Skip to content

Configuration

Jump to bottom
zan8in edited this page Feb 9, 2026 · 9 revisions

The first time you start afrog, it will automatically create a configuration file called afrog-config.yaml, which will be saved in the current user directory under $HOME/.config/afrog/afrog-config.yaml.

Configuration file

The first time you start afrog, it will automatically create a configuration file called afrog-config.yaml, which will be saved in the current user directory under $HOME/.config/afrog/afrog-config.yaml.

Here is an example config file:

reverse:
  ceye:
    api-key: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    domain: "xxxxxx.cey2e.io"
  dnslogcn:
    domain: dnslog.cn
  jndi: (Deprecated)
    jndi_address: ""
    ldap_port: ""
    api_port: ""
  eye: (Deprecated)
    host: ""
    token: ""
    domain: ""
  alphalog:
    domain: dnslogxx.sh
    api_url: "http://dnslogxx.sh/"
  xray:
    x_token: "xraytest"
    domain: dnslogxx.sh
    api_url: "http://x.x.0.x:8777"

reverse is a reverse connection platform used to verify command execution vulnerabilities that cannot be echoed back. Currently, only ceye can be used for verification.

Webhook Notifications

Afrog supports webhook notifications for:

  • Dingtalk custom bot
  • WeCom (WeChat Work) group bot webhook

Notes:

  • The config file is loaded from $HOME/.config/afrog/afrog-config.yaml by default (or via -config).
  • Webhook config alone does not send anything. You must enable it with CLI flags (-dingtalk / -wecom) during scanning.

Dingtalk

For Dingtalk webhook URL like: https://oapi.dingtalk.com/robot/send?access_token=xxxxxx set tokens to the access_token part (xxxxxx).

webhook:
  dingtalk:
    tokens:
      - "xxxxxx"
    at_mobiles: []
    at_all: false
    range: high,critical

Enable it:

afrog -t https://example.com -dingtalk

WeCom (WeChat Work)

For WeCom group bot webhook URL like: https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxxxxx set tokens to the key part (xxxxxx).

webhook:
  wecom:
    tokens:
      - "xxxxxx"
    at_mobiles: [] # takes effect only when markdown=false
    at_all: false
    range: high,critical
    markdown: true

Enable it:

afrog -t https://example.com -wecom

WeCom fields:

Field Meaning Default
tokens WeCom group bot webhook keys (multiple supported) empty
at_mobiles mobile numbers to mention (only when markdown=false) empty
at_all mention all members false
range severity filter, e.g. high,critical high,critical
markdown send markdown message true

Ceye Configuration

To obtain ceye, follow these steps:

  • Go to the ceye.io website and register an account.
  • Log in and go to the personal settings page.
  • Copy the domain and api-key and correctly configure them in the afrog-config.yaml file.

Dnslogcn

No configuration required, but unstable dnslog.cn

Alphalog

Need to build services alphalog

Xray

Need to build services xray

JNDI Configuration (Deprecated)

The JNDI vulnerability refers to security vulnerabilities that exploit the JNDI (Java Naming and Directory Interface) functionality in Java applications. This type of vulnerability can lead to remote code execution or other security issues.

To obtain JNDI, follow these steps:

  • To obtain the source code and compile the JAR file, please visit the official website github.com/r00tSe7en/JNDIMonitor. Alternatively, you can go to the official afrog website afrog/helper/jndi to download the pre-compiled JAR file
  • Upload the JNDIMonitor-2.0.1-SNAPSHOT.jar file to the server (such as a VPS server), and execute the following startup command:
java -jar ./JNDIMonitor-2.0.1-SNAPSHOT.jar -i 0.0.0.0 -l 1389 -p 3456

Below are example methods for writing POCs. Please click to view.

Clone this wiki locally