1 files changed, 23 insertions, 6 deletions

diff --git a/README.md b/README.md
index 6ae0b07..2ee0606 100644
--- a/README.md
+++ b/README.md
@@ -60,22 +60,28 @@ PMF tries as much as possible to use semantic patterns, to detect things like
 and then passed to some dangerous function like `system`".
 
 ## Installation
+
+### From source
+
 - Install Go (using your package manager, or [manually](https://go.dev/doc/install))
 - Install libyara >= 4.2 (using your package manager, or [from source](https://yara.readthedocs.io/en/stable/gettingstarted.html))
 - Download php-malware-finder: `git clone https://github.com/jvoisin/php-malware-finder.git`
 - Build php-malware-finder: `cd php-malware-finder && make`
 
+or replace the last 2 steps with `go install github.com/jvoisin/php-malware-finder`,
+which will directly compile and install PMF in your `${GOROOT}/bin` folder.
+
 ## How to use it?
 
 ```
-$ ./phpmalwarefinder -h
+$ ./php-malware-finder -h
 Usage:
-  phpmalwarefinder [OPTIONS] [Target]
+  php-malware-finder [OPTIONS] [Target]
 
 Application Options:
-  -r, --rules-dir=      Rules location (default: /etc/phpmalwarefinder or .)
+  -r, --rules-dir=      Alternative rules location (default: embedded rules)
   -a, --show-all        Display all matched rules
-  -f, --fast            Enable YARA's fast mode'
+  -f, --fast            Enable YARA's fast mode
   -R, --rate-limit=     Max. filesystem ops per second, 0 for no limit (default: 0)
   -v, --verbose         Verbose mode
   -w, --workers=        Number of workers to spawn for scanning (default: 32)
@@ -84,6 +90,7 @@ Application Options:
   -i, --exclude-imgs    Do not scan image files
   -x, --exclude-ext=    Additional file extensions to exclude
   -u, --update          Update rules
+  -V, --version         Show version number and exit
 
 Help Options:
   -h, --help            Show this help message
@@ -92,7 +99,7 @@ Help Options:
 Or if you prefer to use `yara`:
 
 ```
-$ yara -r ./php.yar /var/www
+$ yara -r ./data/php.yar /var/www
 ```
 
 Please keep in mind that you should use at least YARA 3.4 because we're using
@@ -103,6 +110,16 @@ have support for hashes.
 
 Oh, and by the way, you can run the *comprehensive* testsuite with `make tests`.
 
+### Docker
+
+If you want to avoid having to install Go and libyara, you can also use our
+docker image and simply mount the folder you want to scan to the container's
+`/data` directory:
+
+```
+$ docker run --rm -v /folder/to/scan:/data ghcr.io/jvoisin/php-malware-finder
+```
+
 ## Whitelisting
 
 Check the [whitelist.yar](https://github.com/jvoisin/php-malware-finder/blob/master/php-malware-finder/whitelist.yar) file.
@@ -115,7 +132,7 @@ Because:
 - It doesn't use [a single rule per sample](
   https://github.com/Neo23x0/signature-base/blob/e264d66a8ea3be93db8482ab3d639a2ed3e9c949/yara/thor-webshells.yar
   ), since it only cares about finding malicious patterns, not specific webshells
-- It has a [complete testsuite](https://travis-ci.org/jvoisin/php-malware-finder), to avoid regressions
+- It has a [complete testsuite](https://github.com/jvoisin/php-malware-finder/actions), to avoid regressions
 - Its whitelist system doesn't rely on filenames
 - It doesn't rely on (slow) [entropy computation]( https://en.wikipedia.org/wiki/Entropy_(information_theory) )
 - It uses a ghetto-style static analysis, instead of relying on file hashes