Skip to content

Configuration

Credentials

Create credentials.json at project root (never committed — in .gitignore):

{
  "login": {
    "url": "https://target.com/login",
    "method": "form"
  },
  "users": [
    {"username": "admin", "password": "admin123", "role": "admin"},
    {"username": "user1", "password": "user123", "role": "user"},
    {"username": "viewer", "password": "view123", "role": "viewer"}
  ]
}

Login section required

The credentials.json MUST include a login section so the crawler can authenticate each role. Without it, the crawler runs unauthenticated and misses all protected pages.

Scope

Define in scope.txt:

*.example.com
!admin.example.com
10.0.0.0/24

Prefix with ! to exclude domains from scope.

Proxy

# Single proxy
/pentest https://target.com --proxy 127.0.0.1:8080

# Proxy rotation (create proxies.txt)
http://proxy1:8080
http://proxy2:8080
socks5://proxy3:1080

VPN

Host VPN does NOT route Docker container traffic. Use the VPN startup script:

./vpn-start.sh --vpn office      # OpenVPN profile from vpn/profiles/
./vpn-start.sh --vpn home --wg   # WireGuard
./vpn-start.sh --stop            # Stop all

See VPN Routing for full setup details.