Malin/krawl.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First commit

Browse Source
This commit is contained in:
BlessedRebuS
2025-12-14 19:08:01 +01:00
parent 5e46841858
commit 076b2de584
43 changed files with 3410 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
helm/.helmignore Normal file
View File

@@ -0,0 +1 @@
.helmignore

15
helm/Chart.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v2
name: krawl-chart
description: A Helm chart for Krawl honeypot server
type: application
version: 0.1.2
appVersion: "1.0.0"
keywords:
- honeypot
- security
- krawl
maintainers:
- name: blessedrebus
home: https://github.com/blessedrebus/krawl
sources:
- https://github.com/blessedrebus/krawl

60
helm/NOTES.txt Normal file
View File

@@ -0,0 +1,60 @@
▄▄▄ ▄▄▄ ▄▄▄▄▄▄▄ ▄▄▄▄ ▄▄▄▄ ▄▄▄ ▄▄▄▄ ▄▄▄
███ ▄███▀ ███▀▀███▄ ▄██▀▀██▄ ▀███ ███ ███▀ ███
███████ ███▄▄███▀ ███ ███ ███ ███ ███ ███
███▀███▄ ███▀▀██▄ ███▀▀███ ███▄▄███▄▄███ ███
███ ▀███ ███ ▀███ ███ ███ ▀████▀████▀ ████████
|
|
|
|
|
|| ||
\\(_)//
//(___)\\
|| ||
WARNING: This is a krawl/honeypot service. Monitor access logs for security events.
For more information, visit: https://github.com/blessedrebus/krawl
Your krawl honeypot server has been deployed successfully.
{{- if .Values.service.type }}
Service Type: {{ .Values.service.type }}
{{- if eq .Values.service.type "LoadBalancer" }}
To get the LoadBalancer IP address, run:
kubectl get svc {{ include "krawl.fullname" . }} -n {{ .Release.Namespace }}
Once the EXTERNAL-IP is assigned, access your krawl server at:
http://<EXTERNAL-IP>:{{ .Values.service.port }}
{{- else if eq .Values.service.type "NodePort" }}
To get the NodePort, run:
export NODE_PORT=$(kubectl get svc {{ include "krawl.fullname" . }} -n {{ .Release.Namespace }} -o jsonpath='{.spec.ports[0].nodePort}')
export NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}')
echo "Access at: http://$NODE_IP:$NODE_PORT"
{{- else if eq .Values.service.type "ClusterIP" }}
To access the service from your local machine:
kubectl port-forward svc/{{ include "krawl.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} -n {{ .Release.Namespace }}
Then access at: http://localhost:{{ .Values.service.port }}
{{- end }}
{{- end }}
Dashboard Access:
To retrieve the dashboard path, run:
kubectl get secret {{ include "krawl.fullname" . }} -n {{ .Release.Namespace }} -o jsonpath='{.data.dashboard-path}' | base64 -d && echo
Then access the dashboard at:
http://<EXTERNAL-IP>:{{ .Values.service.port }}/<dashboard-path>
{{- if .Values.ingress.enabled }}
Ingress is ENABLED. Your service will be available at:
{{- range .Values.ingress.hosts }}
- http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .host }}
{{- end }}
{{- end }}

60
helm/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,60 @@
▄▄▄ ▄▄▄ ▄▄▄▄▄▄▄ ▄▄▄▄ ▄▄▄▄ ▄▄▄ ▄▄▄▄ ▄▄▄
███ ▄███▀ ███▀▀███▄ ▄██▀▀██▄ ▀███ ███ ███▀ ███
███████ ███▄▄███▀ ███ ███ ███ ███ ███ ███
███▀███▄ ███▀▀██▄ ███▀▀███ ███▄▄███▄▄███ ███
███ ▀███ ███ ▀███ ███ ███ ▀████▀████▀ ████████
|
|
|
|
|
|| ||
\\(_)//
//(___)\\
|| ||
WARNING: This is a deception/honeypot service. Monitor access logs for security events.
For more information, visit: https://github.com/blessedrebus/deception
Your deception honeypot server has been deployed successfully.
{{- if .Values.service.type }}
Service Type: {{ .Values.service.type }}
{{- if eq .Values.service.type "LoadBalancer" }}
To get the LoadBalancer IP address, run:
kubectl get svc {{ include "krawl.fullname" . }} -n {{ .Release.Namespace }}
Once the EXTERNAL-IP is assigned, access your deception server at:
http://<EXTERNAL-IP>:{{ .Values.service.port }}
{{- else if eq .Values.service.type "NodePort" }}
To get the NodePort, run:
export NODE_PORT=$(kubectl get svc {{ include "krawl.fullname" . }} -n {{ .Release.Namespace }} -o jsonpath='{.spec.ports[0].nodePort}')
export NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}')
echo "Access at: http://$NODE_IP:$NODE_PORT"
{{- else if eq .Values.service.type "ClusterIP" }}
To access the service from your local machine:
kubectl port-forward svc/{{ include "krawl.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} -n {{ .Release.Namespace }}
Then access at: http://localhost:{{ .Values.service.port }}
{{- end }}
{{- end }}
Dashboard Access:
To retrieve the dashboard path, run:
kubectl get secret {{ include "krawl.fullname" . }} -n {{ .Release.Namespace }} -o jsonpath='{.data.dashboard-path}' | base64 -d && echo
Then access the dashboard at:
http://<EXTERNAL-IP>:{{ .Values.service.port }}/<dashboard-path>
{{- if .Values.ingress.enabled }}
Ingress is ENABLED. Your service will be available at:
{{- range .Values.ingress.hosts }}
- http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .host }}
{{- end }}
{{- end }}

60
helm/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,60 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "krawl.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
*/}}
{{- define "krawl.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "krawl.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "krawl.labels" -}}
helm.sh/chart: {{ include "krawl.chart" . }}
{{ include "krawl.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "krawl.selectorLabels" -}}
app.kubernetes.io/name: {{ include "krawl.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "krawl.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "krawl.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

17
helm/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "krawl.fullname" . }}-config
labels:
{{- include "krawl.labels" . | nindent 4 }}
data:
PORT: {{ .Values.config.port | quote }}
DELAY: {{ .Values.config.delay | quote }}
LINKS_MIN_LENGTH: {{ .Values.config.linksMinLength | quote }}
LINKS_MAX_LENGTH: {{ .Values.config.linksMaxLength | quote }}
LINKS_MIN_PER_PAGE: {{ .Values.config.linksMinPerPage | quote }}
LINKS_MAX_PER_PAGE: {{ .Values.config.linksMaxPerPage | quote }}
MAX_COUNTER: {{ .Values.config.maxCounter | quote }}
CANARY_TOKEN_TRIES: {{ .Values.config.canaryTokenTries | quote }}
PROBABILITY_ERROR_CODES: {{ .Values.config.probabilityErrorCodes | quote }}
CANARY_TOKEN_URL: {{ .Values.config.canaryTokenUrl | quote }}

84
helm/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,84 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "krawl.fullname" . }}
labels:
{{- include "krawl.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "krawl.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "krawl.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.config.port }}
protocol: TCP
envFrom:
- configMapRef:
name: {{ include "krawl.fullname" . }}-config
env:
- name: DASHBOARD_SECRET_PATH
valueFrom:
secretKeyRef:
name: {{ include "krawl.fullname" . }}
key: dashboard-path
volumeMounts:
- name: wordlists
mountPath: /app/wordlists.json
subPath: wordlists.json
readOnly: true
{{- with .Values.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumes:
- name: wordlists
configMap:
name: {{ include "krawl.fullname" . }}-wordlists
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

32
helm/templates/hpa.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "krawl.fullname" . }}
labels:
{{- include "krawl.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "krawl.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

42
helm/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "krawl.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "krawl.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.className }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: {{ .pathType }}
backend:
service:
name: {{ include "krawl.fullname" $ }}
port:
number: {{ $.Values.service.port }}
{{- end }}
{{- end }}
{{- end }}

24
helm/templates/network-policy.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if .Values.networkPolicy.enabled -}}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "krawl.fullname" . }}
labels:
{{- include "krawl.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "krawl.selectorLabels" . | nindent 6 }}
{{- with .Values.networkPolicy.policyTypes }}
policyTypes:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.networkPolicy.ingress }}
ingress:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.networkPolicy.egress }}
egress:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

16
helm/templates/secret.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "krawl.fullname" .)) -}}
{{- $dashboardPath := "" -}}
{{- if and $secret $secret.data -}}
{{- $dashboardPath = index $secret.data "dashboard-path" | b64dec -}}
{{- else -}}
{{- $dashboardPath = printf "/%s" (randAlphaNum 32) -}}
{{- end -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "krawl.fullname" . }}
labels:
{{- include "krawl.labels" . | nindent 4 }}
type: Opaque
stringData:
dashboard-path: {{ $dashboardPath | quote }}

26
helm/templates/service.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "krawl.fullname" . }}
labels:
{{- include "krawl.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if .Values.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
{{- end }}
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "krawl.selectorLabels" . | nindent 4 }}

9
helm/templates/wordlists-configmap.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "krawl.fullname" . }}-wordlists
labels:
{{- include "krawl.labels" . | nindent 4 }}
data:
wordlists.json: |
{{- .Values.wordlists | toJson | nindent 4 }}

295
helm/values.yaml Normal file
View File

@@ -0,0 +1,295 @@
replicaCount: 1
image:
repository: ghcr.io/blessedrebus/krawl
pullPolicy: Always
tag: "latest"
imagePullSecrets: []
nameOverride: "krawl"
fullnameOverride: ""
serviceAccount:
create: false
annotations: {}
name: ""
podAnnotations: {}
podSecurityContext: {}
securityContext: {}
service:
type: LoadBalancer
port: 5000
annotations: {}
# Preserve source IP when using LoadBalancer
externalTrafficPolicy: Local
ingress:
enabled: true
className: "nginx"
annotations: {}
hosts:
- host: krawl.example.com
paths:
- path: /
pathType: Prefix
tls: []
# - secretName: krawl-tls
# hosts:
# - krawl.example.com
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 100m
memory: 64Mi
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 70
targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
# Application configuration
config:
port: 5000
delay: 100
linksMinLength: 5
linksMaxLength: 15
linksMinPerPage: 10
linksMaxPerPage: 15
maxCounter: 10
canaryTokenTries: 10
probabilityErrorCodes: 0
# canaryTokenUrl: set-your-canary-token-url-here
networkPolicy:
enabled: true
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector: {}
- namespaceSelector: {}
- ipBlock:
cidr: 0.0.0.0/0
ports:
- protocol: TCP
port: 5000
egress:
- to:
- namespaceSelector: {}
- ipBlock:
cidr: 0.0.0.0/0
ports:
- protocol: TCP
- protocol: UDP
# Wordlists configuration
wordlists:
usernames:
prefixes:
- admin
- user
- developer
- root
- system
- db
- api
- service
- deploy
- test
- prod
- backup
- monitor
- jenkins
- webapp
suffixes:
- ""
- "_prod"
- "_dev"
- "_test"
- "123"
- "2024"
- "_backup"
- "_admin"
- "01"
- "02"
- "_user"
- "_service"
- "_api"
passwords:
prefixes:
- P@ssw0rd
- Passw0rd
- Admin
- Secret
- Welcome
- System
- Database
- Secure
- Master
- Root
simple:
- test
- demo
- temp
- change
- password
- admin
- letmein
- welcome
- default
- sample
emails:
domains:
- example.com
- company.com
- localhost.com
- test.com
- domain.com
- corporate.com
- internal.net
- enterprise.com
- business.org
api_keys:
prefixes:
- sk_live_
- sk_test_
- api_
- key_
- token_
- access_
- secret_
- prod_
- ""
databases:
names:
- production
- prod_db
- main_db
- app_database
- users_db
- customer_data
- analytics
- staging_db
- dev_database
- wordpress
- ecommerce
- crm_db
- inventory
hosts:
- localhost
- db.internal
- mysql.local
- postgres.internal
- 127.0.0.1
- db-server-01
- database.prod
- sql.company.com
applications:
names:
- WebApp
- API Gateway
- Dashboard
- Admin Panel
- CMS
- Portal
- Manager
- Console
- Control Panel
- Backend
users:
roles:
- Administrator
- Developer
- Manager
- User
- Guest
- Moderator
- Editor
- Viewer
- Analyst
- Support
directory_listing:
files:
- admin.txt
- test.exe
- backup.sql
- database.sql
- db_backup.sql
- dump.sql
- config.php
- credentials.txt
- passwords.txt
- users.csv
- .env
- id_rsa
- id_rsa.pub
- private_key.pem
- api_keys.json
- secrets.yaml
- admin_notes.txt
- settings.ini
- database.yml
- wp-config.php
- .htaccess
- server.key
- cert.pem
- shadow.bak
- passwd.old
directories:
- uploads/
- backups/
- logs/
- temp/
- cache/
- private/
- config/
- admin/
- database/
- backup/
- old/
- archive/
- .git/
- keys/
- credentials/
error_codes:
- 400
- 401
- 403
- 404
- 500
- 502
- 503