Configuration Overview

scan4all provides multiple ways to configure its behavior through configuration files, environment variables, and command-line parameters. This flexible configuration system allows you to customize everything from scan settings to dictionary paths.

Configuration Priority

scan4all uses the following priority order when loading configuration:

Environment Variables - Highest priority
Configuration File (config/config.json) - Default settings
Default Values - Built-in fallbacks

Environment variables always override settings in the configuration file. This allows for quick adjustments without modifying files.

Configuration File Location

The config.json file is searched in the following locations (in order):

./config/config.json
./config.json
$HOME/config/config.json
$HOME/.config/config.json
/etc/config.json

Main Configuration Areas

Scan Performance

Control the performance and resource usage of scans:

ScanPoolSize - Maximum concurrent scan threads (default: 5000)
Fuzzthreads - Number of fuzzing threads (default: 32)
esthread - Elasticsearch worker threads (default: 8)
hydrathread - Password brute-force threads (default: 64)

Scan Behavior

{
  "priorityNmap": true,
  "noScan": false,
  "UrlPrecise": true,
  "ParseSSl": true,
  "EnableSubfinder": false,
  "EnableHoneyportDetection": true,
  "enableNuclei": true,
  "CheckWeakPassword": true
}

Network Settings

LimitReader - Maximum response body size in bytes (default: 819200)
MaxErrorTimes - Maximum errors before stopping (default: 100)
OnClient - Enable client mode (default: true)

Integration Settings

enableEsSv - Enable Elasticsearch integration (default: true)
esUrl - Elasticsearch endpoint URL
CeyeDomain - Ceye domain for DNS callback detection
JndiAddress - JNDI server address for exploitation

Configuration Categories

Config File

Detailed reference for all config.json options

Custom Dictionaries

Configure custom wordlists for brute-force attacks

Elasticsearch

Set up result storage and indexing

Environment Variables

Override settings with environment variables

Quick Configuration Examples

Enable Verbose Output

export enableDevDebug=true
./scan4all -v -host example.com

Disable Port Scanning

noScan=true ./scan4all -l targets.txt

Use Custom Dictionary

Edit config/config.json:

{
  "ssh_username": "path/to/custom_users.txt",
  "ssh_pswd": "path/to/custom_passwords.txt"
}

Enable Subdomain Discovery

EnableSubfinder=true ./scan4all -host example.com

Enabling subdomain brute-forcing with EnableSubfinder can significantly increase scan time. Use this option carefully.

Cache Configuration

scan4all uses a local cache to improve performance:

CacheName - Cache directory name (default: .DbCache)
autoRmCache - Automatically remove cache on exit (default: true)

The cache is automatically cleared on Windows or when autoRmCache is enabled.

Next Steps

Review the complete configuration file reference
Learn about custom dictionary configuration
Set up Elasticsearch integration
Explore environment variables

Get Started

Core Features

Usage Guide

Configuration

POC & Detection

Configuration Overview

Configuration Priority

Configuration File Location

Main Configuration Areas

Scan Performance

Scan Behavior

Network Settings

Integration Settings

Configuration Categories

Config File

Custom Dictionaries

Elasticsearch

Environment Variables

Quick Configuration Examples

Enable Verbose Output

Disable Port Scanning

Use Custom Dictionary

Enable Subdomain Discovery

Cache Configuration

Next Steps

Build docs developers (and LLMs) love

Get Started

Core Features

Usage Guide

Configuration

POC & Detection

​Configuration Priority

​Configuration File Location

​Main Configuration Areas

​Scan Performance

​Scan Behavior

​Network Settings

​Integration Settings

​Configuration Categories

Config File

Custom Dictionaries

Elasticsearch

Environment Variables

​Quick Configuration Examples

​Enable Verbose Output

​Disable Port Scanning

​Use Custom Dictionary

​Enable Subdomain Discovery

​Cache Configuration

​Next Steps

Build docs developers (and LLMs) love

Configuration Priority

Configuration File Location

Main Configuration Areas

Scan Performance

Scan Behavior

Network Settings

Integration Settings

Configuration Categories

Quick Configuration Examples

Enable Verbose Output

Disable Port Scanning

Use Custom Dictionary

Enable Subdomain Discovery

Cache Configuration

Next Steps