-
Notifications
You must be signed in to change notification settings - Fork 72
Configuration
On first run, Armory creates the folder $HOME/.armory
. Armory makes use of .ini
files located in the config folder for setting default options for various commands, as well as configuring Armory itself.
PROTIP: The armory config home can be changed by setting the environment variable ARMORY_HOME
to the folder you'd like to use. You can also set ARMORY_CONFIG
to the base config filename you want (settings.ini by default).
The file settings.ini
contains the base configuration for Armory. For convenience, a basic settings.ini
is included. The contents are as follows:
[PROJECT]
# This is the base path of the project. All generated data as well
# as the database will be stored in here. Ideally, you change this
# path with each new project.
base_path = .
# This is the path for custom reports and modules that aren't
# necessarily synced up with git. This is for stuff that doesn't
# really make sense for anyone else to use except you (or your
# company)
# custom_reports = /opt/custom/reports
# custom_modules = /opt/custom/modules
[DATABASE]
# sqlite3 and mysql supported so far
backend = sqlite3
# Used for sqlite3 - name of file
filename = armory.database.sqlite3
# Used for MySQL
# username = user
# password = password
# host = 127.0.0.1
# port = 3306
# database = armory
The [PROJECT] section contains specific settings for various projects. It is recommended to use a unique base_path
for each assessment you are doing. By default all output is stored under the base_path. This allows you to keep all of the data of the assessment in one place.
The [DATABASE] section has options for configuring the database. At this time, Armory has only been tested with sqlite3 and mysql. Since the backend is SQLAlchemy other databases should work, other ORMs would probably work with a little bit of configuration.
Any module can have configuration options specified in <module_name>.ini
. The basic format of the file is:
[ModuleOptions]
<argument> = <value>
<argument> = <value>
When a config folder is created, sample config files are generated for all of the modules. When processing module arguments, Armory will first read in arguments from the configuration file, then override it with any options explicitly passed on the command line/interactive mode. This can be useful for hardcoding commonly used settings, such as binary paths.
For example, we can create a sample configuration for the "Tko-subs" module. Create Tko-subs.ini
with the following (change the path to match your own):
[ModuleSettings]
binary = /home/user/src/tko-subs/tko-subs
Now you no longer need to supply the binary path on the command line. Another very useful settings are the profile definitions that many of the tool modules support. These allow you to configure preset configurations for extra arguments that will be passed to the tool. For example, suppose you have multiple nmap profiles you would use, depending on the stage of the scanning you are on. You could set up a configure file like follows:
Nmap.ini
[ModuleSettings]
profile1_data = "-T4 --scripts=ssl-cert,http-headers,http-methods,http-auth,http-title,http-robots.txt,banner -p21,22,23,25,80,110,443,467,587,8000,8080,8081,8082,8443,8008,1099,5005,9080,8880,8887,7001,7002,16200 -sS --open"
profile2_data = "-sV --open"
profile3_data = "-sV -p0-65535"
With this, you'd be able to add the various options by passing Armory the --profile1
, --profile2
, or --profile3
arguments.