
 
 **--no-rebind**
 > Fail if local port is already forwarded

assets/commands/adb-logcat.md

@@ -41,20 +41,29 @@ Filter expressions allow you to select which log messages to display based on ta
 # PARAMETERS
 
 **-v** _format_
-> Output format: brief, process, tag, thread, raw, time, threadtime, long
+> Output format: brief, process, tag, thread, raw, time, threadtime (default), long
 
 **-b** _buffer_
 > Log buffer: main, system, radio, events, crash, all
 
 **-c**
-> Clear the log buffers
+> Clear the log buffers and exit
 
 **-d**
 > Dump log and exit (don't block)
 
 **-f** _file_
 > Write output to file
 
+**-g**
+> Print the size of the specified log buffer and exit
+
+**-n** _count_
+> Set the maximum number of rotated logs (default 4, requires -r)
+
+**-r** _kbytes_
+> Rotate log every kbytes of output (default 16, requires -f)
+
 **-s**
 > Set default filter to silent (equivalent to *:S)
 

assets/commands/add-computer.py.md

@@ -38,16 +38,34 @@ This is commonly used in penetration testing for resource-based constrained dele
 > Password for the computer account (auto-generated if not specified)
 
 **-method** _method_
-> Method to add computer: SAMR or LDAP
+> Method to add computer: SAMR or LDAPS (default SAMR).
+
+**-dc-host** _hostname_
+> Domain controller hostname (FQDN). If omitted, derived from the domain argument.
+
+**-baseDN** _dn_
+> Distinguished name base in LDAP. If omitted, derived from the domain.
+
+**-domain-netbios** _name_
+> Domain NetBIOS name when the forest handles multiple domains.
+
+**-no-add**
+> Only change an existing computer account password without adding a new one.
 
 **-k**
-> Use Kerberos authentication (requires ccache)
+> Use Kerberos authentication (requires KRB5CCNAME ccache).
 
 **-no-pass**
-> Don't prompt for password (use with -k)
+> Don't prompt for password (use with -k).
 
 **-hashes** _LMHASH:NTHASH_
-> Use NTLM hash for authentication
+> Use NTLM hash for pass-the-hash authentication.
+
+**-aesKey** _key_
+> AES128 or AES256 hex key for Kerberos pass-the-key authentication.
+
+**-debug**
+> Enable verbose debug output.
 
 # CAVEATS
 

assets/commands/addcomputer.py.md

@@ -8,14 +8,18 @@ Create machine accounts in Active Directory
 
 ```addcomputer.py [domain]/[user]:[password] -computer-name [hostname]```
 
-Specify **domain controller**
+Specify **domain controller** IP
 
 ```addcomputer.py [domain]/[user]:[password] -dc-ip [192.168.1.1] -computer-name [hostname]```
 
-Use **pass-the-hash**
+Use **pass-the-hash** authentication
 
 ```addcomputer.py [domain]/[user] -hashes :[NTHASH] -computer-name [hostname]```
 
+Add computer with a **specific password** using LDAP method
+
+```addcomputer.py [domain]/[user]:[password] -computer-name [hostname] -computer-pass [password] -method LDAPS```
+
 # SYNOPSIS
 
 **addcomputer.py** _domain_/_user_:_password_ -computer-name _name_ [_options_]
@@ -37,8 +41,8 @@ This capability is useful in penetration testing for setting up resource-based c
 **-computer-pass** _password_
 > Password for the computer account
 
-**-method** _SAMR|LDAP_
-> Protocol to use for adding the computer
+**-method** _SAMR|LDAPS_
+> Protocol to use for adding the computer (default: SAMR)
 
 **-hashes** _LMHASH:NTHASH_
 > Authenticate using NT hash
@@ -49,6 +53,9 @@ This capability is useful in penetration testing for setting up resource-based c
 **-no-pass**
 > Don't prompt for password
 
+**-dc-host** _hostname_
+> Hostname of the domain controller
+
 # CAVEATS
 
 For authorized security testing only. The default ms-DS-MachineAccountQuota of 10 can be modified or set to 0 by administrators. Computer accounts created this way are visible to domain administrators.
@@ -59,4 +66,4 @@ Part of the Impacket suite maintained by SecureAuth, this tool gained prominence
 
 # SEE ALSO
 
-[add-computer.py](/man/add-computer.py)(1), [rbcd.py](/man/rbcd.py)(1), [getST.py](/man/getST.py)(1)
+[add-computer.py](/man/add-computer.py)(1), [impacket-getnpusers](/man/impacket-getnpusers)(1)