Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
The Chomp Scan configuration file gives you complete granular control over all the tools and options that can be selected. It is the easiest and preferred way to run Chomp Scan.
The config file is structured similar to an INI file, with different sections delimited by brackets, e.g. [section].
The [general] section contains general settings not specific to any one tool, such as using HTTP or HTTPS, the Notica URL parameter, a custom output directory, etc.
The remaining sections allow you to enable/disable each tool in each scanning phase, as well as set custom wordlists where appropriate.
Note that to enable all tools/options, an uppercase
YES is used, while paths contain a case-sensitive, fully qualified path to whichever file is being set, e.g.
/root/wordlist.txt. To disable a tool or path, simply leave it blank.
A complete, fully commented example config file is provided below for reference:
# Possible values for tools are case-sensitive YES or blank. # Wordlist values are either blank, a built-in wordlist name, or a path to a file. [general] # Set domain to scan (required). Do not include a scheme, e.g. https:// or http://. Chomp Scan will add the appropriate scheme as needed. DOMAIN= # Use HTTP instead of default HTTPS, values are YES or blank ENABLE_HTTP= # Set custom output directory, value are a path to a directory or blank OUTPUT_DIR= # Use all discovered domains instead of default interesting discovered domains, values are YES or blank USE_ALL= # Set Notica URL parameter for notifications, values are a Notica URL parameter or blank. See notica.us for details. NOTICA= # Set custom domain blacklist file, values are a path to a file or blank BLACKLIST= # Set custom interesting word list, values are a path to a file or blank INTERESTING= # Set custom path to tools. This should be a fully qualified path to the directory that contains the downloaded tools from Github TOOL_PATH= # Enable parsing resolved domains into a Burp-formatted JSON file ENABLE_RESCOPE=YES [subdomain enumeration] # Set which tools run ENABLE_DNSCAN=YES ENABLE_SUBFINDER=YES ENABLE_SUBLIST3R=YES ENABLE_ALTDNS=YES # Set wordlist # Possible options are SHORT, lONG, HUGE, or the path to a custom wordlist SUBDOMAIN_WORDLIST= [content discovery] # Set which tools run ENABLE_INCEPTION=YES ENABLE_WAYBACKURLS=YES ENABLE_FFUF=YES ENABLE_GOBUSTER=YES ENABLE_DIRSEARCH=YES # Set wordlist # Possible options are SMALL, MEDIUM, LARGE, XL, XXL, or the path to a custom wordlist CONTENT_WORDLIST= [information gathering] # Set which tools run ENABLE_SUBJACK=YES ENABLE_CORSTEST=YES ENABLE_S3SCANNER=YES ENABLE_BFAC=YES ENABLE_WHATWEB=YES ENABLE_WAFW00F=YES ENABLE_NIKTO=YES [port scanning] # Set which tools run ENABLE_MASSCAN=YES ENABLE_NMAP=YES [screenshots] # Enable aquatone ENABLE_SCREENSHOTS=YES