panteracfg.xml

To configure Pantera you must edit and modify panteracfg.xml file with your editor of choice.

For a quick & first run you only have to set the login/pass for the mysql user if you plan to use the session mode. The rest of the options are left at your own preferences ;)

Parameters

• host: Pantera IP. You can leave it blank as Pantera will detect the IP.
• port: Pantera Port. By default 8080.
• force_auth: Pantera will do all the authenticacion process for you. You won't be asked by the browser to be authenticated on the target. (yes/no)
• force_proxy_auth: The same as before but with the Proxy instead, in case you are using one.
• ssl_proxy_host: SSL Proxy IP.
• ssl_proxy_port: SSL Proxy Port.
• proxy_host: Proxy IP.
• proxy_port: Proxy Port.
• listen_host: Listen host.
• target_domain: Allows to specify a domain target.
• name: Domain name.
• action: What to do when Pantera see this domain. If set to "yes" Pantera will pass it on the analysis engine, if set to "no" the domain will not reach the analysis engine. (yes/no)
• save: Pantera will save this domain into the database. By default if Action is "yes" the domain will be saved anyways. This allows you to set Action to "no" but save to "yes" so Pantera can save domain information. (yes/no)
• replace_user_agent: Replace Browser User Agent with Pantera User Agent. (yes/no)
• user_agent: User Agent to use.
• user: Usename for Authentication.
• password: Password for Authentication.
• domain: Domain for Authentication. (NTLM)
• proxy_user: Proxy Username for Authentication.
• proxy_password: Proxy Password for Authentication.
• proxy_domain: Proxy Domain for Authentication. (NTLM)
• verbose: Enable verbose mode. (yes/no)
• debug: Enable debug mode. (yes/no)
• refresh: Refresh Pantera pages. (yes/no)
• refresh_seconds: Time when Pantera pages will be refreshed.
• css_file: CSS file.
• reject_return_codes: Set those HTTP return codes you want to be discarded. Use ',' (comma) to separate the return codes. (Ex: 404,407)
• force_dont_save: Forces Pantera not to save pages defined by extension or Content-Type.
• dont_save_ext: Pages with extension that will not be analyzed but saved. Use ',' (comma) to separate the extentions. (Ex: css,png,gif,jpg)
• content_type: Pages with Content-Type that will not be analyzed but saved. (Ex: image/gif)
• string_404: Custom 404 error messages (patterns) to be detected and discarded.
• restrictedh: Restricted host.
• restrictedp: Restricted pages.
• db_login: Database Login.
• db_password: Database Password.
• db_host: Database Host
• db_name: Database Name. By default panteradb.
• analyzer_threads: Number of threads for the Passive Analyzer.
• Limit_links: Limit the number of links showed when using Project session mode
• Replace_url_response:If checked, this option converts relative urls to absolute urls in the pages served.