-
Notifications
You must be signed in to change notification settings - Fork 0
User Configuration
This document covers user configuration files and options.
Location: ~/.config/ptdb/config.toml
active = true
[server_mode]
socket_adr = "/tmp/ptdb/server"
quiet_logs = false # same effect as the '-q' flag for the parse subcmd but for the server specifically.
[targets]
hosts = "FROM machines JOIN dns_names ON machines.id = dns_names.machine_uid JOIN ports ON machines.id = ports.machine_uid"
machines = "FROM machines"
ports = "FROM ports JOIN machines ON machines.id = ports.machine_uid JOIN commands ON ports.command_uid = commands.id"
web_dirs = "FROM web_dirs JOIN machines ON machines.id = web_dirs.machine_uid JOIN commands ON web_dirs.command_uid = commands.id"
web-dirs = "FROM web_dirs JOIN machines ON machines.id = web_dirs.machine_uid JOIN commands ON web_dirs.command_uid = commands.id"
wd = "FROM web_dirs JOIN machines ON machines.id = web_dirs.machine_uid JOIN commands ON web_dirs.command_uid = commands.id"
creds = "FROM creds JOIN commands ON creds.command_uid = commands.id"
credentials = "FROM creds JOIN commands ON creds.command_uid = commands.id"
CREDENTIALS = "FROM creds"
WEB_DIRS = "FROM web_dirs"
HOSTS = "FROM machines"
COMMANDS = "FROM commands"
CMDS = "FROM commands"
[[parsers.feroxbuster]]
parser = "feroxbuster.py"
[[parsers.rustscan]]
parser = "rustscan.py"
parse_on_error = false # default is true so this option is only nessesary if you what the parser to NOT parse of errors.
[[parsers.gobuster]]
parser = "gobuster.py"
args = [["dir"]]
help = ["-h", "--help", "help"] # default is ["-h", "--help"] so this option is only nessesary if there are other/different help arguments
[[parsers.john]]
parser = "john.py"
help = ["-h", "--help"]
[[parsers.john]]
parser = "john_show.py"
args = [['--show']]
[[parsers.nmap]]
parser = "base_nmap.py"
[[parsers.hydra]]
parser = "hydra.py"
# [[parsers.cat]]
# parser = "hydra.py"
# help = ["-h", "--help"]
[[parsers.fping]]
parser = "fping.py"
[[parsers.dig]]
parser = "dig.py"
[[parsers.nmap]]
# each sub-array in args is one set of arguments, ALL of which must be present,
# OR ALL of any other sub-list muct be present, for this parser to be used to.
# so this parser will be used, ONLY if the user call nmap, AND either `--script=vuln`
# is on of the args to Nmap, or if both `--script` and `vuln` are both present
# in the args list.
#
# to put it in quazi-math syntaxt:
# (args[0][0] AND ... AND args[0][n]) OR ... OR (args[k][0] AND ... AND args[k][n])
args = [['--script=vuln'],
['--script', 'vuln']]
parser = "nmap/nmap-vuln.parser"
Controls wehter ptdb is paused globally. if 'true' then ptdb is globally active, if 'false' then ptdb is globally inactive. This setting can be toggled either by the pause and resume sub-commands (ptdb pause and ptdb resume). Or by manually editing the file. Both meathods have hte same end result.
Contains settings that only apply when being run in server/client mode.
Defines the address of the unix socket used to listen for incoming connections.
Defines the verbosity of server loging. If true the server will log significantly less data.
Is interpreted as a hashmap of values to insert as the "FROM" clause when making SQL queries.
Is a string that represent an entry in the "targets" hashmap. this FROM clause will be used when the user queries for data from this target. i.e ptdb query -s <COLUMN-NAMES> -f <TARGET>
Defines what parser to use for what executable.
Is a configuration for a single parser. This parser will used to parser the output of <EXECUTABLE> if its conditions are met. (see bellow for clarification)
Defines the name of the file name of the parser that is to be used.
Defines whether the parser should be run when the program exits with an error. (i.e if the user canceled the command or it ran into some internal error.) The dafault value is 'true' meaning that data will be parsed when the program errors.
Is a list of arguments that print <EXECUTABLE>'s help message. This exists so that the parser does not try to parse help messages. It is helpful the program uses non-statndard help flags or has bound a normal help flag -- -h for example -- to some internal functionality. By default ptdb will look for -h and --help as help arguments. Setting parser.<EXECUTABLE>.help will completely override the default, so remember to define ALL help argments that <EXECUTABLE> excepts.
Is a set of lists where, all elements from at least one sublist must be present in the command for the defined parser to be used. is helpful when there are multiple parsers for the different modes of a command. see the two entries for nmap and the gobuster parser entry from the default config for an example.
every engament needs its own config which defines information like, the name of the the SQL database in PostgreSQL, where the database is hosted, etc.
Location: ~/.config/ptdb/engagements/SAMPLE-ENGAGEMENT.toml
name = "SAMPLE-ENGAGEMENT"
complete = false
db_conf = "default.toml"
defines the name of engagement. It is used to set the name of the database on the PostgreSQL host.
Tells ptdb if the engament is complete. If the active engagements complete value is set to 'true' then ptdb will not parse new input but will allow querying to help when writing your reports or write-ups.
Defines the database configuration file to use. That file defines how ptdb should connect to the db host server. This value defaults to "default.toml"
The database confing files are used to define database servers that host the collected data. Support for multiple database hosts was implemented because:
- it will be nessesary when I add GraphQL database support.
- when doing CTFs one can use a host with less security.
- helps keep data from work and data from personal CTFs separate.
Location: ~/.config/ptdb/db-servers/default.toml
# configuration for connecting to the sql database.
# ---
# host should be a file path if connecitng via a UNIX socket or an ip address/url if connecting to a remote session.
host = "/run/postgresql/"
user = "postgres"
# passwd = "super_secret_password" # only needed if you dont have passwordless auth on the database.
# port = "5432"
# ssl_cert = "/path/to/ca_cert_file.cert" # if you're running postgres locally this is unnessesary.
require_ssl = false
db_type = "SQL"
Defines the address that should be used to comunicate with the database host. Can be:
- UNIX socket path
- IP Address
- url
Tells PenTestDB what user to use when connecting to the db host.
Tells PenTestDB what password to use when connecting to the remote host. This option is not nessesary if connecting to an instance hosted on the localhost or when.
Tells PenTestDB what port the database service is using on the host. This option is optional and defaults to 5432 when db_type is set to "SQL".
Defines the path to the CA.cert file to use if connecitng a servier using a self signed cert. This option is optional as it is only nessesary when using self signed certs and not using crts to login.
Hint: you can generate a .crt file on your PostgreSQL host then put it in the ~/.postgresql directory. You can then configure PostgreSQL to use crts for user authentication. If you do that then you dont need the passwd option.
Tells PenTestDB wether it should drop the connection to the database if SSL fails. If this value is "false" then PenTestDB will set the "sslmode" to "prefer" in PostgreSQL, if "true" then "sslmode" will be set to "require". In other words ssl is attempted even when this value is "false". The only way to have a connection that isn't protected by TLS and SSL is to set require_ssl to "false" AND for ssl to fail. Defaults to: "false" because "sslmode" being set to "require" is too strict for my taste.
Tells PenTestDB what kind of database the config defines. This option is mandatory and interpreted as a enum. It is VERRY picky and db_type MUST be either "SQL" or "GraphQL". It is sensative to capitalization.
NOTE: GraphQL feature is not currently functional.