Updated README.md

2025-12-15 14:07:11 +01:00
parent 076b2de584
commit 5f4d22199d
12 changed files with 33 additions and 63 deletions
--- a/README.md
+++ b/README.md
@@ -180,6 +180,34 @@ Disallow: /.git/
 Disallow: /backup.sql
 Disallow: /db_backup.sql
 ```
+
+## Honeypot pages
+Requests to common admin endpoints (`/admin/`, `/wp-admin/`, `/phpMyAdmin/`) return a fake login page. Any login attempt triggers a 1-second delay to simulate real processing and is fully logged in the dashboard (credentials, IP, headers, timing).
+
+![admin-page](img/admin-page.png)
+
+Requests to paths like `/backup/`, `/config/`, `/database/`, `/private/`, or `/uploads/` return a fake directory listing populated with “interesting” files, each assigned a random file size to look realistic.
+
+![directory-page](img/directory-page.png)
+
+The `.env` endpoint exposes fake database connection strings, **AWS API keys**, and **Stripe secrets**. It intentionally returns an error due to the `Content-Type` being `application/json` instead of plain text, mimicking a “juicy” misconfiguration that crawlers and scanners often flag as information leakage.
+
+![env-page](img/env-page.png)
+
+The pages `/api/v1/users` and `/api/v2/secrets` show fake users and random secrets in JSON format
+
+<div align="center">
+  <img src="img/api-users-page.png" width="45%" style="vertical-align: middle; margin: 0 10px;" />
+  <img src="img/api-secrets-page.png" width="45%" style="vertical-align: middle; margin: 0 10px;" />
+</div>
+
+The pages `/credentials.txt` and `/passwords.txt` show fake users and random secrets 
+
+<div align="center">
+  <img src="img/credentials-page.png" width="35%" style="vertical-align: middle; margin: 0 10px;" />
+  <img src="img/passwords-page.png" width="45%" style="vertical-align: middle; margin: 0 10px;" />
+</div>
+
 ## Wordlists Customization

 Edit `wordlists.json` to customize fake data:
@@ -209,11 +237,11 @@ Access the dashboard at `http://<server-ip>:<port>/<dashboard-path>`

 The attackers' triggered honeypot path and the suspicious activity (such as failed login attempts) are logged

-![asd](img/dashboard-1.png)
+![dashboard-1](img/dashboard-1.png)

 The top IP Addresses is shown along with top paths and User Agents

-![asd](img/dashboard-2.png)
+![dashboard-2](img/dashboard-2.png)

 The dashboard shows:
 - Total and unique accesses
@@ -285,7 +313,7 @@ Contributions welcome! Please:
 1. Fork the repository
 2. Create a feature branch
 3. Make your changes
-4. Submit a pull request
+4. Submit a pull request (explain the changes!)


 <div align="center">
--- a/deployment.yaml
+++ b/deployment.yaml
@@ -38,22 +38,6 @@ spec:
          limits:
            memory: "256Mi"
            cpu: "500m"
-        livenessProbe:
-          httpGet:
-            path: /
-            port: 5000
-          initialDelaySeconds: 10
-          periodSeconds: 30
-          timeoutSeconds: 5
-          failureThreshold: 3
-        readinessProbe:
-          httpGet:
-            path: /
-            port: 5000
-          initialDelaySeconds: 5
-          periodSeconds: 10
-          timeoutSeconds: 5
-          failureThreshold: 3
      volumes:
      - name: wordlists
        configMap:
--- a/helm/templates/deployment.yaml
+++ b/helm/templates/deployment.yaml
@@ -54,14 +54,6 @@ spec:
          mountPath: /app/wordlists.json
          subPath: wordlists.json
          readOnly: true
-        {{- with .Values.livenessProbe }}
-        livenessProbe:
-          {{- toYaml . | nindent 12 }}
-        {{- end }}
-        {{- with .Values.readinessProbe }}
-        readinessProbe:
-          {{- toYaml . | nindent 12 }}
-        {{- end }}
        {{- with .Values.resources }}
        resources:
          {{- toYaml . | nindent 12 }}
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -29,7 +29,7 @@ service:

 ingress:
  enabled: true
-  className: "nginx"
+  className: "traefik"
  annotations: {}
  hosts:
    - host: krawl.example.com
@@ -49,28 +49,10 @@ resources:
    cpu: 100m
    memory: 64Mi

-livenessProbe:
-  httpGet:
-    path: /
-    port: http
-  initialDelaySeconds: 10
-  periodSeconds: 30
-  timeoutSeconds: 5
-  failureThreshold: 3
-
-readinessProbe:
-  httpGet:
-    path: /
-    port: http
-  initialDelaySeconds: 5
-  periodSeconds: 10
-  timeoutSeconds: 5
-  failureThreshold: 3
-
 autoscaling:
  enabled: false
  minReplicas: 1
-  maxReplicas: 5
+  maxReplicas: 1
  targetCPUUtilizationPercentage: 70
  targetMemoryUtilizationPercentage: 80

--- a/img/admin-page.png
+++ b/img/admin-page.png
--- a/img/api-secrets-page.png
+++ b/img/api-secrets-page.png
--- a/img/api-users-page.png
+++ b/img/api-users-page.png
--- a/img/credentials-page.png
+++ b/img/credentials-page.png
--- a/img/directory-page.png
+++ b/img/directory-page.png
--- a/img/env-page.png
+++ b/img/env-page.png
--- a/img/passwords-page.png
+++ b/img/passwords-page.png
--- a/manifests/deployment.yaml
+++ b/manifests/deployment.yaml
@@ -38,22 +38,6 @@ spec:
          limits:
            memory: "256Mi"
            cpu: "500m"
-        livenessProbe:
-          httpGet:
-            path: /
-            port: 5000
-          initialDelaySeconds: 10
-          periodSeconds: 30
-          timeoutSeconds: 5
-          failureThreshold: 3
-        readinessProbe:
-          httpGet:
-            path: /
-            port: 5000
-          initialDelaySeconds: 5
-          periodSeconds: 10
-          timeoutSeconds: 5
-          failureThreshold: 3
      volumes:
      - name: wordlists
        configMap: