Initial commit

Co-Authored-By: Nellie Mullane <nellie@keygraph.io>

configs/example-config.yaml

@@ -0,0 +1,45 @@
+# Example configuration file for pentest-agent
+# Copy this file and modify it for your specific testing needs
+
+authentication:
+  login_type: form  # Options: 'form' or 'sso'
+  login_url: "https://example.com/login"
+  credentials:
+    username: "testuser"
+    password: "testpassword"
+    totp_secret: "JBSWY3DPEHPK3PXP"  # Optional TOTP secret for 2FA
+  
+  # Natural language instructions for login flow
+  login_flow:
+    - "Type $username into the email field"
+    - "Type $password into the password field"
+    - "Click the 'Sign In' button"
+    - "Enter $totp in the verification code field"
+    - "Click 'Verify'"
+  
+  success_condition:
+    type: url_contains  # Options: 'url_contains' or 'element_present'
+    value: "/dashboard"
+
+rules:
+  avoid:
+    - description: "Do not test the marketing site subdomain"
+      type: subdomain
+      url_path: "www"
+    
+    - description: "Skip logout functionality"
+      type: path
+      url_path: "/logout"
+    
+    - description: "No DELETE operations on user API"
+      type: path
+      url_path: "/api/v1/users/*"
+  
+  focus:
+    - description: "Prioritize beta admin panel subdomain"
+      type: subdomain
+      url_path: "beta-admin"
+    
+    - description: "Focus on user profile updates"
+      type: path
+      url_path: "/api/v2/user-profile"