-
Notifications
You must be signed in to change notification settings - Fork 238
Expand file tree
/
Copy path.env.example
More file actions
executable file
·151 lines (118 loc) · 5.56 KB
/
.env.example
File metadata and controls
executable file
·151 lines (118 loc) · 5.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# NeuroSploit v3 Environment Variables
# =====================================
# Copy this file to .env and configure your API keys
#
# IMPORTANT: You MUST set at least one LLM API key for the AI agent to work!
#
# =============================================================================
# LLM API Keys (REQUIRED - at least one must be set)
# =============================================================================
# Get your Claude API key at: https://console.anthropic.com/
ANTHROPIC_API_KEY=
# OpenAI: https://platform.openai.com/api-keys
OPENAI_API_KEY=
# Google Gemini: https://aistudio.google.com/app/apikey
GEMINI_API_KEY=
# OpenRouter (multi-model): https://openrouter.ai/keys
OPENROUTER_API_KEY=
# Together AI: https://api.together.xyz/settings/api-keys
TOGETHER_API_KEY=
# Fireworks AI: https://fireworks.ai/account/api-keys
FIREWORKS_API_KEY=
# =============================================================================
# Local LLM (optional - no API key needed)
# =============================================================================
# Ollama: https://ollama.ai
#OLLAMA_BASE_URL=http://localhost:11434
# LM Studio: https://lmstudio.ai
#LMSTUDIO_BASE_URL=http://localhost:1234
# =============================================================================
# LLM Configuration
# =============================================================================
# Max output tokens (up to 64000 for Claude). Comment out for profile defaults.
#MAX_OUTPUT_TOKENS=64000
# Select specific model name (e.g., claude-sonnet-4-20250514, gpt-4o, llama3.2, qwen2.5)
# Leave empty for provider default
#DEFAULT_LLM_MODEL=
# Enable task-type model routing (routes to different LLM profiles per task)
ENABLE_MODEL_ROUTING=false
# =============================================================================
# Feature Flags
# =============================================================================
# Bug bounty dataset cognitive augmentation
ENABLE_KNOWLEDGE_AUGMENTATION=false
# Playwright browser-based validation + screenshot capture
ENABLE_BROWSER_VALIDATION=false
# =============================================================================
# Agent Autonomy (Phase 1-5 modules)
# =============================================================================
# Token budget per scan (limits total LLM tokens). Comment out for unlimited.
#TOKEN_BUDGET=100000
# Enable AI reasoning engine (think/plan/reflect at checkpoints)
ENABLE_REASONING=true
# Enable CVE/exploit search (NVD API + GitHub)
ENABLE_CVE_HUNT=true
# NVD API key for higher rate limits: https://nvd.nist.gov/developers/request-an-api-key
#NVD_API_KEY=
# GitHub token for exploit search (optional, increases rate limit)
#GITHUB_TOKEN=
# Enable multi-agent orchestration (replaces default 3-stream architecture)
# WARNING: Experimental - uses specialist agents instead of parallel streams
ENABLE_MULTI_AGENT=false
# Enable AI Researcher agent (0-day discovery with Kali sandbox)
# Requires enable_kali_sandbox=true per scan (frontend checkbox)
ENABLE_RESEARCHER_AI=true
# CLI Agent (AI CLI tools inside Kali sandbox)
# Runs Claude Code / Gemini CLI / Codex CLI inside Kali container as pentest engine
#ENABLE_CLI_AGENT=true
#CLI_AGENT_MAX_RUNTIME=1800
#CLI_AGENT_DEFAULT_PROVIDER=claude_code
# Kali sandbox Docker image name
#KALI_SANDBOX_IMAGE=neurosploit-kali:latest
# =============================================================================
# Smart Router (OAuth + API provider routing)
# =============================================================================
# Enable Smart Router for automatic provider failover and CLI OAuth token reuse
#ENABLE_SMART_ROUTER=true
# =============================================================================
# RAG System (Retrieval-Augmented Generation)
# =============================================================================
# Enable RAG for semantic search over vuln knowledge, bug bounty data, etc.
ENABLE_RAG=true
# RAG backend: auto (best available), chromadb, tfidf, bm25
RAG_BACKEND=auto
# =============================================================================
# Methodology File (deep injection into agent prompts)
# =============================================================================
# Path to .md methodology file (FASE-based pentest methodology)
#METHODOLOGY_FILE=/opt/Prompts-PenTest/pentestcompleto_en.md
# =============================================================================
# Vuln Type Agents (per-vuln parallel orchestration)
# =============================================================================
# Enable parallel per-vuln-type specialist agents
ENABLE_VULN_AGENTS=false
# =============================================================================
# Notifications (multi-channel scan alerts)
# =============================================================================
#ENABLE_NOTIFICATIONS=false
#NOTIFICATION_SEVERITY_FILTER=critical,high
# Discord webhook for scan alerts
#DISCORD_WEBHOOK_URL=
# Telegram bot alerts
#TELEGRAM_BOT_TOKEN=
#TELEGRAM_CHAT_ID=
# WhatsApp/Twilio alerts
#TWILIO_ACCOUNT_SID=
#TWILIO_AUTH_TOKEN=
#TWILIO_FROM_NUMBER=
#TWILIO_TO_NUMBER=
# =============================================================================
# Database (default is SQLite - no config needed)
# =============================================================================
DATABASE_URL=sqlite+aiosqlite:///./data/neurosploit.db
# =============================================================================
# Server Configuration
# =============================================================================
HOST=0.0.0.0
PORT=8000
DEBUG=false