Merge pull request #221 from Security-Tools-Alliance/fix-dir-fuzz-too…

…-heavy refactor: update wordlists and configuration defaults
Security-Tools-Alliance · Nov 5, 2024 · bdb2d01 · bdb2d01
2 parents 94cfd27 + 3c25e1a
commit bdb2d01
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 26 deletions.
diff --git a/web/config/default_yaml_config.yaml b/web/config/default_yaml_config.yaml
@@ -81,15 +81,16 @@ dir_file_fuzz: {
   'auto_calibration': true,
   'enable_http_crawl': true,
   'rate_limit': 150,
-  'extensions': ['html', 'php','git','yaml','conf','cnf','config','gz','env','log','db','mysql','bak','asp','aspx','txt','conf','sql','json','yml','pdf'],
+  'extensions': [],
+  # 'extensions': ['html', 'php','git','yaml','conf','cnf','config','gz','env','log','db','mysql','bak','asp','aspx','txt','conf','sql','json','yml','pdf'],
   'follow_redirect': false,
   'max_time': 0,
   'match_http_status': [200, 204],
-  'recursive_level': 2,
+  'recursive_level': 0,
   'stop_on_error': false,
   'timeout': 5,
   'threads': 30,
-  'wordlist_name': 'dicc',
+  'wordlist_name': 'default', # fuzz-Bo0oM
 }
 fetch_url: {
   # 'custom_header': {

diff --git a/web/fixtures/default_scan_engines.yaml b/web/fixtures/default_scan_engines.yaml
@@ -16,11 +16,10 @@
       \   'jenkins',\r\n    'wordpress_files',\r\n    'php_error',\r\n    'exposed_documents',\r\n
       \   'db_files',\r\n    'git_exposed'\r\n  ],\r\n  'intensity': 'normal',\r\n
       \ 'documents_limit': 50\r\n}\r\ndir_file_fuzz: {\r\n  'auto_calibration': true,\r\n
-      \ 'enable_http_crawl': true,\r\n  'rate_limit': 150,\r\n  'extensions': ['html',
-      'php','git','yaml','conf','cnf','config','gz','env','log','db','mysql','bak','asp','aspx','txt','conf','sql','json','yml','pdf'],\r\n
+      \ 'enable_http_crawl': true,\r\n  'rate_limit': 150,\r\n  'extensions': [],\r\n
       \ 'follow_redirect': false,\r\n  'max_time': 0,\r\n  'match_http_status': [200,
-      204],\r\n  'recursive_level': 2,\r\n  'stop_on_error': false,\r\n  'timeout':
-      5,\r\n  'threads': 30,\r\n  'wordlist_name': 'dicc'\r\n}\r\nfetch_url: {\r\n
+      204],\r\n  'recursive_level': 0,\r\n  'stop_on_error': false,\r\n  'timeout':
+      5,\r\n  'threads': 30,\r\n  'wordlist_name': 'default', # fuzz-Bo0oM\r\n}\r\nfetch_url: {\r\n
       \ 'uses_tools': ['gospider', 'hakrawler', 'waybackurls', 'katana', 'gau'],\r\n
       \ 'remove_duplicate_endpoints': true,\r\n  'duplicate_fields': ['content_length',
       'page_title'],\r\n 'follow_redirect': false,\r\n 'enable_http_crawl': true,\r\n 'gf_patterns': ['debug_logic',

diff --git a/web/reNgine/definitions.py b/web/reNgine/definitions.py
@@ -107,9 +107,8 @@
 ###############################################################################
 
 # amass
-AMASS_DEFAULT_WORDLIST_PATH = (
-    'wordlist/default_wordlist/deepmagic.com-prefixes-top50000.txt'
-)
+AMASS_DEFAULT_WORDLIST_NAME = 'deepmagic.com-prefixes-top50000'
+AMASS_DEFAULT_WORDLIST_PATH = str(Path(RENGINE_WORDLISTS))
 
 # dorks
 DORKS_DEFAULT_NAMES = [
@@ -130,9 +129,10 @@
 ]
 
 # ffuf
-FFUF_DEFAULT_WORDLIST_PATH = str(Path(RENGINE_WORDLISTS) / 'dicc.txt')
+FFUF_DEFAULT_WORDLIST_NAME = 'fuzz-Bo0oM'
+FFUF_DEFAULT_WORDLIST_PATH = str(Path(RENGINE_WORDLISTS))
 FFUF_DEFAULT_MATCH_HTTP_STATUS = [200, 204]
-FFUF_DEFAULT_RECURSIVE_LEVEL = 2
+FFUF_DEFAULT_RECURSIVE_LEVEL = 0
 FFUF_DEFAULT_FOLLOW_REDIRECT = False
 
 # naabu

diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
@@ -426,8 +426,8 @@ def subdomain_discovery(
 
             elif tool == 'amass-active':
                 use_amass_config = config.get(USE_AMASS_CONFIG, False)
-                amass_wordlist_name = config.get(AMASS_WORDLIST, 'deepmagic.com-prefixes-top50000')
-                wordlist_path = str(Path(RENGINE_WORDLISTS) / f'{amass_wordlist_name}.txt')
+                amass_wordlist_name = config.get(AMASS_WORDLIST, AMASS_DEFAULT_WORDLIST_NAME)
+                wordlist_path = str(Path(AMASS_DEFAULT_WORDLIST_PATH) / f'{amass_wordlist_name}.txt')
                 cmd = f'amass enum -active -d {host} -o ' + str(Path(self.results_dir) / 'subdomains_amass_active.txt')
                 cmd += (' -config ' + str(Path.home() / '.config' / 'amass.ini')) if use_amass_config else ''
                 cmd += f' -brute -w {wordlist_path}'
@@ -1629,13 +1629,13 @@ def dir_file_fuzz(self, ctx={}, description=None):
     stop_on_error = config.get(STOP_ON_ERROR, False)
     timeout = config.get(TIMEOUT) or self.yaml_configuration.get(TIMEOUT, DEFAULT_HTTP_TIMEOUT)
     threads = config.get(THREADS) or self.yaml_configuration.get(THREADS, DEFAULT_THREADS)
-    wordlist_name = config.get(WORDLIST, 'dicc')
+    wordlist_name = config.get(WORDLIST, FFUF_DEFAULT_WORDLIST_NAME)
     delay = rate_limit / (threads * 100) # calculate request pause delay from rate_limit and number of threads
     input_path = str(Path(self.results_dir) / 'input_dir_file_fuzz.txt')
 
     # Get wordlist
-    wordlist_name = 'dicc' if wordlist_name == 'default' else wordlist_name
-    wordlist_path = str(Path(RENGINE_WORDLISTS) / f'{wordlist_name}.txt')
+    wordlist_name = FFUF_DEFAULT_WORDLIST_NAME if wordlist_name == 'default' else wordlist_name
+    wordlist_path = str(Path(FFUF_DEFAULT_WORDLIST_PATH) / f'{wordlist_name}.txt')
 
     # Build command
     cmd += f' -w {wordlist_path}'

diff --git a/web/scanEngine/fixtures/scanEngine.json b/web/scanEngine/fixtures/scanEngine.json
@@ -4,7 +4,7 @@
   "pk": 1,
   "fields": {
     "engine_name": "Full Scan",
-    "yaml_configuration": "subdomain_discovery: {\r\n  'uses_tools': ['subfinder', 'ctfr', 'sublist3r', 'tlsx', 'oneforall', 'netlas'],\r\n  'enable_http_crawl': true,\r\n  'threads': 30,\r\n  'timeout': 5,\r\n}\r\nhttp_crawl: {}\r\nport_scan: {\r\n  'enable_http_crawl': true,\r\n  'timeout': 5,\r\n  # 'exclude_ports': [],\r\n  # 'exclude_subdomains': [],\r\n  'ports': ['top-100'],\r\n  'rate_limit': 150,\r\n  'threads': 30,\r\n  'passive': false,\r\n  # 'use_naabu_config': false,\r\n  # 'enable_nmap': true,\r\n  # 'nmap_cmd': '',\r\n  # 'nmap_script': '',\r\n  # 'nmap_script_args': ''\r\n}\r\nosint: {\r\n  'discover': [\r\n      'emails',\r\n      'metainfo',\r\n      'employees'\r\n    ],\r\n  'dorks': [\r\n    'login_pages',\r\n    'admin_panels',\r\n    'dashboard_pages',\r\n    'stackoverflow',\r\n    'social_media',\r\n    'project_management',\r\n    'code_sharing',\r\n    'config_files',\r\n    'jenkins',\r\n    'wordpress_files',\r\n    'php_error',\r\n    'exposed_documents',\r\n    'db_files',\r\n    'git_exposed'\r\n  ],\r\n  'intensity': 'normal',\r\n  'documents_limit': 50\r\n}\r\ndir_file_fuzz: {\r\n  'auto_calibration': true,\r\n  'enable_http_crawl': true,\r\n  'rate_limit': 150,\r\n  'extensions': ['html', 'php','git','yaml','conf','cnf','config','gz','env','log','db','mysql','bak','asp','aspx','txt','conf','sql','json','yml','pdf'],\r\n  'follow_redirect': false,\r\n  'max_time': 0,\r\n  'match_http_status': [200, 204],\r\n  'recursive_level': 2,\r\n  'stop_on_error': false,\r\n  'timeout': 5,\r\n  'threads': 30,\r\n  'wordlist_name': 'dicc'\r\n}\r\nfetch_url: {\r\n  'uses_tools': ['gospider', 'hakrawler', 'waybackurls', 'katana', 'gau'],\r\n  'remove_duplicate_endpoints': true,\r\n  'duplicate_fields': ['content_length', 'page_title'],\r\n 'follow_redirect': false,\r\n 'enable_http_crawl': true,\r\n 'gf_patterns': ['debug_logic', 'idor', 'interestingEXT', 'interestingparams', 'interestingsubs', 'lfi', 'rce', 'redirect', 'sqli', 'ssrf', 'ssti', 'xss'],\r\n  'ignore_file_extensions': ['png', 'jpg', 'jpeg', 'gif', 'mp4', 'mpeg', 'mp3'],\r\n  'threads': 30\r\n}\r\nvulnerability_scan: {\r\n  'run_nuclei': true,\r\n  'run_dalfox': true,\r\n  'run_crlfuzz': true,\r\n  'enable_http_crawl': true,\r\n  'concurrency': 50,\r\n  'intensity': 'normal',\r\n  'rate_limit': 150,\r\n  'retries': 1,\r\n  'timeout': 5,\r\n  'fetch_gpt_report': true,\r\n  'nuclei': {\r\n    'use_nuclei_config': false,\r\n    'severities': ['unknown', 'info', 'low', 'medium', 'high', 'critical']\r\n  }\r\n}\r\nwaf_detection: {\r\n\r\n}\r\nscreenshot: {\r\n  'enable_http_crawl': true,\r\n  'intensity': 'normal',\r\n  'timeout': 10,\r\n  'threads': 40\r\n}\r\n\r\n# custom_header: \"Cookie: Test\"",
+    "yaml_configuration": "subdomain_discovery: {\r\n  'uses_tools': ['subfinder', 'ctfr', 'sublist3r', 'tlsx', 'oneforall', 'netlas'],\r\n  'enable_http_crawl': true,\r\n  'threads': 30,\r\n  'timeout': 5,\r\n}\r\nhttp_crawl: {}\r\nport_scan: {\r\n  'enable_http_crawl': true,\r\n  'timeout': 5,\r\n  # 'exclude_ports': [],\r\n  # 'exclude_subdomains': [],\r\n  'ports': ['top-100'],\r\n  'rate_limit': 150,\r\n  'threads': 30,\r\n  'passive': false,\r\n  # 'use_naabu_config': false,\r\n  # 'enable_nmap': true,\r\n  # 'nmap_cmd': '',\r\n  # 'nmap_script': '',\r\n  # 'nmap_script_args': ''\r\n}\r\nosint: {\r\n  'discover': [\r\n      'emails',\r\n      'metainfo',\r\n      'employees'\r\n    ],\r\n  'dorks': [\r\n    'login_pages',\r\n    'admin_panels',\r\n    'dashboard_pages',\r\n    'stackoverflow',\r\n    'social_media',\r\n    'project_management',\r\n    'code_sharing',\r\n    'config_files',\r\n    'jenkins',\r\n    'wordpress_files',\r\n    'php_error',\r\n    'exposed_documents',\r\n    'db_files',\r\n    'git_exposed'\r\n  ],\r\n  'intensity': 'normal',\r\n  'documents_limit': 50\r\n}\r\ndir_file_fuzz: {\r\n  'auto_calibration': true,\r\n  'enable_http_crawl': true,\r\n  'rate_limit': 150,\r\n  'extensions': [],\r\n  'follow_redirect': false,\r\n  'max_time': 0,\r\n  'match_http_status': [200, 204],\r\n  'recursive_level': 0,\r\n  'stop_on_error': false,\r\n  'timeout': 5,\r\n  'threads': 30,\r\n  'wordlist_name': 'default', # fuzz-Bo0oM\r\n}\r\nfetch_url: {\r\n  'uses_tools': ['gospider', 'hakrawler', 'waybackurls', 'katana', 'gau'],\r\n  'remove_duplicate_endpoints': true,\r\n  'duplicate_fields': ['content_length', 'page_title'],\r\n 'follow_redirect': false,\r\n 'enable_http_crawl': true,\r\n 'gf_patterns': ['debug_logic', 'idor', 'interestingEXT', 'interestingparams', 'interestingsubs', 'lfi', 'rce', 'redirect', 'sqli', 'ssrf', 'ssti', 'xss'],\r\n  'ignore_file_extensions': ['png', 'jpg', 'jpeg', 'gif', 'mp4', 'mpeg', 'mp3'],\r\n  'threads': 30\r\n}\r\nvulnerability_scan: {\r\n  'run_nuclei': true,\r\n  'run_dalfox': true,\r\n  'run_crlfuzz': true,\r\n  'enable_http_crawl': true,\r\n  'concurrency': 50,\r\n  'intensity': 'normal',\r\n  'rate_limit': 150,\r\n  'retries': 1,\r\n  'timeout': 5,\r\n  'fetch_gpt_report': true,\r\n  'nuclei': {\r\n    'use_nuclei_config': false,\r\n    'severities': ['unknown', 'info', 'low', 'medium', 'high', 'critical']\r\n  }\r\n}\r\nwaf_detection: {\r\n\r\n}\r\nscreenshot: {\r\n  'enable_http_crawl': true,\r\n  'intensity': 'normal',\r\n  'timeout': 10,\r\n  'threads': 40\r\n}\r\n\r\n# custom_header: \"Cookie: Test\"",
     "default_engine": true
   }
 },
@@ -58,7 +58,7 @@
   "pk": 7,
   "fields": {
     "engine_name": "Full (perso)",
-    "yaml_configuration": "# Global vars for all tools\r\n#\r\n# Custom header - FFUF, Nuclei, Dalfox, CRL Fuzz, HTTPx, Fetch URL (Hakrawler, Katana, Gospider)\r\n# custom_header: {\r\n#   'Cookie':'Test',\r\n#   'User-Agent': 'Mozilla/5.0',\r\n#   'Custom-Header': 'My custom header'\r\n# }\r\n# 'user_agent': ''                    # Dalfox only\r\n# 'enable_http_crawl': true           # All tools\r\n# 'timeout': 10                       # Subdomain discovery, Screenshot, Port scan, FFUF, Nuclei                       \r\n# 'threads': 30                       # All tools\r\n# 'rate_limit': 150                   # Port scan, FFUF, Nuclei\r\n# 'intensity': 'normal'               # Screenshot (grab only the root endpoints of each subdomain), Nuclei (reduce number of endpoints to scan), OSINT (not implemented yet)\r\n# 'retries': 1                        # Nuclei\r\n\r\nsubdomain_discovery: {\r\n  'uses_tools': ['subfinder', 'ctfr', 'sublist3r', 'tlsx', 'oneforall', 'netlas'],  # amass-passive, amass-active, All\r\n  'enable_http_crawl': true,\r\n  'threads': 30,\r\n  'timeout': 5,\r\n  # 'use_subfinder_config': false,\r\n  # 'use_amass_config': false,\r\n  # 'amass_wordlist': 'deepmagic.com-prefixes-top50000'\r\n}\r\nhttp_crawl: {\r\n  # 'custom_header': {\r\n  #   'Cookie':'Test',\r\n  #   'User-Agent': 'Mozilla/5.0'\r\n  # },\r\n  # 'threads': 30,\r\n  # 'follow_redirect': false\r\n}\r\nport_scan: {\r\n  'enable_http_crawl': true,\r\n  'timeout': 5,\r\n  # 'exclude_ports': [],\r\n  # 'exclude_subdomains': [],\r\n  'ports': ['top-100'],\r\n  'rate_limit': 150,\r\n  'threads': 30,\r\n  'passive': false,\r\n  # 'use_naabu_config': false,\r\n  # 'enable_nmap': true,\r\n  # 'nmap_cmd': '',\r\n  # 'nmap_script': '',\r\n  # 'nmap_script_args': ''\r\n}\r\nosint: {\r\n  'discover': [\r\n      'emails',\r\n      'metainfo',\r\n      'employees'\r\n    ],\r\n  'dorks': [\r\n    'login_pages',\r\n    'admin_panels',\r\n    'dashboard_pages',\r\n    'stackoverflow',\r\n    'social_media',\r\n    'project_management',\r\n    'code_sharing',\r\n    'config_files',\r\n    'jenkins',\r\n    'wordpress_files',\r\n    'php_error',\r\n    'exposed_documents',\r\n    'db_files',\r\n    'git_exposed'\r\n  ],\r\n  # 'custom_dorks': [],\r\n  'intensity': 'normal',\r\n  'documents_limit': 50\r\n}\r\ndir_file_fuzz: {\r\n  # 'custom_header': {\r\n  #   'Cookie':'Test',\r\n  #   'User-Agent': 'Mozilla/5.0',\r\n  #   'Custom-Header': 'My custom header'\r\n  # },\r\n  'auto_calibration': true,\r\n  'enable_http_crawl': true,\r\n  'rate_limit': 150,\r\n  'extensions': [],\r\n  'follow_redirect': false,\r\n  'max_time': 0,\r\n  'match_http_status': [200, 204],\r\n  'recursive_level': 0,\r\n  'stop_on_error': false,\r\n  'timeout': 5,\r\n  'threads': 30,\r\n  'wordlist_name': 'dicc',\r\n}\r\nfetch_url: {\r\n  # 'custom_header': {\r\n  #   'Cookie':'Test',\r\n  #   'User-Agent': 'Mozilla/5.0',\r\n  #   'Custom-Header': 'My custom header'\r\n  # },\r\n  'uses_tools': ['gospider', 'hakrawler', 'waybackurls', 'katana', 'gau'],\r\n  'remove_duplicate_endpoints': true,\r\n  'duplicate_fields': ['content_length', 'page_title'],\r\n  'follow_redirect': false,\r\n  'enable_http_crawl': true,\r\n  'gf_patterns': ['debug_logic', 'idor', 'interestingEXT', 'interestingparams', 'interestingsubs', 'lfi', 'rce', 'redirect', 'sqli', 'ssrf', 'ssti', 'xss'],\r\n  'ignore_file_extensions': ['png', 'jpg', 'jpeg', 'gif', 'mp4', 'mpeg', 'mp3'],\r\n  'threads': 30,\r\n  # 'exclude_subdomains': false\r\n}\r\nvulnerability_scan: {\r\n  # 'custom_header': {\r\n  #   'Cookie':'Test',\r\n  #   'User-Agent': 'Mozilla/5.0',\r\n  #   'Custom-Header': 'My custom header'\r\n  # },\r\n  'run_nuclei': true,\r\n  'run_dalfox': false,\r\n  'run_crlfuzz': false,\r\n  'run_s3scanner': false,\r\n  'enable_http_crawl': true,\r\n  'concurrency': 50,\r\n  'intensity': 'normal',\r\n  'rate_limit': 150,\r\n  'retries': 1,\r\n  'timeout': 5,\r\n  'fetch_gpt_report': true,\r\n  'nuclei': {\r\n    'use_nuclei_config': false,\r\n    'severities': ['unknown', 'info', 'low', 'medium', 'high', 'critical'],\r\n    # 'tags': [],                 # Nuclei tags (https://github.com/projectdiscovery/nuclei-templates)\r\n    # 'templates': [],            # Nuclei templates (https://github.com/projectdiscovery/nuclei-templates)\r\n    # 'custom_templates': []      # Nuclei custom templates uploaded in reNgine\r\n  }\r\n}\r\nwaf_detection: {\r\n  'enable_http_crawl': true\r\n}\r\nscreenshot: {\r\n  'enable_http_crawl': true,\r\n  'intensity': 'normal',\r\n  'timeout': 10,\r\n  'threads': 40\r\n}",
+    "yaml_configuration": "# Global vars for all tools\r\n#\r\n# Custom header - FFUF, Nuclei, Dalfox, CRL Fuzz, HTTPx, Fetch URL (Hakrawler, Katana, Gospider)\r\n# custom_header: {\r\n#   'Cookie':'Test',\r\n#   'User-Agent': 'Mozilla/5.0',\r\n#   'Custom-Header': 'My custom header'\r\n# }\r\n# 'user_agent': ''                    # Dalfox only\r\n# 'enable_http_crawl': true           # All tools\r\n# 'timeout': 10                       # Subdomain discovery, Screenshot, Port scan, FFUF, Nuclei                       \r\n# 'threads': 30                       # All tools\r\n# 'rate_limit': 150                   # Port scan, FFUF, Nuclei\r\n# 'intensity': 'normal'               # Screenshot (grab only the root endpoints of each subdomain), Nuclei (reduce number of endpoints to scan), OSINT (not implemented yet)\r\n# 'retries': 1                        # Nuclei\r\n\r\nsubdomain_discovery: {\r\n  'uses_tools': ['subfinder', 'ctfr', 'sublist3r', 'tlsx', 'oneforall', 'netlas'],  # amass-passive, amass-active, All\r\n  'enable_http_crawl': true,\r\n  'threads': 30,\r\n  'timeout': 5,\r\n  # 'use_subfinder_config': false,\r\n  # 'use_amass_config': false,\r\n  # 'amass_wordlist': 'deepmagic.com-prefixes-top50000'\r\n}\r\nhttp_crawl: {\r\n  # 'custom_header': {\r\n  #   'Cookie':'Test',\r\n  #   'User-Agent': 'Mozilla/5.0'\r\n  # },\r\n  # 'threads': 30,\r\n  # 'follow_redirect': false\r\n}\r\nport_scan: {\r\n  'enable_http_crawl': true,\r\n  'timeout': 5,\r\n  # 'exclude_ports': [],\r\n  # 'exclude_subdomains': [],\r\n  'ports': ['top-100'],\r\n  'rate_limit': 150,\r\n  'threads': 30,\r\n  'passive': false,\r\n  # 'use_naabu_config': false,\r\n  # 'enable_nmap': true,\r\n  # 'nmap_cmd': '',\r\n  # 'nmap_script': '',\r\n  # 'nmap_script_args': ''\r\n}\r\nosint: {\r\n  'discover': [\r\n      'emails',\r\n      'metainfo',\r\n      'employees'\r\n    ],\r\n  'dorks': [\r\n    'login_pages',\r\n    'admin_panels',\r\n    'dashboard_pages',\r\n    'stackoverflow',\r\n    'social_media',\r\n    'project_management',\r\n    'code_sharing',\r\n    'config_files',\r\n    'jenkins',\r\n    'wordpress_files',\r\n    'php_error',\r\n    'exposed_documents',\r\n    'db_files',\r\n    'git_exposed'\r\n  ],\r\n  # 'custom_dorks': [],\r\n  'intensity': 'normal',\r\n  'documents_limit': 50\r\n}\r\ndir_file_fuzz: {\r\n  # 'custom_header': {\r\n  #   'Cookie':'Test',\r\n  #   'User-Agent': 'Mozilla/5.0',\r\n  #   'Custom-Header': 'My custom header'\r\n  # },\r\n  'auto_calibration': true,\r\n  'enable_http_crawl': true,\r\n  'rate_limit': 150,\r\n  'extensions': [],\r\n  'follow_redirect': false,\r\n  'max_time': 0,\r\n  'match_http_status': [200, 204],\r\n  'recursive_level': 0,\r\n  'stop_on_error': false,\r\n  'timeout': 5,\r\n  'threads': 30,\r\n  'wordlist_name': 'default', # fuzz-Bo0oM,\r\n}\r\nfetch_url: {\r\n  # 'custom_header': {\r\n  #   'Cookie':'Test',\r\n  #   'User-Agent': 'Mozilla/5.0',\r\n  #   'Custom-Header': 'My custom header'\r\n  # },\r\n  'uses_tools': ['gospider', 'hakrawler', 'waybackurls', 'katana', 'gau'],\r\n  'remove_duplicate_endpoints': true,\r\n  'duplicate_fields': ['content_length', 'page_title'],\r\n  'follow_redirect': false,\r\n  'enable_http_crawl': true,\r\n  'gf_patterns': ['debug_logic', 'idor', 'interestingEXT', 'interestingparams', 'interestingsubs', 'lfi', 'rce', 'redirect', 'sqli', 'ssrf', 'ssti', 'xss'],\r\n  'ignore_file_extensions': ['png', 'jpg', 'jpeg', 'gif', 'mp4', 'mpeg', 'mp3'],\r\n  'threads': 30,\r\n  # 'exclude_subdomains': false\r\n}\r\nvulnerability_scan: {\r\n  # 'custom_header': {\r\n  #   'Cookie':'Test',\r\n  #   'User-Agent': 'Mozilla/5.0',\r\n  #   'Custom-Header': 'My custom header'\r\n  # },\r\n  'run_nuclei': true,\r\n  'run_dalfox': false,\r\n  'run_crlfuzz': false,\r\n  'run_s3scanner': false,\r\n  'enable_http_crawl': true,\r\n  'concurrency': 50,\r\n  'intensity': 'normal',\r\n  'rate_limit': 150,\r\n  'retries': 1,\r\n  'timeout': 5,\r\n  'fetch_gpt_report': true,\r\n  'nuclei': {\r\n    'use_nuclei_config': false,\r\n    'severities': ['unknown', 'info', 'low', 'medium', 'high', 'critical'],\r\n    # 'tags': [],                 # Nuclei tags (https://github.com/projectdiscovery/nuclei-templates)\r\n    # 'templates': [],            # Nuclei templates (https://github.com/projectdiscovery/nuclei-templates)\r\n    # 'custom_templates': []      # Nuclei custom templates uploaded in reNgine\r\n  }\r\n}\r\nwaf_detection: {\r\n  'enable_http_crawl': true\r\n}\r\nscreenshot: {\r\n  'enable_http_crawl': true,\r\n  'intensity': 'normal',\r\n  'timeout': 10,\r\n  'threads': 40\r\n}",
     "default_engine": false
   }
 },