Configuration Reference - kaotickj/NetSentinel GitHub Wiki
⚙️ Configuration Reference
NetSentinel supports multiple configuration methods for supplying credentials and domain details — including a JSON-based config file, INI-style environment overrides, and full environment variable support.
This page outlines all supported parameters and shows how to use each approach.
📁 Configuration File Format (JSON)
By default, NetSentinel loads configuration from:
utils/config.json
If this file is not found, it attempts to read from environment variables.
🔧 config.json Example
{
"domain": "corp.local",
"username": "lowpriv",
"password": "Spring2025!",
"dc_ip": "10.0.0.5"
}
🔍 Parameters
| Key | Description | Required for |
|---|---|---|
domain |
Active Directory domain name | Kerberos scan |
username |
Username with LDAP/Kerberos read access | Kerberos scan |
password |
Corresponding password | Kerberos scan |
dc_ip |
Domain Controller IP address | Kerberos scan |
This file must be present if environment variables are not set and the --kerberos-scan flag is used.
📜 INI-Style Environment Override
You can also create a .env file and load it using tools like python-dotenv, or just export variables directly in your shell.
Example .env
NETSENTINEL_DOMAIN=corp.local
NETSENTINEL_USER=lowpriv
NETSENTINEL_PASS=Spring2025!
NETSENTINEL_DC=10.0.0.5
NetSentinel does not currently auto-load .env files, but you can either:
- Set variables in your shell (see next section), or
- Extend
config.pyto parse.envif desired
🌐 Environment Variable Usage
If the JSON file is absent, NetSentinel will fall back to the following environment variables:
| Variable Name | Description | Required for |
|---|---|---|
NETSENTINEL_DOMAIN |
Active Directory domain name | Kerberos scan |
NETSENTINEL_USER |
Username with read access | Kerberos scan |
NETSENTINEL_PASS |
Password for the user | Kerberos scan |
NETSENTINEL_DC |
IP address of the domain controller | Kerberos scan |
Bash Example
export NETSENTINEL_DOMAIN=corp.local
export NETSENTINEL_USER=lowpriv
export NETSENTINEL_PASS='Spring2025!'
export NETSENTINEL_DC=10.0.0.5
Then run NetSentinel normally:
python3 main.py --target 10.0.0.0/24 --kerberos-scan
🧠 Order of Precedence
NetSentinel uses the following precedence when loading configuration:
- Command-line overrides (planned for future versions)
- Environment variables (if all 4 are set)
- JSON config (
utils/config.json)
If configuration is incomplete, the Kerberos scan will not run, and an error will be logged.
✅ Quick Test
To verify that config is loaded correctly:
python3 -c 'from utils.config import Config; c = Config(); print(c.domain, c.username, c.dc_ip)'
This should print values from either the environment or config file.
🛠 Config Tips for Red Teams
- Avoid embedding credentials directly in config files in production environments
- Use disposable test credentials for CTFs or labs
- Consider extending
config.pyto support encryption or vault-based loading
🔐 Security Reminder
Your credentials grant access to directory services. Never commit config.json or .env files to a Git repository. Use .gitignore to keep them local:
# .gitignore
utils/config.json
.env
📝 Summary
| Method | Format | Priority | Supports Kerberos |
|---|---|---|---|
| config.json | JSON | Low | ✅ Yes |
| Environment | Shell | Medium | ✅ Yes |
| CLI Override | Planned | High | ❌ (not implemented) |
This configuration flexibility allows NetSentinel to be safely used in a wide range of environments - from isolated testbeds to tightly controlled enterprise AD domains.