fixing dashboard to ensure starts with forward slash, put back the server_header option to allow pinning

2026-01-03 13:56:16 -06:00
parent 349c149335
commit 4c490e30cb
3 changed files with 16 additions and 2 deletions
--- a/config.yaml
+++ b/config.yaml
@@ -5,6 +5,9 @@ server:
  delay: 100  # Response delay in milliseconds
  timezone: null  # e.g., "America/New_York" or null for system default

+  # manually set the server header, if null a random one will be used.
+  server_header: "Apache/2.2.22 (Ubuntu)" 
+
 links:
  min_length: 5
  max_length: 15
@@ -19,7 +22,7 @@ canary:

 dashboard:
  # if set to "null" this will Auto-generates random path if not set
-  # can be set to "dashboard" or similar
+  # can be set to "/dashboard" or similar <-- note this MUST include a forward slash
  secret_path: dashboard

 api:
--- a/src/config.py
+++ b/src/config.py
@@ -16,6 +16,7 @@ class Config:
    """Configuration class for the deception server"""
    port: int = 5000
    delay: int = 100  # milliseconds
+    server_header: str = ""
    links_length_range: Tuple[int, int] = (5, 15)
    links_per_page_range: Tuple[int, int] = (10, 15)
    char_space: str = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
@@ -27,6 +28,7 @@ class Config:
    api_server_port: int = 8080
    api_server_path: str = "/api/v2/users"
    probability_error_codes: int = 0  # Percentage (0-100)
+
    # Database settings
    database_path: str = "data/krawl.db"
    database_retention_days: int = 30
@@ -98,10 +100,15 @@ class Config:
        dashboard_path = dashboard.get('secret_path')
        if dashboard_path is None:
            dashboard_path = f'/{os.urandom(16).hex()}'
-
+        else:
+            # ensure the dashboard path starts with a /
+            if dashboard_path[:1] != "/":
+                dashboard_path = f"/{dashboard_path}"
+                
        return cls(
            port=server.get('port', 5000),
            delay=server.get('delay', 100),
+            server_header=server.get('server_header',""),
            timezone=server.get('timezone'),
            links_length_range=(
                links.get('min_length', 5),
--- a/src/generators.py
+++ b/src/generators.py
@@ -9,6 +9,7 @@ import string
 import json
 from templates import html_templates
 from wordlists import get_wordlists
+from config import get_config

 def random_username() -> str:
    """Generate random username"""
@@ -37,6 +38,9 @@ def random_email(username: str = None) -> str:

 def random_server_header() -> str:
    """Generate random server header from wordlists"""
+    config = get_config()
+    if config.server_header:
+        return config.server_header
    wl = get_wordlists()
    return random.choice(wl.server_headers)