Configuration - secdec/adapt GitHub Wiki
The file adapt.config provides nearly all of the configuration options that are necessary to operate the main program. This file provides descriptions as to the options that are listed within that file. Please note that command line options override these options inherently. For a brief summary of command line option, see the section at the bottom of this page.
- Open your configuration file(adapt.config) in the text editor of your choice.
- Edit the settings to fit your needs. Below is a list of settings and what they control.
[GENERAL_OPTIONS]
β target <string>: http://localhost
β β This is the webservice that will be tested.
β context <string>: http://localhost
β β This sets the context for the zap OWASP Zap spider and scan, etc..
β confidence <string>: paranoid
β β This limitβs returned results by matching confidence level and higher.
β risk <string>: paranoid
β β This limitβs returned results by matching risk level or higher.
β detail <string>: full
β β This changes the level of detail within the results.
β nmap_script_ports <string>: 80
β β Specifies a specific port for the nmap script.
[OUTPUT_OPTIONS]
β filetype <string>: json
β β This determines the resulting outputβs file format.
β specific_filename <string>: outputTest.json
β β This specifies the output file name. If given none, a timestamped file will be generated.
β append <bool>: on
β β This determines whether a file is overwritten or added to.
β [SSH_OPTIONS]
β ssh_get_logs <bool>: off
β β This enables/disables ssh functionality.
β hostname <string>: localhost
β This sets the host name for the ssh server.
β username <string>: root
β β This specifies the username to login to the ssh server.
β password <string>: toor
β β This specifies the password for the username to login to the ssh server.
β port <string>: 22
β β Specifies the port on which the user connects to the ssh server.
β keywords <string>: ERROR
β βSpecifies key words to search for when looking through files (case sensitive).
β log_paths <string>: ./Desktop/Test.log ./Desktop/Test2.log
β β Specifies the paths to search. Multiple paths can be included, but they; must be full paths.
β read_direction <string>: full
β β Specifies where in the file reading begins.
β read_amount <string>: 500
β β Specifies how many lines to read from a given direction. Ignored if direction is full.
[OWASP_ZAP_OPTIONS]
β passive_scanning <bool>: on
β β Enables/disables the OWASP ZAP passive scan feature.
β spider_scanning <bool>: on
β β Enables/disables the OWASP ZAP spider scanning feature.
β active_scan <bool>: off
β β Enables/disables the OWASP ZAP active scan feature.
β zap_port <string>: 8080
β β This setting configures the port OWASP ZAP runs on.
β api_key <string>: 9203935709
β βSets the api key for OWASP ZAP. Can usually remain as at default; to do so, leave as none.
β exclude <string>: /logout.php
β βThis setting configures a list of paths that will not be traversed during testing.
[AUTH_OPTIONS]
β auth_module <string>: login_script.py
β β This setting configures the authentication script the user wishes to point to. Use βnoneβ for no authentication.
β valid_username <string>: user
β β This configures the username to be used for authentication.
β valid_password <string>: password
β β This configures the password to be used in conjunction with the username for authentication.
[OWASP_OPTIONS]
β ident_004 <bool>: on
β β Enables/disables the IDENT-004 test.
β authn_001 <bool>: off
β β Enables/disables the AUTHN-001 test.
β authn_002 <bool>: on
β β Enables/disables the AUThN-002 test.
β authn_003 <bool>: off
β β Enables/disables the AUTHN-003 test.
β authz_001 <bool>: on
β β Enables/disables the AUTHZ-001 test.
β config_002 <bool>: off
β β Enables/disables the CONFIG-002 test.
β config_006 <bool>: on
β β Enables/disables the CONFIG-006 test.
β crypst_001 <bool>: off
β β Enables/disables the CRYPST-001 test.
β crypst_002 <bool>: on
β β Enables/disables the CRYPST-002.
β err_001 <bool>: off
β β Enables/disables the ERR-001 test.
β err_002 <bool>: on
β β Enables/disables the ERR-002 test.
β info_002 <bool>: off
β β Enables/disables the INFO-002 test.
β inpval_001 <bool>: on
β β Enables/disables the INPVAL-001 test.
β inpval_002 <bool>: off
β β Enables/disables the INPVAL-002 test.
β inpval_003 <bool>: on
β β Enables/disables the INPVAL-003 test.
β sess_001 <bool>: on
β β Enables/disables the SESS-001 test.
β sess_002 <bool>: on
β β Enables/disables the SESS-002 test.
[DEBUG_OPTIONS]
β astam_verbose <bool>: on
β β If turned on, progress statements will be output to console.
β zap_close <bool>: on
β β If turned on, OWASP ZAP will close upon script completion.
β zap_hidden <bool>: on
β βIf turned on, OWASP ZAP will run as a daemon process.
The following Command Line Options are supported
- --target : Manually set host as target
- --port : Manually set target port
- --verbose : Turn on verbose mode
- -h, --help : Show help
- --output : specify output file.