Configuration Files

Any configuration option that can be set via the command line can also be specified in the bright section of your package.json or within a separate configuration file. A variety of configuration files can be used, as described in the following table. You can set your configurations in any of the files listed in the table or from the command line.

File NameFileType
.brightJSON
.bright.jsonJSON
.bright.yamlYAML
.bright.ymlYAML
bright.config.jsCommonJS export

Specify a path to a configuration file using the --config option. By default, the CLI tries to discover a configuration package.json file in the root directory of your application, or one of the other specified file names in the working directory.

Examples

Uploading a Postman collection

In some cases, you may want to upload a Postman collection that has many variables. In such cases, you can load variables from the configuration file, as shown in the following examples.

JSON Example

{
  "discard": true,
  "type": "postman",
  "header": ["authorization: api-key my-api-key"],
  "variable": ["base-api-url: https://example.com/"]
}

YAML example

---
discard: true
type: postman
header:
  - 'authorization: api-key my-api-key'
variable:
  - 'base-api-url: https://example.com/'
  - 'some-secret: my-magic-number'

The code above enables you to issue the following command in your terminal:

  bright-cli archive:upload
  -t 75ngxdf.nexp.6kd4e9a6xcb2mbdfvnw76hnsqpyrf7wf
  /home/ubuntu/collection.json

Crawler discovery

If you need to frequently scan multiple targets, you can specify them in a configuration file.

JSON Example

{
  "crawler": [
    "https://example.com",
    "https://nova.example.com",
    "https://pbs.example.com",
    "https://google.com"
  ],
  "name": "discovery-name",
  "token": "my-api-key"
}

YAML example

---
crawler:
  - https://example.com
  - https://nova.example.com
  - https://pbs.example.com
  - https://google.com
name: discovery-name
token: my-api-key

Predefined pool of tests

Bright CLI supports many different tests that can be executed. In some cases, it may be difficult to set them up using CLI options. In such cases, you can set them up using a configuration file.

JSON example

{
  "test": [
    "angular_csti",
    "jwt",
    "date_manipulation",
    "cookie_security",
    "csrf",
    "directory_listing",
    "dom_xss",
    "file_upload",
    "full_path_disclosure",
    "header_security",
    "http_method_fuzzing",
    "retire_js",
    "secret_tokens",
    "version_control_systems",
    "wordpress"
  ],
  "name": "scan-name",
  "token": "my-api-key"
}

YAML example

---
test:
- angular_csti
- jwt
- date_manipulation
- cookie_security
- csrf
- directory_listing
- dom_xss
- file_upload
- full_path_disclosure
- header_security
- http_method_fuzzing
- retire_js
- secret_tokens
- version_control_systems
- wordpress
name: scan-name
token: my-api-key

Predefined repeater settings

The following are examples of Repeater settings to be used with the CLI.

JSON Example

{
  "token": "my-jwt-authentication-token",
  "api": "https://app.brightsec.com",
  "cluster": "https://app.brightsec.com",
  "proxy": "proxy-address"
}

YAML example

---
token: my-jwt-authentication-token
api: https://app.brightsec.com
cluster: https://app.brightsec.com
proxy: proxy-address