ExtendedRandombool`long:"extended-random" description:"Send TLS Extended Random Extension" json:"extran"`
NoSNIbool`long:"no-sni" description:"Do not send domain name in TLS Handshake regardless of whether known" json:"sni"`
SCTExtbool`long:"sct" description:"Request Signed Certificate Timestamps during TLS Handshake" json:"sct"`
// TODO: Do we just lump this with Verbose (and put Verbose in TLSFlags)?
KeepClientLogsbool`long:"keep-client-logs" description:"Include the client-side logs in the TLS handshake"`
Timestring`long:"time" description:"Explicit request time to use, instead of clock. YYYYMMDDhhmmss format."`
// TODO: directory? glob? How to map server name -> certificate?
Certificatesstring`long:"certificates" description:"Set of certificates to present to the server"`
// TODO: re-evaluate this, or at least specify the file format
CertificateMapstring`long:"certificate-map" description:"A file mapping server names to certificates"`
// TODO: directory? glob?
RootCAsstring`long:"root-cas" description:"Set of certificates to use when verifying server certificates"`
// TODO: format?
NextProtosstring`long:"next-protos" description:"A list of supported application-level protocols"`
ServerNamestring`long:"server-name" description:"Server name used for certificate verification and (optionally) SNI"`
VerifyServerCertificatebool`long:"verify-server-certificate" description:"If set, the scan will fail if the server certificate does not match the server-name, or does not chain to a trusted root."`
// TODO: format? mapping? zgrab1 had flags like ChromeOnly, FirefoxOnly, etc...
CipherSuitestring`long:"cipher-suite" description:"A list of cipher suites to use."`
MinVersionint`long:"min-version" description:"The minimum SSL/TLS version that is acceptable. 0 means that SSLv3 is the minimum."`
MaxVersionint`long:"max-version" description:"The maximum SSL/TLS version that is acceptable. 0 means use the highest supported value."`
CurvePreferencesstring`long:"curve-preferences" description:"A list of elliptic curves used in an ECDHE handshake, in order of preference."`
NoECDHEbool`long:"no-ecdhe" description:"Do not allow ECDHE handshakes"`
// TODO: format?
SignatureAlgorithmsstring`long:"signature-algorithms" description:"Signature and hash algorithms that are acceptable"`
HeartbeatEnabledbool`long:"heartbeat-enabled" description:"If set, include the heartbeat extension"`
DSAEnabledbool`long:"dsa-enabled" description:"Accept server DSA keys"`
// TODO: format?
ClientRandomstring`long:"client-random" description:"Set an explicit Client Random (base64 encoded)"`
// TODO: format?
ClientHellostring`long:"client-hello" description:"Set an explicit ClientHello (base64 encoded)"`
}
funcgetCSV(argstring)[]string{
// TODO: Find standard way to pass array-valued options