input: append-files: [] # Files, when found valid path, use append file new word with current path append-rules: [] # Files, when found valid path, use append rule generator new word with current path dictionaries: [] # Files, Multi,dict files, e.g.: -d 1.txt -d 2.txt filter-rule: "" # String, filter rule, e.g.: --rule-filter '>8 <4' rules: [] # Files, rule files, e.g.: -r rule1.txt -r rule2.txt word: "" # String, word generate dsl, e.g.: -w test{?ld#4} functions: extension: "" # String, add extensions (separated by commas), e.g.: -e jsp,jspx exclude-extension: "" # String, exclude extensions (separated by commas), e.g.: --exclude-extension jsp,jspx force-extension: false # Bool, force add extensions remove-extension: "" # String, remove extensions (separated by commas), e.g.: --remove-extension jsp,jspx prefix: [] # Strings, add prefix, e.g.: --prefix aaa --prefix bbb suffix: [] # Strings, add suffix, e.g.: --suffix aaa --suffix bbb upper: false # Bool, upper wordlist, e.g.: --uppercase lower: false # Bool, lower wordlist, e.g.: --lowercase replace: null # Strings, replace string, e.g.: --replace aaa:bbb --replace ccc:ddd skip: [ ] # String, skip word when generate. rule, e.g.: --skip aaa misc: mod: path # String, path/host spray client: auto # String, Client type thread: 20 # Int, number of threads per pool pool: 5 # Int, Pool size timeout: 5 # Int, timeout with request (seconds) deadline: 999999 # Int, deadline (seconds) proxy: "" # String, proxy address, e.g.: --proxy socks5://127.0.0.1:1080 quiet: false # Bool, Quiet debug: false # Bool, output debug info verbose: [] # Bool, log verbose level, default 0, level1: -v, level2 -vv no-bar: false # Bool, No progress bar no-color: false # Bool, no color mode: # status black-status: "400,410" # Strings (comma split), custom black status fuzzy-status: "500,501,502,503" # Strings (comma split), custom fuzzy status unique-status: "403,200,404" # Strings (comma split), custom unique status white-status: "200" # Strings (comma split), custom white status # check check-only: false # Bool, check only check-period: 200 # Int, check period when request error-period: 10 # Int, check period when error error-threshold: 20 # Int, break when the error exceeds the threshold # recursive recursive: current.IsDir() # String, custom recursive rule, e.g.: --recursive current.IsDir() depth: 0 # Int, recursive depth # crawl scope: [] # String, custom scope, e.g.: --scope *.example.com no-scope: false # Bool, no scope # other index: / # String, custom index path random: "" # String, custom random path unique: false # Bool, unique response distance: 5 # Int, simhash distance for unique response force: false # Bool, skip error break rate-limit: 0 # Int, request rate limit (rate/s), e.g.: --rate-limit 100 retry: 0 # Int, retry count output: output-file: "" # String, output filename auto-file: false # Bool, auto generator output and fuzzy filename dump: false # Bool, dump all request dump-file: "" # String, dump all request, and write to filename fuzzy: false # Bool, open fuzzy output fuzzy-file: "" # String, fuzzy output filename filter: "" # String, custom filter function, e.g.: --filter 'current.Body contains "hello"' match: "" # String, custom match function, e.g.: --match 'current.Status != 200'' format: "" # String, output format, e.g.: --format 1.json output_probe: "" # String, output probes plugins: all: false # Bool, enable all plugin bak: false # Bool, enable bak found common: false # Bool, enable common file found crawl: false # Bool, enable crawl crawl-depth: 3 # Int, crawl depth extract: [] # Strings, extract response, e.g.: --extract js --extract ip --extract version:(.*?) file-bak: false # Bool, enable valid result bak found, equal --append-rule rule/filebak.txt finger: false # Bool, enable active finger detect recon: false # Bool, enable recon request: cookies: [] # Strings, custom cookie headers: [] # Strings, custom headers, e.g.: --headers 'Auth: example_auth' max-body-length: 100 # Int, max response body length (kb), default 100k, e.g. -max-length 1000 useragent: "" # String, custom user-agent, e.g.: --user-agent Custom random-useragent: false # Bool, use random with default user-agent read-all: false # Bool, read all response body