Skip to content

Configuration File

Jump to bottom
SolomonSklash edited this page Mar 12, 2019 · 5 revisions

The Chomp Scan configuration file gives you complete granular control over all the tools and options that can be selected. It is the easiest and preferred way to run Chomp Scan.

The config file is structured similar to an INI file, with different sections delimited by brackets, e.g. [section].

The [general] section contains general settings not specific to any one tool, such as using HTTP or HTTPS, the Notica URL parameter, a custom output directory, etc.

The remaining sections allow you to enable/disable each tool in each scanning phase, as well as set custom wordlists where appropriate.

Note that to enable all tools/options, an uppercase YES is used, while paths contain a case-sensitive, fully qualified path to whichever file is being set, e.g. /root/wordlist.txt. To disable a tool or path, simply leave it blank.

A complete, fully commented example config file is provided below for reference:

# Possible values for tools are case-sensitive YES or blank.
# Wordlist values are either blank, a built-in wordlist name, or a path to a file.

[general]
# Set domain to scan (required). Do not include a scheme, e.g. https:// or http://. Chomp Scan will add the appropriate scheme as needed.
DOMAIN=
# Use HTTP instead of default HTTPS, values are YES or blank
ENABLE_HTTP=
# Set custom output directory, value are a path to a directory or blank
OUTPUT_DIR=
# Use all discovered domains instead of default interesting discovered domains, values are YES or blank
USE_ALL=
# Set Notica URL parameter for notifications, values are a Notica URL parameter or blank. See notica.us for details.
NOTICA=
# Set custom domain blacklist file, values are a path to a file or blank
BLACKLIST=
# Set custom interesting word list, values are a path to a file or blank
INTERESTING=
# Set custom path to tools. This should be a fully qualified path to the directory that contains the downloaded tools from Github
TOOL_PATH=
# Enable parsing resolved domains into a Burp-formatted JSON file
ENABLE_RESCOPE=YES


[subdomain enumeration]
# Set which tools run
ENABLE_DNSCAN=YES
ENABLE_SUBFINDER=YES
ENABLE_SUBLIST3R=YES
ENABLE_ALTDNS=YES
# Set wordlist
# Possible options are SHORT, lONG, HUGE, or the path to a custom wordlist
SUBDOMAIN_WORDLIST=

[content discovery]
# Set which tools run
ENABLE_INCEPTION=YES
ENABLE_WAYBACKURLS=YES
ENABLE_FFUF=YES
ENABLE_GOBUSTER=YES
ENABLE_DIRSEARCH=YES
# Set wordlist
# Possible options are SMALL, MEDIUM, LARGE, XL, XXL, or the path to a custom wordlist
CONTENT_WORDLIST=

[information gathering]
# Set which tools run
ENABLE_SUBJACK=YES
ENABLE_CORSTEST=YES
ENABLE_S3SCANNER=YES
ENABLE_BFAC=YES
ENABLE_WHATWEB=YES
ENABLE_WAFW00F=YES
ENABLE_NIKTO=YES

[port scanning]
# Set which tools run
ENABLE_MASSCAN=YES
ENABLE_NMAP=YES

[screenshots]
# Enable aquatone
ENABLE_SCREENSHOTS=YES
Clone this wiki locally