-
Notifications
You must be signed in to change notification settings - Fork 28
Expand file tree
/
Copy pathnray-conf.yaml
More file actions
116 lines (101 loc) · 4.27 KB
/
nray-conf.yaml
File metadata and controls
116 lines (101 loc) · 4.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
## Full documentation and further information can be found at https://nray-scanner.org
## Nray's advanced scanning is supposed to be configured solely via this configuration file
## Each directive is documented. It is probably best to start with the default configuration
## and tweak it to fit your use case.
## Note: Changing values with "internal" in the name / hierarchy may break nray in brutal
## and/or subtile ways because you are changing *internals*. You have been warned.
# IMPORTANT NOTE ON BLACKLISTS:
# This affects only target generation on the server. DNS resolution
# happens on the scannernode. This means that if example.local is at
# 10.0.0.10 and example.local is on the blacklist, the IP will
# still get scanned if it is in the target list. Of course, this
# affects also a blacklisted IP which is going to be scanned
# if a DNS entry not on the blacklist is pointing to it
# Enables Debug output
#debug: false
# Specifies on which port to listen for connections by scanner nodes
# Having multiple ports listening is fine
# This setting is only allowed for advanced scans
listen: [8601]
# Specify the hostname/address to listen on. 0.0.0.0 listens on all
# interfaces, 127.0.0.1 binds to the loopback interface.
host: "127.0.0.1"
# Enable TLS between server and nodes
#TLS:
# enabled: false
# CA: "/path/to/ca.pem"
# cert: "/path/to/servercert.pem"
# key: "/path/to/servercert-key.pem"
# forceClientAuth: false
# The interval that status information is printed to stdout
#statusPrintInterval: 15s
# Pools defines how many worker pools are available and therefore
# how often a target is scanned by different scanners
#pools: 1
# Set considerClientPoolPreference to true if clients should be able
# to request to be placed in a pool specified by them. If the pool
# doesn't exist, the server will fall back to assign pools with
# fewest nodes.
#considerClientPoolPreference: true
# This randomizes the nodeID, allowing to run multiple nodes on the same
# machine or in scenarios where no unique ID can be generated from the
# environment, for example container environments like Kubernetes
#allowMultipleNodesPerHost: false
#internal:
# # Seconds until a node that has not sent any heart beat expires
# nodeExpiryTime: 30
# # This setting affects the interval in seconds of expiry checks
# nodeExpiryCheckInterval: 10
# All targetgenerators are configured here
targetgenerator:
bufferSize: 5
# The default target generator
standard:
enabled: true
targets: ["192.168.178.1/28"]
#targetFile: "./targets.txt"
tcpports: ["top25"]
udpports: ["top25"]
blacklist: []
#blacklistFile: "./blacklist.txt"
maxHostsPerBatch: 150
maxTcpPortsPerBatch: 25
maxUdpPortsPerBatch: 25
# Configuration of scanners goes here
scannerconfig:
workers: 900
# ratelimit defines how many workers call the scan() function per second.
# Having a rate limit allows us to utilize most ressources by having lots
# of workers that may wait for network IO/timeouts whereas in case of a
# burst (e.g. start of a scan) the rate limit blocks all workers from
# starting their job at once
# Expects a number or 'none' (lowercase!) if no limit should be applied.
#ratelimit: "none"
# tcp port scanner
tcp:
# Connect timeout in milliseconds
timeout: 1000ms
udp:
# Fast sends only probes for known protocols
fast: false
# Default payload. This is sent when the scanner is not aware of the protocol. See documentation
# for a complete list of protocols supported by the scanner
defaultHexPayload: "\x6e\x72\x61\x79"
# You may define/overwrite port:payloads at your wish. For encoding arbitrary data, see https://golang.org/ref/spec#Rune_literals
#customHexPayloads:
# "19": "A" # chargen. "A" is the same as "\x41" (hex) or "\101" (oct)
# Timeout to wait for a response
timeout: 1000ms
# Everything in the event node controls if and how data is written
events:
terminal:
internal:
channelsize: 1000
json-file:
filename: "nray-output.json"
# If set to false, overwriteExisting will prevent nray to overwrite
# any existing output file.
overwriteExisting: false
internal: # Don't touch these unless you know what you do
channelsize: 10000 # Internal event buffer
synctimer: 10s # flush interval