diff --git a/README.md b/README.md index 498bc9e..83c6aa4 100644 --- a/README.md +++ b/README.md @@ -180,6 +180,34 @@ Disallow: /.git/ Disallow: /backup.sql Disallow: /db_backup.sql ``` + +## Honeypot pages +Requests to common admin endpoints (`/admin/`, `/wp-admin/`, `/phpMyAdmin/`) return a fake login page. Any login attempt triggers a 1-second delay to simulate real processing and is fully logged in the dashboard (credentials, IP, headers, timing). + +![admin-page](img/admin-page.png) + +Requests to paths like `/backup/`, `/config/`, `/database/`, `/private/`, or `/uploads/` return a fake directory listing populated with “interesting” files, each assigned a random file size to look realistic. + +![directory-page](img/directory-page.png) + +The `.env` endpoint exposes fake database connection strings, **AWS API keys**, and **Stripe secrets**. It intentionally returns an error due to the `Content-Type` being `application/json` instead of plain text, mimicking a “juicy” misconfiguration that crawlers and scanners often flag as information leakage. + +![env-page](img/env-page.png) + +The pages `/api/v1/users` and `/api/v2/secrets` show fake users and random secrets in JSON format + +
+ + +
+ +The pages `/credentials.txt` and `/passwords.txt` show fake users and random secrets + +
+ + +
+ ## Wordlists Customization Edit `wordlists.json` to customize fake data: @@ -209,11 +237,11 @@ Access the dashboard at `http://:/` The attackers' triggered honeypot path and the suspicious activity (such as failed login attempts) are logged -![asd](img/dashboard-1.png) +![dashboard-1](img/dashboard-1.png) The top IP Addresses is shown along with top paths and User Agents -![asd](img/dashboard-2.png) +![dashboard-2](img/dashboard-2.png) The dashboard shows: - Total and unique accesses @@ -285,7 +313,7 @@ Contributions welcome! Please: 1. Fork the repository 2. Create a feature branch 3. Make your changes -4. Submit a pull request +4. Submit a pull request (explain the changes!)
diff --git a/deployment.yaml b/deployment.yaml index cb39eaf..4bf5189 100644 --- a/deployment.yaml +++ b/deployment.yaml @@ -38,22 +38,6 @@ spec: limits: memory: "256Mi" cpu: "500m" - livenessProbe: - httpGet: - path: / - port: 5000 - initialDelaySeconds: 10 - periodSeconds: 30 - timeoutSeconds: 5 - failureThreshold: 3 - readinessProbe: - httpGet: - path: / - port: 5000 - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 volumes: - name: wordlists configMap: diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index bad4f0d..b0aeb6d 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -54,14 +54,6 @@ spec: mountPath: /app/wordlists.json subPath: wordlists.json readOnly: true - {{- with .Values.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} {{- with .Values.resources }} resources: {{- toYaml . | nindent 12 }} diff --git a/helm/values.yaml b/helm/values.yaml index 93d668b..9ee9ca5 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -29,7 +29,7 @@ service: ingress: enabled: true - className: "nginx" + className: "traefik" annotations: {} hosts: - host: krawl.example.com @@ -49,28 +49,10 @@ resources: cpu: 100m memory: 64Mi -livenessProbe: - httpGet: - path: / - port: http - initialDelaySeconds: 10 - periodSeconds: 30 - timeoutSeconds: 5 - failureThreshold: 3 - -readinessProbe: - httpGet: - path: / - port: http - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - autoscaling: enabled: false minReplicas: 1 - maxReplicas: 5 + maxReplicas: 1 targetCPUUtilizationPercentage: 70 targetMemoryUtilizationPercentage: 80 diff --git a/img/admin-page.png b/img/admin-page.png new file mode 100644 index 0000000..ba82843 Binary files /dev/null and b/img/admin-page.png differ diff --git a/img/api-secrets-page.png b/img/api-secrets-page.png new file mode 100644 index 0000000..77b47c8 Binary files /dev/null and b/img/api-secrets-page.png differ diff --git a/img/api-users-page.png b/img/api-users-page.png new file mode 100644 index 0000000..6746594 Binary files /dev/null and b/img/api-users-page.png differ diff --git a/img/credentials-page.png b/img/credentials-page.png new file mode 100644 index 0000000..bc3fffa Binary files /dev/null and b/img/credentials-page.png differ diff --git a/img/directory-page.png b/img/directory-page.png new file mode 100644 index 0000000..b623697 Binary files /dev/null and b/img/directory-page.png differ diff --git a/img/env-page.png b/img/env-page.png new file mode 100644 index 0000000..a738732 Binary files /dev/null and b/img/env-page.png differ diff --git a/img/passwords-page.png b/img/passwords-page.png new file mode 100644 index 0000000..c9ca2f0 Binary files /dev/null and b/img/passwords-page.png differ diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml index 3fad020..0552eba 100644 --- a/manifests/deployment.yaml +++ b/manifests/deployment.yaml @@ -38,22 +38,6 @@ spec: limits: memory: "256Mi" cpu: "500m" - livenessProbe: - httpGet: - path: / - port: 5000 - initialDelaySeconds: 10 - periodSeconds: 30 - timeoutSeconds: 5 - failureThreshold: 3 - readinessProbe: - httpGet: - path: / - port: 5000 - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 volumes: - name: wordlists configMap: