Skip to content

Configuring

Jump to bottom
Chris Lane edited this page Oct 19, 2016 · 1 revision

Overview

novahot uses rc for config management under-the-hood.

To see an example ~/.novahotrc file, run:

novahot config

Note that ~/.novahotrc must contain only strict, valid JSON. This means that, among other constraints:

  • all property names must be double-quoted
  • comments are forbidden
  • trailing commas are forbidden

jq can be useful for diagnosing improperly formatted configs.

Configuration Values

What follows is an explanation of the configuration values.

global

global settings expose configuration for user preferences.

global.aliases

global.aliases provides a mechanism for implementing shell aliases in the shell mode.

global.colors

global.colors exposes text color values configuration. novahot internally uses chalk for colorization.

global.headers

global.headers is an object of headers that will be sent along with each POST to the trojan. While not commonly needed, this could potentially be useful if bypassing basic auth, or attaching "courtesy headers" while performing a penetration test.

global.downloadDir

global.downloadDir is the directory into which the download and view "virtual commands" will download files. This value may be overridden using the --download-dir option.

global.trojanDir

global.trojanDir may be specified to instruct novahot to recognize user-created trojans from a local directory. This value may be specified or everridden using the --trojan-dir option.

global.editors

Used by the edit virtual command. global.editors is a map of mime-types to editors that should be invoked when editing a file of the specified mime-type. The default editor will be used if no mime-type specific editors are specified.

NB: due to quirks in node's repl implementation, it appears to be impossible to open an editor in the same window in which the shell is running. Thus, CLI editors must be opened in a new window.

For example, this will not work:

// ...

{
  "editors": {
    "default": "vim"
  }
}

// ...

This, however, will work:

// ...

{
  "editors": {
    "default": "xterm vim"
  }
}

// ...

global.viewers

Identical to the above, but used by the view virtual command.

targets

targets is where trojan configs are specified on a per-target basis.

Mutiple targets may be added to the top-level targets property. Each target must have a name which must be referenced when opening a shell from the CLI.

For example, to open a shell on example.com (and load the example.com configs demonstrated in the example config file), run novahot shell example.com.

target.uri

target.uri denotes the URI at which the trojan file is reachable. This is the URL to which requests from the client will be POST-ed.

target.password

target.password denotes the trojan's control password. If this value is incorrect or unspecified, the trojans will (by default) spoof a 404when POSTed to.

target.mysql / target.psql / target.sqlite3

Optional database connection parameters. Alternatively, connection parameters can be specified as JSON when switching modes.

Clone this wiki locally