-
Notifications
You must be signed in to change notification settings - Fork 51
/
Copy pathadapt.config
148 lines (124 loc) · 4.67 KB
/
adapt.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
#
# Automated Dynamic Application Penetration Testing (ADAPT)
#
# Copyright (C) 2018 Applied Visions - http://securedecisions.com
#
# Written by Siege Technologies - http://www.siegetechnologies.com/
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# The general configuration file for ADAPT.
# If there is a vlue you don't know if should filled or filled with, put none.
[GENERAL_OPTIONS]
target = http://localhost:8080
context = http://localhost:8080
# limits returned results by matching confidence level and higher
# (low, medium, high, paranoid) paranoid -> all information regardless of confidence
confidence = paranoid
# limits returned results by matching risk level and higher
# (low, medium, high, paranoid) paranoid -> all information regardless of risk
risk = paranoid
# changes the level of detail within the results
# low -> pass/fail results
# medium -> more specific errors reported
# high -> More collected information is reported
# full -> All collected data is reported
detail = full
# Specify a specific port for the nmap scan script
# 'none' specifies all ports
# multiple port numbers should be space separated
nmap_script_ports = 80
[OUTPUT_OPTIONS]
# if a specific filename is given, ADAPT will attempt to save the results to that file.
# if specific_filename is 'none' then ADAPT will resort to saving the results as
# a timestamped file of whatever filetype is specified for 'filetype'
# available output options: [json, xml]
filetype = json
specific_filename = none
# if append is on then it will append all new data to the file
# if the file doesn't exist it will be created
append = on
[SSH_OPTIONS]
# specify '//stdin' to enter username/password via stdin
ssh_get_logs = off
hostname = localhost
username = //stdin
password = //stdin
port = 22
# This specifies space separated key words to look for when looking through lof files
# This is case sensitive
# if set to none, defaults to: [ERROR, error, WARNING, warning]
keywords = none
# Multiple locations can be specified, each must be whitespace separated.
# NOTE: They must be full paths
log_paths = ./Desktop/Test.log
#/var/log/http-error.log
# Can choose 'full', 'bottom' or 'top'
# Full : scans the full file (ignores read amount)
# Bottom : reads from the bottom of the file
# Top : reads from the top of the file
read_direction = full
# How many lines to read from a give direction
# If direction set to 'full', this will be ignored.
read_amount = 1000
[OWASP_ZAP_OPTIONS]
# passive scanning by zap (on/off)
passive_scan = on
# spider scanning by zap (on/off)
spider_scan = on
# Active path scanning by zap (on/off)
active_scan = on
#Note that if testing against localhost on same post, this one must be changed.
zap_port = 8080
# api key for zap. Not necessary to set, can remain as default.
api_key = none
# These are paths will not be traveresed during testing
exclude = /logout.php /logout
[AUTH_OPTIONS]
# Specifies how application authentication will be handled.
# There are two methods of handling application authentication.
# 1. none : this bascially skips over authentication and automatically turns off tests
# 2. <custom_login>.py : Give a python file, and the script will call a function called 'service_auth' and it lets the user handle login. Please see 'login_format.py' for details regarding expected parameters and return values.
# if either provided method fails, it will turn off authentication
# you may also put relative paths for the data or script
auth_module = login_format.py
# These are an example login username and password
# Put '//stdin' to enter the username/password via stdin
valid_username = //stdin
valid_password = //stdin
[OWASP_OPTIONS]
ident_004 = on
authn_001 = on
authn_002 = on
authn_003 = on
authz_001 = on
config_002 = on
config_006 = on
crypst_001 = on
crypst_002 = on
err_001 = on
err_002 = on
info_002 = on
inpval_001 = on
inpval_002 = on
inpval_003 = on
sess_001 = on
sess_002 = on
[DEBUG_OPTIONS]
# Note that while these values can be changed, it is recommended to leave them as default.
# If on, dumps script progess into stdout.
adapt_verbose = on
# If on, zap will close upon script completion.
zap_close = on
# If on, zap will be run as a daemon process.
zap_hidden = on