diff --git a/README.md b/README.md
index b84d955..06157bd 100644
--- a/README.md
+++ b/README.md
@@ -186,6 +186,7 @@ To customize the deception server installation several **environment variables**
| `DASHBOARD_SECRET_PATH` | Custom dashboard path | Auto-generated |
| `PROBABILITY_ERROR_CODES` | Error response probability (0-100%) | `0` |
| `SERVER_HEADER` | HTTP Server header for deception | `Apache/2.2.22 (Ubuntu)` |
+| `TIMEZONE` | IANA timezone for logs and dashboard (e.g., `America/New_York`, `Europe/Rome`) | System timezone |
## robots.txt
The actual (juicy) robots.txt configuration is the following
diff --git a/deployment.yaml b/deployment.yaml
deleted file mode 100644
index 4bf5189..0000000
--- a/deployment.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: krawl-server
- namespace: krawl
- labels:
- app: krawl-server
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: krawl-server
- template:
- metadata:
- labels:
- app: krawl-server
- spec:
- containers:
- - name: krawl
- image: ghcr.io/blessedrebus/krawl:latest
- imagePullPolicy: Always
- ports:
- - containerPort: 5000
- name: http
- protocol: TCP
- envFrom:
- - configMapRef:
- name: krawl-config
- volumeMounts:
- - name: wordlists
- mountPath: /app/wordlists.json
- subPath: wordlists.json
- readOnly: true
- resources:
- requests:
- memory: "64Mi"
- cpu: "100m"
- limits:
- memory: "256Mi"
- cpu: "500m"
- volumes:
- - name: wordlists
- configMap:
- name: krawl-wordlists
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 1612864..600034d 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -25,6 +25,8 @@ services:
# - CANARY_TOKEN_URL=http://canarytokens.com/api/users/YOUR_TOKEN/passwords.txt
# Optional: Set custom dashboard path (auto-generated if not set)
# - DASHBOARD_SECRET_PATH=/my-secret-dashboard
+ # Optional: Set timezone for logs and dashboard (e.g., America/New_York, Europe/Rome)
+ # - TIMEZONE=UTC
restart: unless-stopped
healthcheck:
test: ["CMD", "python3", "-c", "import requests; requests.get('http://localhost:5000')"]
diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml
index c50ab75..c08aaa5 100644
--- a/helm/templates/configmap.yaml
+++ b/helm/templates/configmap.yaml
@@ -16,3 +16,6 @@ data:
PROBABILITY_ERROR_CODES: {{ .Values.config.probabilityErrorCodes | quote }}
SERVER_HEADER: {{ .Values.config.serverHeader | quote }}
CANARY_TOKEN_URL: {{ .Values.config.canaryTokenUrl | quote }}
+ {{- if .Values.config.timezone }}
+ TIMEZONE: {{ .Values.config.timezone | quote }}
+ {{- end }}
diff --git a/helm/values.yaml b/helm/values.yaml
index a095632..ac51756 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -75,6 +75,7 @@ config:
probabilityErrorCodes: 0
serverHeader: "Apache/2.2.22 (Ubuntu)"
# canaryTokenUrl: set-your-canary-token-url-here
+# timezone: "UTC" # IANA timezone (e.g., "America/New_York", "Europe/Rome"). If not set, system timezone is used.
networkPolicy:
enabled: true
diff --git a/kubernetes/manifests/configmap.yaml b/kubernetes/manifests/configmap.yaml
index 431b9a3..073005f 100644
--- a/kubernetes/manifests/configmap.yaml
+++ b/kubernetes/manifests/configmap.yaml
@@ -14,4 +14,5 @@ data:
CANARY_TOKEN_TRIES: "10"
PROBABILITY_ERROR_CODES: "0"
SERVER_HEADER: "Apache/2.2.22 (Ubuntu)"
-# CANARY_TOKEN_URL: set-your-canary-token-url-here
\ No newline at end of file
+# CANARY_TOKEN_URL: set-your-canary-token-url-here
+# TIMEZONE: "UTC" # IANA timezone (e.g., "America/New_York", "Europe/Rome")
\ No newline at end of file
diff --git a/src/config.py b/src/config.py
index 7c6714c..741f01f 100644
--- a/src/config.py
+++ b/src/config.py
@@ -3,6 +3,8 @@
import os
from dataclasses import dataclass
from typing import Optional, Tuple
+from zoneinfo import ZoneInfo
+import time
@dataclass
@@ -22,6 +24,40 @@ class Config:
api_server_path: str = "/api/v2/users"
probability_error_codes: int = 0 # Percentage (0-100)
server_header: str = "Apache/2.2.22 (Ubuntu)"
+ timezone: str = None # IANA timezone (e.g., 'America/New_York', 'Europe/Rome')
+
+ @staticmethod
+ # Try to fetch timezone before if not set
+ def get_system_timezone() -> str:
+ """Get the system's default timezone"""
+ try:
+ if os.path.islink('/etc/localtime'):
+ tz_path = os.readlink('/etc/localtime')
+ if 'zoneinfo/' in tz_path:
+ return tz_path.split('zoneinfo/')[-1]
+
+ local_tz = time.tzname[time.daylight]
+ if local_tz and local_tz != 'UTC':
+ return local_tz
+ except Exception:
+ pass
+
+ # Default fallback to UTC
+ return 'UTC'
+
+ def get_timezone(self) -> ZoneInfo:
+ """Get configured timezone as ZoneInfo object"""
+ if self.timezone:
+ try:
+ return ZoneInfo(self.timezone)
+ except Exception:
+ pass
+
+ system_tz = self.get_system_timezone()
+ try:
+ return ZoneInfo(system_tz)
+ except Exception:
+ return ZoneInfo('UTC')
@classmethod
def from_env(cls) -> 'Config':
@@ -45,6 +81,7 @@ class Config:
api_server_url=os.getenv('API_SERVER_URL'),
api_server_port=int(os.getenv('API_SERVER_PORT', 8080)),
api_server_path=os.getenv('API_SERVER_PATH', '/api/v2/users'),
- probability_error_codes=int(os.getenv('PROBABILITY_ERROR_CODES', 5)),
- server_header=os.getenv('SERVER_HEADER', 'Apache/2.2.22 (Ubuntu)')
+ probability_error_codes=int(os.getenv('PROBABILITY_ERROR_CODES', 0)),
+ server_header=os.getenv('SERVER_HEADER', 'Apache/2.2.22 (Ubuntu)'),
+ timezone=os.getenv('TIMEZONE') # If not set, will use system timezone
)
diff --git a/src/logger.py b/src/logger.py
index 9f09236..992cad8 100644
--- a/src/logger.py
+++ b/src/logger.py
@@ -8,6 +8,23 @@ Provides two loggers: app (application) and access (HTTP access logs).
import logging
import os
from logging.handlers import RotatingFileHandler
+from typing import Optional
+from zoneinfo import ZoneInfo
+from datetime import datetime
+
+
+class TimezoneFormatter(logging.Formatter):
+ """Custom formatter that respects configured timezone"""
+ def __init__(self, fmt=None, datefmt=None, timezone: Optional[ZoneInfo] = None):
+ super().__init__(fmt, datefmt)
+ self.timezone = timezone or ZoneInfo('UTC')
+
+ def formatTime(self, record, datefmt=None):
+ """Override formatTime to use configured timezone"""
+ dt = datetime.fromtimestamp(record.created, tz=self.timezone)
+ if datefmt:
+ return dt.strftime(datefmt)
+ return dt.isoformat()
class LoggerManager:
@@ -20,23 +37,27 @@ class LoggerManager:
cls._instance._initialized = False
return cls._instance
- def initialize(self, log_dir: str = "logs") -> None:
+ def initialize(self, log_dir: str = "logs", timezone: Optional[ZoneInfo] = None) -> None:
"""
Initialize the logging system with rotating file handlers.
Args:
log_dir: Directory for log files (created if not exists)
+ timezone: ZoneInfo timezone for log timestamps (defaults to UTC)
"""
if self._initialized:
return
+ self.timezone = timezone or ZoneInfo('UTC')
+
# Create log directory if it doesn't exist
os.makedirs(log_dir, exist_ok=True)
# Common format for all loggers
- log_format = logging.Formatter(
+ log_format = TimezoneFormatter(
"[%(asctime)s] %(levelname)s - %(message)s",
- datefmt="%Y-%m-%d %H:%M:%S"
+ datefmt="%Y-%m-%d %H:%M:%S",
+ timezone=self.timezone
)
# Rotation settings: 1MB max, 5 backups
@@ -83,7 +104,7 @@ class LoggerManager:
self._credential_logger.handlers.clear()
# Credential logger uses a simple format: timestamp|ip|username|password|path
- credential_format = logging.Formatter("%(message)s")
+ credential_format = TimezoneFormatter("%(message)s", timezone=self.timezone)
credential_file_handler = RotatingFileHandler(
os.path.join(log_dir, "credentials.log"),
@@ -136,6 +157,6 @@ def get_credential_logger() -> logging.Logger:
return _logger_manager.credentials
-def initialize_logging(log_dir: str = "logs") -> None:
+def initialize_logging(log_dir: str = "logs", timezone: Optional[ZoneInfo] = None) -> None:
"""Initialize the logging system."""
- _logger_manager.initialize(log_dir)
+ _logger_manager.initialize(log_dir, timezone)
diff --git a/src/server.py b/src/server.py
index fd8f7d2..fcb794e 100644
--- a/src/server.py
+++ b/src/server.py
@@ -33,6 +33,8 @@ def print_usage():
print(' PROBABILITY_ERROR_CODES - Probability (0-100) to return HTTP error codes (default: 0)')
print(' CHAR_SPACE - Characters for random links')
print(' SERVER_HEADER - HTTP Server header for deception (default: Apache/2.2.22 (Ubuntu))')
+ print(' TIMEZONE - IANA timezone for logs/dashboard (e.g., America/New_York, Europe/Rome)')
+ print(' If not set, system timezone will be used')
def main():
@@ -41,15 +43,19 @@ def main():
print_usage()
exit(0)
- # Initialize logging
- initialize_logging()
+ config = Config.from_env()
+
+ # Get timezone configuration
+ tz = config.get_timezone()
+
+ # Initialize logging with timezone
+ initialize_logging(timezone=tz)
app_logger = get_app_logger()
access_logger = get_access_logger()
credential_logger = get_credential_logger()
- config = Config.from_env()
-
- tracker = AccessTracker()
+ # Initialize tracker with timezone
+ tracker = AccessTracker(timezone=tz)
Handler.config = config
Handler.tracker = tracker
@@ -71,6 +77,7 @@ def main():
try:
app_logger.info(f'Starting deception server on port {config.port}...')
+ app_logger.info(f'Timezone configured: {tz.key}')
app_logger.info(f'Dashboard available at: {config.dashboard_secret_path}')
if config.canary_token_url:
app_logger.info(f'Canary token will appear after {config.canary_token_tries} tries')
diff --git a/src/templates/dashboard_template.py b/src/templates/dashboard_template.py
index a267278..9fc4111 100644
--- a/src/templates/dashboard_template.py
+++ b/src/templates/dashboard_template.py
@@ -5,6 +5,18 @@ Dashboard template for viewing honeypot statistics.
Customize this template to change the dashboard appearance.
"""
+from datetime import datetime
+
+
+def format_timestamp(iso_timestamp: str) -> str:
+ """Format ISO timestamp for display (YYYY-MM-DD HH:MM:SS)"""
+ try:
+ dt = datetime.fromisoformat(iso_timestamp)
+ return dt.strftime("%Y-%m-%d %H:%M:%S")
+ except Exception:
+ # Fallback for old format
+ return iso_timestamp.split("T")[1][:8] if "T" in iso_timestamp else iso_timestamp
+
def generate_dashboard(stats: dict) -> str:
"""Generate dashboard HTML with access statistics"""
@@ -29,7 +41,7 @@ def generate_dashboard(stats: dict) -> str:
# Generate suspicious accesses rows
suspicious_rows = '\n'.join([
- f'| {log["ip"]} | {log["path"]} | {log["user_agent"][:60]} | {log["timestamp"].split("T")[1][:8]} |
'
+ f'| {log["ip"]} | {log["path"]} | {log["user_agent"][:60]} | {format_timestamp(log["timestamp"])} |
'
for log in stats['recent_suspicious'][-10:]
]) or '| No suspicious activity detected |
'
@@ -41,13 +53,13 @@ def generate_dashboard(stats: dict) -> str:
# Generate attack types rows
attack_type_rows = '\n'.join([
- f'| {log["ip"]} | {log["path"]} | {", ".join(log["attack_types"])} | {log["user_agent"][:60]} | {log["timestamp"].split("T")[1][:8]} |
'
+ f'| {log["ip"]} | {log["path"]} | {", ".join(log["attack_types"])} | {log["user_agent"][:60]} | {format_timestamp(log["timestamp"])} |
'
for log in stats.get('attack_types', [])[-10:]
]) or '| No attacks detected |
'
# Generate credential attempts rows
credential_rows = '\n'.join([
- f'| {log["ip"]} | {log["username"]} | {log["password"]} | {log["path"]} | {log["timestamp"].split("T")[1][:8]} |
'
+ f'| {log["ip"]} | {log["username"]} | {log["password"]} | {log["path"]} | {format_timestamp(log["timestamp"])} |
'
for log in stats.get('credential_attempts', [])[-20:]
]) or '| No credentials captured yet |
'
diff --git a/src/tracker.py b/src/tracker.py
index 717a4c3..c9322ec 100644
--- a/src/tracker.py
+++ b/src/tracker.py
@@ -1,20 +1,22 @@
#!/usr/bin/env python3
-from typing import Dict, List, Tuple
+from typing import Dict, List, Tuple, Optional
from collections import defaultdict
from datetime import datetime
+from zoneinfo import ZoneInfo
import re
import urllib.parse
class AccessTracker:
"""Track IP addresses and paths accessed"""
- def __init__(self):
+ def __init__(self, timezone: Optional[ZoneInfo] = None):
self.ip_counts: Dict[str, int] = defaultdict(int)
self.path_counts: Dict[str, int] = defaultdict(int)
self.user_agent_counts: Dict[str, int] = defaultdict(int)
self.access_log: List[Dict] = []
self.credential_attempts: List[Dict] = []
+ self.timezone = timezone or ZoneInfo('UTC')
self.suspicious_patterns = [
'bot', 'crawler', 'spider', 'scraper', 'curl', 'wget', 'python-requests',
'scanner', 'nikto', 'sqlmap', 'nmap', 'masscan', 'nessus', 'acunetix',
@@ -81,7 +83,7 @@ class AccessTracker:
'path': path,
'username': username,
'password': password,
- 'timestamp': datetime.now().isoformat()
+ 'timestamp': datetime.now(self.timezone).isoformat()
})
def record_access(self, ip: str, path: str, user_agent: str = '', body: str = ''):
@@ -112,7 +114,7 @@ class AccessTracker:
'suspicious': is_suspicious,
'honeypot_triggered': self.is_honeypot_path(path),
'attack_types':attack_findings,
- 'timestamp': datetime.now().isoformat()
+ 'timestamp': datetime.now(self.timezone).isoformat()
})
def detect_attack_type(self, data:str) -> list[str]:
diff --git a/tests/test_credentials.sh b/tests/test_credentials.sh
new file mode 100755
index 0000000..6379b92
--- /dev/null
+++ b/tests/test_credentials.sh
@@ -0,0 +1,150 @@
+#!/bin/bash
+
+# This script sends various POST requests with credentials to the honeypot
+
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+YELLOW='\033[1;33m'
+RED='\033[0;31m'
+NC='\033[0m'
+
+# Configuration
+HOST="localhost"
+PORT="5000"
+BASE_URL="http://${HOST}:${PORT}"
+
+echo -e "${BLUE}========================================${NC}"
+echo -e "${BLUE}Krawl Credential Logging Test Script${NC}"
+echo -e "${BLUE}========================================${NC}\n"
+
+# Check if server is running
+echo -e "${YELLOW}Checking if server is running on ${BASE_URL}...${NC}"
+if ! curl -s -f "${BASE_URL}/health" > /dev/null 2>&1; then
+ echo -e "${RED}❌ Server is not running. Please start the Krawl server first.${NC}"
+ echo -e "${YELLOW}Run: python3 src/server.py${NC}"
+ exit 1
+fi
+echo -e "${GREEN}✓ Server is running${NC}\n"
+
+# Test 1: Simple login form POST
+echo -e "${YELLOW}Test 1: POST to /login with form data${NC}"
+curl -s -X POST "${BASE_URL}/login" \
+ -H "Content-Type: application/x-www-form-urlencoded" \
+ -d "username=admin&password=admin123" \
+ > /dev/null
+echo -e "${GREEN}✓ Sent: admin / admin123${NC}\n"
+
+sleep 1
+
+# Test 2: Admin panel login
+echo -e "${YELLOW}Test 2: POST to /admin with credentials${NC}"
+curl -s -X POST "${BASE_URL}/admin" \
+ -H "Content-Type: application/x-www-form-urlencoded" \
+ -d "user=root&pass=toor&submit=Login" \
+ > /dev/null
+echo -e "${GREEN}✓ Sent: root / toor${NC}\n"
+
+sleep 1
+
+# Test 3: WordPress login attempt
+echo -e "${YELLOW}Test 3: POST to /wp-login.php${NC}"
+curl -s -X POST "${BASE_URL}/wp-login.php" \
+ -H "Content-Type: application/x-www-form-urlencoded" \
+ -d "log=wpuser&pwd=Password1&wp-submit=Log+In" \
+ > /dev/null
+echo -e "${GREEN}✓ Sent: wpuser / Password1${NC}\n"
+
+sleep 1
+
+# Test 4: JSON formatted credentials
+echo -e "${YELLOW}Test 4: POST to /api/login with JSON${NC}"
+curl -s -X POST "${BASE_URL}/api/login" \
+ -H "Content-Type: application/json" \
+ -d '{"username":"apiuser","password":"apipass123","remember":true}' \
+ > /dev/null
+echo -e "${GREEN}✓ Sent: apiuser / apipass123${NC}\n"
+
+sleep 1
+
+# Test 5: SSH-style login
+echo -e "${YELLOW}Test 5: POST to /ssh with credentials${NC}"
+curl -s -X POST "${BASE_URL}/ssh" \
+ -H "Content-Type: application/x-www-form-urlencoded" \
+ -d "username=sshuser&password=P@ssw0rd!" \
+ > /dev/null
+echo -e "${GREEN}✓ Sent: sshuser / P@ssw0rd!${NC}\n"
+
+sleep 1
+
+# Test 6: Database admin
+echo -e "${YELLOW}Test 6: POST to /phpmyadmin with credentials${NC}"
+curl -s -X POST "${BASE_URL}/phpmyadmin" \
+ -H "Content-Type: application/x-www-form-urlencoded" \
+ -d "pma_username=dbadmin&pma_password=dbpass123&server=1" \
+ > /dev/null
+echo -e "${GREEN}✓ Sent: dbadmin / dbpass123${NC}\n"
+
+sleep 1
+
+# Test 7: Multiple fields with email
+echo -e "${YELLOW}Test 7: POST to /register with email${NC}"
+curl -s -X POST "${BASE_URL}/register" \
+ -H "Content-Type: application/x-www-form-urlencoded" \
+ -d "email=test@example.com&username=newuser&password=NewPass123&confirm_password=NewPass123" \
+ > /dev/null
+echo -e "${GREEN}✓ Sent: newuser / NewPass123 (email: test@example.com)${NC}\n"
+
+sleep 1
+
+# Test 8: FTP credentials
+echo -e "${YELLOW}Test 8: POST to /ftp/login${NC}"
+curl -s -X POST "${BASE_URL}/ftp/login" \
+ -H "Content-Type: application/x-www-form-urlencoded" \
+ -d "ftpuser=ftpadmin&ftppass=ftp123456" \
+ > /dev/null
+echo -e "${GREEN}✓ Sent: ftpadmin / ftp123456${NC}\n"
+
+sleep 1
+
+# Test 9: Common brute force attempt
+echo -e "${YELLOW}Test 9: Multiple attempts (simulating brute force)${NC}"
+for i in {1..3}; do
+ curl -s -X POST "${BASE_URL}/login" \
+ -H "Content-Type: application/x-www-form-urlencoded" \
+ -d "username=admin&password=pass${i}" \
+ > /dev/null
+ echo -e "${GREEN}✓ Attempt $i: admin / pass${i}${NC}"
+ sleep 0.5
+done
+echo ""
+
+sleep 1
+
+# Test 10: Special characters in credentials
+echo -e "${YELLOW}Test 10: POST with special characters${NC}"
+curl -s -X POST "${BASE_URL}/login" \
+ -H "Content-Type: application/x-www-form-urlencoded" \
+ --data-urlencode "username=user@domain.com" \
+ --data-urlencode "password=P@\$\$w0rd!#%" \
+ > /dev/null
+echo -e "${GREEN}✓ Sent: user@domain.com / P@\$\$w0rd!#%${NC}\n"
+
+echo -e "${BLUE}========================================${NC}"
+echo -e "${GREEN}✓ All credential tests completed!${NC}"
+echo -e "${BLUE}========================================${NC}\n"
+
+echo -e "${YELLOW}Check the results:${NC}"
+echo -e " 1. View the log file: ${GREEN}cat src/logs/credentials.log${NC}"
+echo -e " 2. View the dashboard: ${GREEN}${BASE_URL}/dashboard${NC}"
+echo -e " 3. Check recent logs: ${GREEN}tail -20 src/logs/krawl.log${NC}\n"
+
+# Display last 10 credential entries if log file exists
+if [ -f "src/logs/credentials.log" ]; then
+ echo -e "${BLUE}========================================${NC}"
+ echo -e "${BLUE}Last 10 Captured Credentials:${NC}"
+ echo -e "${BLUE}========================================${NC}"
+ tail -10 src/logs/credentials.log
+ echo ""
+fi
+
+echo -e "${YELLOW}💡 Tip: Open ${BASE_URL}/dashboard in your browser to see the credentials in real-time!${NC}"