Main¶
The main configuration is defined in the [Dementor] section. This section is
responsible for enabling protocol servers and configuring additional protocols.
Each server can be enabled or disabled within the configuration file using
values that can be interpreted as booleans, such as true, false, 1,
"on", or "off". for more information on the Python side of this
configuration, refer to SessionConfig.
Section [Dementor]¶
- Dementor.Workspace: str = "~/.dementor/"¶
Maps to
config.SessionConfig.workspace_pathSpecifies the directory where the database is stored and where additional modules can be placed. By default, this path points to
~/.dementorin the user’s home directory. For guidance on how to include custom protocols, refer to Array Tables.
- Dementor.ExtraModules: list[str]¶
Maps to
config.SessionConfig.extra_modulesA list of directories containing custom protocol modules. For instructions on including additional protocols, see Example: POP3 Protocol Extension. The loading mechanism and its priorities are described in
ProtocolLoader.
Poisoners¶
The following options control servers that perform poisoning in the local network:
- Dementor.LLMNR: bool = true¶
Maps to
config.SessionConfig.llmnr_enbledEnables or disables LLMNR multicast poisoning. Valid values must be convertible to boolean types as described above. Protocol-specific configuration is available in Section: [LLMNR].
- Dementor.mDNS: bool = true¶
Maps to
config.SessionConfig.mdns_enbledEnables or disables mDNS multicast poisoning. For mDNS protocol configuration details, see Section: [mDNS].
- Dementor.NBTNS: bool = true¶
Maps to
config.SessionConfig.nbtns_enbledEnables or disables NetBIOS Name Service (NBT-NS) poisoning. For further configuration options, see Section [NetBIOS].
- Dementor.SSRP: bool = true¶
Maps to
config.SessionConfig.ssrp_enabledAdded in version 1.0.0.dev4.
Enables or disables the SSRP (MSSQL Browser) poisoner. For more details, refer to Section [SSRP].
Services¶
The following settings apply to protocol-specific servers that do not perform active attacks, but instead passively capture credentials:
- Dementor.SMTP: bool = true¶
- Dementor.SMB: bool = true¶
- Dementor.NBTDS: bool = true¶
- Dementor.FTP: bool = true¶
- Dementor.KDC: bool = true¶
- Dementor.LDAP: bool = true¶
- Dementor.QUIC: bool = true¶
Maps to
config.SessionConfig.XXX_enbled(lowercase)Enables or disables the specified protocol service. For details on each protocol, refer to the respective documentation section. (Note:
KDCcorresponds to the Kerberos service).
- Dementor.HTTP: bool = true¶
Maps to
config.SessionConfig.http_enbledAdded in version 1.0.0.dev1.
Enables or disables configured HTTP servers. For more details, refer to HTTP.
- Dementor.RPC: bool = true¶
Maps to
config.SessionConfig.rpc_enabledAdded in version 1.0.0.dev2.
Changed in version 1.0.0.dev10: Modified naming scheme from
msrpctorcp(Python side only)Enables or disables the DCE/RPC service. For more details, refer to DCE/RPC.
- Dementor.WinRM: bool = true¶
Maps to
config.SessionConfig.winrm_enabledAdded in version 1.0.0.dev3.
Enables or disables the WinRM service. For more details, refer to WinRM. Configuration is the same as described in HTTP.
- Dementor.MSSQL: bool = true¶
Maps to
config.SessionConfig.mssql_enabledAdded in version 1.0.0.dev4.
Enables or disables the MSSQL service. For more details, refer to MSSQL.
- Dementor.POP3: bool = true¶
- Dementor.IMAP: bool = true¶
Maps to
config.SessionConfig.xxx_enabledAdded in version 1.0.0.dev5.
Enables or disables the OPO3/IMAP service. For more details, refer to POP3 or IMAP.
- Dementor.MySQL: bool = true¶
Maps to
config.SessionConfig.mysql_enabledAdded in version 1.0.0.dev7.
Enables or disables the MSSQL service. For more details, refer to MySQL.
- Dementor.X11: bool = true¶
Maps to
config.SessionConfig.x11_enabledAdded in version 1.0.0.dev9.
Enables or disables X11 servers based on the configured port range. For more details, refer to X11.
- Dementor.IPP: bool = true¶
Maps to
config.SessionConfig.ipp_enabledAdded in version 1.0.0.dev10.
Enables or disables the IPP service. For more details, refer to IPP / CUPS.