| 1 | #!/bin/bash |
| 2 | # ============================================================================= |
| 3 | # PQC Proxy Pentest Suite โ Configuration |
| 4 | # |
| 5 | # This is the single source of truth for all target-specific values. |
| 6 | # Copy this file to config.local.sh for local overrides, or edit in place. |
| 7 | # |
| 8 | # Usage: |
| 9 | # ./run_all.sh # full run against targets below |
| 10 | # TARGET=https://myproxy.com API_TARGET=https://api.myproxy.com ./run_all.sh |
| 11 | # ============================================================================= |
| 12 | |
| 13 | # โโ Absolute path to the suite root (auto-detected, override if needed) โโโโโโ |
| 14 | SUITE_ROOT="${SUITE_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)}" |
| 15 | |
| 16 | # โโ Primary web target โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ |
| 17 | # The public-facing web application URL (no trailing slash) |
| 18 | TARGET="${TARGET:-https://pqcrypta.com}" |
| 19 | |
| 20 | # โโ API target โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ |
| 21 | # The REST API server URL (no trailing slash) |
| 22 | API_TARGET="${API_TARGET:-https://api.pqcrypta.com}" |
| 23 | |
| 24 | # โโ Bare hostnames (derived from targets, override if your setup differs) โโโโโ |
| 25 | TARGET_HOST="${TARGET_HOST:-$(echo "$TARGET" | sed 's|https\?://||;s|/.*||')}" |
| 26 | API_HOST="${API_HOST:-$(echo "$API_TARGET" | sed 's|https\?://||;s|/.*||')}" |
| 27 | |
| 28 | # Hostname escaped for use inside grep/sed regex (dots โ \.) |
| 29 | TARGET_HOST_ESCAPED="${TARGET_HOST//./\\.}" |
| 30 | |
| 31 | # โโ Internal service ports โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ |
| 32 | # Port the backend API process listens on (used in SSRF probes to detect SSRF) |
| 33 | INTERNAL_API_PORT="${INTERNAL_API_PORT:-3003}" |
| 34 | |
| 35 | # Port the proxy admin/metrics endpoint listens on |
| 36 | PROXY_ADMIN_PORT="${PROXY_ADMIN_PORT:-8082}" |
| 37 | |
| 38 | # QUIC / WebTransport port |
| 39 | QUIC_PORT="${QUIC_PORT:-4433}" |
| 40 | |
| 41 | # โโ Project / namespace identifiers โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ |
| 42 | # Short project name โ used for S3 bucket guessing, npm/crates.io probes |
| 43 | PROJECT_NAME="${PROJECT_NAME:-pqcrypta}" |
| 44 | |
| 45 | # GitHub org/repo for CI/CD checks (script 26) |
| 46 | GITHUB_REPO="${GITHUB_REPO:-PQCrypta/pqcrypta-proxy}" |
| 47 | |
| 48 | # โโ AI / chatbot endpoint โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ |
| 49 | # Full base URL for the chatbot/LLM endpoint (script 28) |
| 50 | CHAT_BASE="${CHAT_BASE:-${API_TARGET}/chatbot}" |
| 51 | |
| 52 | # โโ Brute-force credential list โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ |
| 53 | # Credential pairs tried in auth tests (script 15) format: 'user:password' |
| 54 | BRUTE_CREDS=( |
| 55 | "admin:admin" |
| 56 | "admin:password" |
| 57 | "admin:admin123" |
| 58 | "admin:${PROJECT_NAME}" |
| 59 | "root:root" |
| 60 | "admin:" |
| 61 | "administrator:administrator" |
| 62 | "test:test" |
| 63 | ) |
| 64 | |
| 65 | # โโ Browser user-agent โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ |
| 66 | BROWSER_UA='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36' |
| 67 | CURL_BROWSER="curl -sk -A '$BROWSER_UA'" |
| 68 | |
| 69 | # โโ Results output โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ |
| 70 | # Where run results are stored. Override with RESULTS=/your/path before running. |
| 71 | RESULTS="${RESULTS:-$SUITE_ROOT/results}" |
| 72 | |
| 73 | # Per-run output directory โ set once by run_all.sh; scripts create their own if unset |
| 74 | if [ -z "$OUT" ]; then |
| 75 | TIMESTAMP=$(date +%Y%m%d_%H%M%S) |
| 76 | OUT="$RESULTS/run_$TIMESTAMP" |
| 77 | mkdir -p "$OUT" |
| 78 | fi |
| 79 |
Script Viewer
Red Team Suite › config.sh