From 29e8cb593c6c791941dae771e1f650469cff0a67 Mon Sep 17 00:00:00 2001
From: casual <c@sual.in>
Date: Thu, 11 Apr 2024 09:14:28 +0000
Subject: [PATCH] Update README.md

---
 README.md | 37 +++++++++++++++++++++++++++++++++++--
 1 file changed, 35 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index f173f5b..bae3712 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,38 @@
 # owncloud_bruteforcer
 
-simple tool to bruteforce owncloud instance
-(the main purpose is bypass anti-CSRF token)
+Simple tool to bruteforce owncloud instance
 
+# Description
+
+Tool make GET request to acquire CSRF token + cookies and make POST request with given username and password wordlist.
+
+## Installation
+
+`go install git.sual.in/casual/owncloud_bruteforcer@latest`
+
+## Help
+
+```
+Owncloud_bruteforcer - tool to bruteforce user
+
+Usage:
+  owncloud_bruteforcer [flags]
+
+Flags:
+INPUT:
+   -url, -u string                target's url to login page. Example "https://example.com/index.php/login, http://example.com/login "
+   -login, -l string              username to bruteforce (default "admin")
+   -login-wordlist, -L string     username wordlist
+   -password-wordlist, -P string  Password wordlist
+   -proxy, -x string              HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays
+   -threads, -t int               threads to bruteforce (default 10)
+
+
+```
+
+## Notes
+
+ - Successful login detected by redirect location after POST request. If user have 2FA, then app will not show found login:password.
+
+# License
+This project is licensed under the MIT License - see the LICENSE file for details
\ No newline at end of file