From 6528faa8063b794448178cdac2f722624012388c Mon Sep 17 00:00:00 2001
From: Yun Zheng Hu <hu@fox-it.com>
Date: Mon, 11 Apr 2022 13:15:19 +0200
Subject: [PATCH] Update README.rst (#12)

Added badges and improved readability of some code blocks
---
 README.rst | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/README.rst b/README.rst
index fc9193b..e4437d1 100644
--- a/README.rst
+++ b/README.rst
@@ -1,6 +1,15 @@
 Dissecting Cobalt Strike using Python
 =====================================
 
+.. image:: https://github.com/fox-it/dissect.cobaltstrike/workflows/Tests/badge.svg
+   :target: https://github.com/fox-it/dissect.cobaltstrike/actions
+   :alt: GitHub Actions status
+.. image:: https://readthedocs.org/projects/dissect-cobaltstrike/badge/?version=latest
+   :target: https://dissect-cobaltstrike.readthedocs.io/en/latest/?badge=latest
+   :alt: Documentation Status
+.. image:: https://img.shields.io/pypi/v/dissect.cobaltstrike.svg
+   :target: https://pypi.python.org/pypi/dissect.cobaltstrike
+
 **dissect.cobaltstrike** is a Python library for dissecting and parsing Cobalt Strike related data such as beacon payloads and Malleable C2 Profiles.
 
 Installation
@@ -20,24 +29,28 @@ The project documentation can be found here: https://dissect-cobaltstrike.readth
 Basic Usage
 -----------
 
-Load a beacon and access some properties and settings:
+Parse a Cobalt Strike beacon and extract some config settings:
 
 .. code-block:: python
 
     >>> from dissect.cobaltstrike.beacon import BeaconConfig
+
     >>> bconfig = BeaconConfig.from_path("beacon.bin")
-    >>> bconfig.version
-    <BeaconVersion 'Cobalt Strike 4.2 (Nov 06, 2020)', tuple=(4, 2), date=2020-11-06>
+
     >>> hex(bconfig.watermark)
     '0x5109bf6d'
     >>> bconfig.protocol
     'https'
+    >>> bconfig.version
+    <BeaconVersion 'Cobalt Strike 4.2 (Nov 06, 2020)', tuple=(4, 2), date=2020-11-06>
+
     >>> bconfig.settings
     mappingproxy({'SETTING_PROTOCOL': 8,
                   'SETTING_PORT': 443,
                   'SETTING_SLEEPTIME': 5000,
                   'SETTING_MAXGET': 1048576,
                   'SETTING_JITTER': 0, ...
+
     >>> bconfig.settings["SETTING_C2_REQUEST"]
     [('_HEADER', b'Connection: close'),
      ('_HEADER', b'Accept-Language: en-US'),
@@ -47,7 +60,7 @@ Load a beacon and access some properties and settings:
      ('PREPEND', b'wordpress_ed1f617bbd6c004cc09e046f3c1b7148='),
      ('HEADER', b'Cookie')]
 
-Loading Malleable C2 Profiles and access settings:
+Parse a Malleable C2 Profile and read some configuration settings:
 
 .. code-block:: python
 
@@ -62,12 +75,14 @@ Loading Malleable C2 Profiles and access settings:
      'http-get.client.header': [('Accept', '*/*'), ('Host', 'www.amazon.com')],
      ...
     }
+ 
     >>> profile.properties["useragent"]
     ['Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko']
+
     >>> profile.properties["http-get.uri"]
     ['/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books']
 
 License
 -------
 
-**dissect.cobaltstrike** is developed and distributed under the MIT license.
\ No newline at end of file
+**dissect.cobaltstrike** is developed and distributed under the MIT license.