Skip to content

Configuration

Jump to bottom
matthewD-AVI edited this page Sep 6, 2018 · 8 revisions

ADAPT Configuration

Configuring ADAPT behavior(adapt.config)

The file adapt.config provides nearly all of the configuration options that are necessary to operate the main program. This file provides descriptions as to the options that are listed within that file. Please note that command line options override these options inherently. For a brief summary of command line option, see the section at the bottom of this page.

  1. Open your configuration file(adapt.config) in the text editor of your choice.
  2. Edit the settings to fit your needs. Below is a list of settings and what they control.

[GENERAL_OPTIONS]
  target <string>: http://localhost
    This is the webservice that will be tested.
  context <string>: http://localhost
    This sets the context for the zap OWASP Zap spider and scan, etc..
  confidence <string>: paranoid
    This limit’s returned results by matching confidence level and higher.
  risk <string>: paranoid
    This limit’s returned results by matching risk level or higher.
  detail <string>: full
    This changes the level of detail within the results.
  nmap_script_ports <string>: 80
    Specifies a specific port for the nmap script.

[OUTPUT_OPTIONS]
  filetype <string>: json
    This determines the resulting output’s file format.
  specific_filename <string>: outputTest.json
    This specifies the output file name. If given none, a timestamped file will be generated.
  append <bool>: on
    This determines whether a file is overwritten or added to.

[SSH_OPTIONS]
  ssh_get_logs <bool>: off
    This enables/disables ssh functionality.
  hostname <string>: localhost
  This sets the host name for the ssh server.
  username <string>: root
    This specifies the username to login to the ssh server.
  password <string>: toor
    This specifies the password for the username to login to the ssh server.
  port <string>: 22
    Specifies the port on which the user connects to the ssh server.
  keywords <string>: ERROR
   Specifies key words to search for when looking through files (case sensitive).
  log_paths <string>: ./Desktop/Test.log ./Desktop/Test2.log
    Specifies the paths to search. Multiple paths can be included, but they; must be full paths.
  read_direction <string>: full
    Specifies where in the file reading begins.
  read_amount <string>: 500
    Specifies how many lines to read from a given direction. Ignored if direction is full.

[OWASP_ZAP_OPTIONS]
  passive_scanning <bool>: on
    Enables/disables the OWASP ZAP passive scan feature.
  spider_scanning <bool>: on
    Enables/disables the OWASP ZAP spider scanning feature.
  active_scan <bool>: off
    Enables/disables the OWASP ZAP active scan feature.
  zap_port <string>: 8080
    This setting configures the port OWASP ZAP runs on.
  api_key <string>: 9203935709
   Sets the api key for OWASP ZAP. Can usually remain as at default; to do so, leave as none.
  exclude <string>: /logout.php
   This setting configures a list of paths that will not be traversed during testing.

[AUTH_OPTIONS]
  auth_module <string>: login_script.py
    This setting configures the authentication script the user wishes to point to. Use “none” for no authentication.
  valid_username <string>: user
    This configures the username to be used for authentication.
  valid_password <string>: password
    This configures the password to be used in conjunction with the username for authentication.

[OWASP_OPTIONS]
  ident_004 <bool>: on
    Enables/disables the IDENT-004 test.
  authn_001 <bool>: off
    Enables/disables the AUTHN-001 test.
  authn_002 <bool>: on
    Enables/disables the AUThN-002 test.
  authn_003 <bool>: off
    Enables/disables the AUTHN-003 test.
  authz_001 <bool>: on
    Enables/disables the AUTHZ-001 test.
  config_002 <bool>: off
    Enables/disables the CONFIG-002 test.
  config_006 <bool>: on
    Enables/disables the CONFIG-006 test.
  crypst_001 <bool>: off
    Enables/disables the CRYPST-001 test.
  crypst_002 <bool>: on
    Enables/disables the CRYPST-002.
  err_001 <bool>: off
    Enables/disables the ERR-001 test.
  err_002 <bool>: on
    Enables/disables the ERR-002 test.
  info_002 <bool>: off
    Enables/disables the INFO-002 test.
  inpval_001 <bool>: on
    Enables/disables the INPVAL-001 test.
  inpval_002 <bool>: off
    Enables/disables the INPVAL-002 test.
  inpval_003 <bool>: on
    Enables/disables the INPVAL-003 test.
  sess_001 <bool>: on
    Enables/disables the SESS-001 test.
  sess_002 <bool>: on
    Enables/disables the SESS-002 test.

[DEBUG_OPTIONS]
  astam_verbose <bool>: on
    If turned on, progress statements will be output to console.
  zap_close <bool>: on
    If turned on, OWASP ZAP will close upon script completion.
  zap_hidden <bool>: on
   If turned on, OWASP ZAP will run as a daemon process.

Configure ADAPT Command Line Options

The following Command Line Options are supported

  • --target : Manually set host as target
  • --port : Manually set target port
  • --verbose : Turn on verbose mode
  • -h, --help : Show help
  • --output : specify output file.
Clone this wiki locally