Parameters:

“urls.txt”: The file that contains the domains, separated by carriage returns. Domains may or may not include the “www” subdomain. If not, the program attempts to use the two, unless otherwise specified using the “-d” switch.

“output.xml”: specifies the path and file name for the creation of the configuration XML file required by EMET. If one already exists, the program asks if it should be overwritten, unless otherwise specified using the “-s” switch.

Options:

t|timeout=X: Establishes the time in milliseconds for the request. Between 500 and 1000 milliseconds are recommended, although it depends on the threads established. The value 0 indicates that there is no timeout (default value). In this case, the program attempts to connect until the connection expires.

“s”, Silent mode: Neither output nor questions are generated. Note that once finished, it will not ask whether the user wishes to configure EMET by importing the XML either.

“e”: This option generates a txt file called “error.txt” that contains the listing of domains that have generated an error in the connection for any reason. This listing can be used again to attempt it with the program.

“d”: This options disables double-checking. This means that an attempt is made to connect to the main domain and its “www” subdomain. If the domain is specified in the list with “www”, no other attempt will be made. If it is not specified, both will be attempted. With this option active, not.

c|concurrency=X: Establishes the number of threads with which the program will run. They are the number of simultaneous connections. Eight are recommended. The default is only one.

“u”: Each time the program is launched, it contacts the central servers to check whether a new version exists. This options disables this check.

“ie”: ie extension custom mode, overwrites supplied xml and shows less info.

The tool is designed for administrators and advanced users who use Internet Explorer and want to enable an alert when there is a suspicion that the connection to a domain may be in the process of being altered. Although the EMET pin system is far from perfect and issues a very low-level alert (it continues to give access to the site), it is a first implementation whose functionality is sure to improve in the future.

Some domains return different valid root certificates, depending on the country from which they are visited or other circumstances. The tool, for its part, does not allow pinning various certificates to a single domain, and therefore is linked to the place where it is executed.