-
Notifications
You must be signed in to change notification settings - Fork 22
Expand file tree
/
Copy pathscanner.ini.example
More file actions
35 lines (29 loc) · 1.28 KB
/
scanner.ini.example
File metadata and controls
35 lines (29 loc) · 1.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# Copy this file to scanner.ini and fill in real credentials.
# scanner.ini is git-ignored so secrets stay local.
#
# Pass via: python scanner.py --config scanner.ini --exploit ...
[smtp]
# Outbound relay used to create the malicious maildir folder on the target
# via SMTP+sub-addressing. Any relay that accepts your sender works.
host = smtp.sendgrid.net
port = 587
user = apikey
# Leave password empty here and set SCANNER_SMTP_PASSWORD in the environment
# if you want to keep the key out of the file.
password = SG.replace-me
from_addr = notify@example.com
[caldav]
# File to exfiltrate from confirmed-vulnerable targets. Override with
# --read-file on the command line.
read_file = /etc/passwd
# Maildir folder name. The path-traversal payload is encoded in this name,
# so changing it will break the exploit unless you know what you're doing.
folder_name = x-attachment-1-y
# Ports to try the CalDAV GET against. 2080 is TLS cpdavd, 2079 is plain.
ports = 2080,2079
# Seconds to wait between CalDAV read attempts. The first read fires after
# the first value, the second after the second, etc. Longer ladders catch
# slow mail-delivery / folder-creation paths.
wait_ladder = 5,10,20,30
# Optional override of the email-prefix wordlist sprayed per domain.
# email_prefixes = info,admin,contact,support