From b253828cd76378acb038eac2d3dc548ee5769b3e Mon Sep 17 00:00:00 2001 From: Lorenzo Venerandi <68255980+Lore09@users.noreply.github.com> Date: Thu, 29 Jan 2026 14:32:10 +0100 Subject: [PATCH] Feat/release 1.0.0 (#63) * Feat: update Kubernetes manifests for Krawl deployment and improve resource labels * Feat: update version to 1.0.0 in Helm chart and related files; add timezone to README * Feat: enhance configuration options for handling malicious IPs and update dashboard secret path * Fix: standardize boolean value handling in environment configuration --- .gitignore | 1 + README.md | 7 +- config.yaml | 2 +- helm/Chart.yaml | 6 +- helm/README.md | 4 +- helm/templates/configmap.yaml | 5 - helm/values.yaml | 6 +- kubernetes/krawl-all-in-one-deploy.yaml | 436 +++++------------- kubernetes/manifests/configmap.yaml | 10 +- kubernetes/manifests/deployment.yaml | 33 +- kubernetes/manifests/hpa.yaml | 26 -- kubernetes/manifests/ingress.yaml | 31 +- kubernetes/manifests/network-policy.yaml | 44 +- kubernetes/manifests/pvc.yaml | 5 +- kubernetes/manifests/service.yaml | 12 +- kubernetes/manifests/wordlists-configmap.yaml | 216 +-------- src/config.py | 3 + 17 files changed, 211 insertions(+), 636 deletions(-) delete mode 100644 kubernetes/manifests/hpa.yaml diff --git a/.gitignore b/.gitignore index 90cc56f..6249e18 100644 --- a/.gitignore +++ b/.gitignore @@ -80,3 +80,4 @@ personal-values.yaml #exports dir (keeping .gitkeep so we have the dir) /exports/* +/src/exports/* \ No newline at end of file diff --git a/README.md b/README.md index cfb0427..aa1aee6 100644 --- a/README.md +++ b/README.md @@ -109,6 +109,7 @@ services: - "5000:5000" environment: - CONFIG_LOCATION=config.yaml + - TZ="Europe/Rome" volumes: - ./config.yaml:/app/config.yaml:ro - krawl-data:/app/data @@ -201,9 +202,6 @@ Krawl uses a **configuration hierarchy** in which **environment variables take p | `KRAWL_CANARY_TOKEN_URL` | External canary token URL | None | | `KRAWL_CANARY_TOKEN_TRIES` | Requests before showing canary token | `10` | | `KRAWL_DASHBOARD_SECRET_PATH` | Custom dashboard path | Auto-generated | -| `KRAWL_API_SERVER_URL` | API server URL | None | -| `KRAWL_API_SERVER_PORT` | API server port | `8080` | -| `KRAWL_API_SERVER_PATH` | API server endpoint path | `/api/v2/users` | | `KRAWL_PROBABILITY_ERROR_CODES` | Error response probability (0-100%) | `0` | | `KRAWL_DATABASE_PATH` | Database file location | `data/krawl.db` | | `KRAWL_DATABASE_RETENTION_DAYS` | Days to retain data in database | `30` | @@ -213,6 +211,9 @@ Krawl uses a **configuration hierarchy** in which **environment variables take p | `KRAWL_UNEVEN_REQUEST_TIMING_TIME_WINDOW_SECONDS` | Time window for request timing analysis in seconds | `300` | | `KRAWL_USER_AGENTS_USED_THRESHOLD` | Threshold for detecting multiple user agents | `2` | | `KRAWL_ATTACK_URLS_THRESHOLD` | Threshold for attack URL detection | `1` | +| `KRAWL_INFINITE_PAGES_FOR_MALICIOUS` | Serve infinite pages to malicious IPs | `true` | +| `KRAWL_MAX_PAGES_LIMIT` | Maximum page limit for crawlers | `250` | +| `KRAWL_BAN_DURATION_SECONDS` | Ban duration in seconds for rate-limited IPs | `600` | For example diff --git a/config.yaml b/config.yaml index c3424d6..c29ebe4 100644 --- a/config.yaml +++ b/config.yaml @@ -23,7 +23,7 @@ dashboard: # if set to "null" this will Auto-generates random path if not set # can be set to "/dashboard" or similar <-- note this MUST include a forward slash # secret_path: super-secret-dashboard-path - secret_path: null + secret_path: test database: path: "data/krawl.db" diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 9ff2db0..2e3ae94 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: krawl-chart description: A Helm chart for Krawl honeypot server type: application -version: 0.2.2 -appVersion: 0.2.2 +version: 1.0.0 +appVersion: 1.0.0 keywords: - honeypot - security @@ -13,4 +13,4 @@ maintainers: home: https://github.com/blessedrebus/krawl sources: - https://github.com/blessedrebus/krawl -icon: https://raw.githubusercontent.com/blessedrebus/krawl/main/docs/images/krawl-logo.png \ No newline at end of file +icon: https://raw.githubusercontent.com/blessedrebus/krawl/main/img/krawl-svg.svg \ No newline at end of file diff --git a/helm/README.md b/helm/README.md index d1ee9cd..ae57261 100644 --- a/helm/README.md +++ b/helm/README.md @@ -17,7 +17,7 @@ Install with default values: ```bash helm install krawl oci://ghcr.io/blessedrebus/krawl-chart \ - --version 0.2.2 \ + --version 1.0.0 \ --namespace krawl-system \ --create-namespace ``` @@ -29,6 +29,8 @@ service: type: LoadBalancer port: 5000 +timezone: "Europe/Rome" + ingress: enabled: true className: "traefik" diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml index f6efdf4..f81d319 100644 --- a/helm/templates/configmap.yaml +++ b/helm/templates/configmap.yaml @@ -10,7 +10,6 @@ data: server: port: {{ .Values.config.server.port }} delay: {{ .Values.config.server.delay }} - timezone: {{ .Values.config.server.timezone | toYaml }} links: min_length: {{ .Values.config.links.min_length }} max_length: {{ .Values.config.links.max_length }} @@ -23,10 +22,6 @@ data: token_tries: {{ .Values.config.canary.token_tries }} dashboard: secret_path: {{ .Values.config.dashboard.secret_path | toYaml }} - api: - server_url: {{ .Values.config.api.server_url | toYaml }} - server_port: {{ .Values.config.api.server_port }} - server_path: {{ .Values.config.api.server_path | quote }} database: path: {{ .Values.config.database.path | quote }} retention_days: {{ .Values.config.database.retention_days }} diff --git a/helm/values.yaml b/helm/values.yaml index 1a5d07b..fb9be82 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -3,7 +3,7 @@ replicaCount: 1 image: repository: ghcr.io/blessedrebus/krawl pullPolicy: Always - tag: "0.2.1" + tag: "1.0.0" imagePullSecrets: [] nameOverride: "krawl" @@ -84,10 +84,6 @@ config: token_tries: 10 dashboard: secret_path: null # Auto-generated if not set, or set to "/my-secret-dashboard" - api: - server_url: null - server_port: 8080 - server_path: "/api/v2/users" database: path: "data/krawl.db" retention_days: 30 diff --git a/kubernetes/krawl-all-in-one-deploy.yaml b/kubernetes/krawl-all-in-one-deploy.yaml index b49d070..767c080 100644 --- a/kubernetes/krawl-all-in-one-deploy.yaml +++ b/kubernetes/krawl-all-in-one-deploy.yaml @@ -4,18 +4,58 @@ kind: Namespace metadata: name: krawl-system --- +# Source: krawl-chart/templates/network-policy.yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: krawl + namespace: krawl-system + labels: + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl + app.kubernetes.io/version: "1.0.0" +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl + policyTypes: + - Ingress + - Egress + ingress: + - from: + - podSelector: {} + - namespaceSelector: {} + - ipBlock: + cidr: 0.0.0.0/0 + ports: + - port: 5000 + protocol: TCP + egress: + - ports: + - protocol: TCP + - protocol: UDP + to: + - namespaceSelector: {} + - ipBlock: + cidr: 0.0.0.0/0 +--- +# Source: krawl-chart/templates/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: krawl-config namespace: krawl-system + labels: + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl + app.kubernetes.io/version: "1.0.0" data: config.yaml: | # Krawl Honeypot Configuration server: port: 5000 delay: 100 - timezone: null links: min_length: 5 max_length: 15 @@ -28,10 +68,6 @@ data: token_tries: 10 dashboard: secret_path: null - api: - server_url: null - server_port: 8080 - server_path: "/api/v2/users" database: path: "data/krawl.db" retention_days: 30 @@ -49,231 +85,30 @@ data: max_pages_limit: 250 ban_duration_seconds: 600 --- +# Source: krawl-chart/templates/wordlists-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: krawl-wordlists namespace: krawl-system + labels: + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl + app.kubernetes.io/version: "1.0.0" data: wordlists.json: | - { - "usernames": { - "prefixes": [ - "admin", - "user", - "developer", - "root", - "system", - "db", - "api", - "service", - "deploy", - "test", - "prod", - "backup", - "monitor", - "jenkins", - "webapp" - ], - "suffixes": [ - "", - "_prod", - "_dev", - "_test", - "123", - "2024", - "_backup", - "_admin", - "01", - "02", - "_user", - "_service", - "_api" - ] - }, - "passwords": { - "prefixes": [ - "P@ssw0rd", - "Passw0rd", - "Admin", - "Secret", - "Welcome", - "System", - "Database", - "Secure", - "Master", - "Root" - ], - "simple": [ - "test", - "demo", - "temp", - "change", - "password", - "admin", - "letmein", - "welcome", - "default", - "sample" - ] - }, - "emails": { - "domains": [ - "example.com", - "company.com", - "localhost.com", - "test.com", - "domain.com", - "corporate.com", - "internal.net", - "enterprise.com", - "business.org" - ] - }, - "api_keys": { - "prefixes": [ - "sk_live_", - "sk_test_", - "api_", - "key_", - "token_", - "access_", - "secret_", - "prod_", - "" - ] - }, - "databases": { - "names": [ - "production", - "prod_db", - "main_db", - "app_database", - "users_db", - "customer_data", - "analytics", - "staging_db", - "dev_database", - "wordpress", - "ecommerce", - "crm_db", - "inventory" - ], - "hosts": [ - "localhost", - "db.internal", - "mysql.local", - "postgres.internal", - "127.0.0.1", - "db-server-01", - "database.prod", - "sql.company.com" - ] - }, - "applications": { - "names": [ - "WebApp", - "API Gateway", - "Dashboard", - "Admin Panel", - "CMS", - "Portal", - "Manager", - "Console", - "Control Panel", - "Backend" - ] - }, - "users": { - "roles": [ - "Administrator", - "Developer", - "Manager", - "User", - "Guest", - "Moderator", - "Editor", - "Viewer", - "Analyst", - "Support" - ] - }, - "directory_listing": { - "files": [ - "admin.txt", - "test.exe", - "backup.sql", - "database.sql", - "db_backup.sql", - "dump.sql", - "config.php", - "credentials.txt", - "passwords.txt", - "users.csv", - ".env", - "id_rsa", - "id_rsa.pub", - "private_key.pem", - "api_keys.json", - "secrets.yaml", - "admin_notes.txt", - "settings.ini", - "database.yml", - "wp-config.php", - ".htaccess", - "server.key", - "cert.pem", - "shadow.bak", - "passwd.old" - ], - "directories": [ - "uploads/", - "backups/", - "logs/", - "temp/", - "cache/", - "private/", - "config/", - "admin/", - "database/", - "backup/", - "old/", - "archive/", - ".git/", - "keys/", - "credentials/" - ] - }, - "error_codes": [ - 400, - 401, - 403, - 404, - 500, - 502, - 503 - ], - "server_headers": [ - "Apache/2.2.22 (Ubuntu)", - "nginx/1.18.0", - "Microsoft-IIS/10.0", - "LiteSpeed", - "Caddy", - "Gunicorn/20.0.4", - "uvicorn/0.13.4", - "Express", - "Flask/1.1.2", - "Django/3.1" - ] - } + {"api_keys":{"prefixes":["sk_live_","sk_test_","api_","key_","token_","access_","secret_","prod_",""]},"applications":{"names":["WebApp","API Gateway","Dashboard","Admin Panel","CMS","Portal","Manager","Console","Control Panel","Backend"]},"databases":{"hosts":["localhost","db.internal","mysql.local","postgres.internal","127.0.0.1","db-server-01","database.prod","sql.company.com"],"names":["production","prod_db","main_db","app_database","users_db","customer_data","analytics","staging_db","dev_database","wordpress","ecommerce","crm_db","inventory"]},"directory_listing":{"directories":["uploads/","backups/","logs/","temp/","cache/","private/","config/","admin/","database/","backup/","old/","archive/",".git/","keys/","credentials/"],"files":["admin.txt","test.exe","backup.sql","database.sql","db_backup.sql","dump.sql","config.php","credentials.txt","passwords.txt","users.csv",".env","id_rsa","id_rsa.pub","private_key.pem","api_keys.json","secrets.yaml","admin_notes.txt","settings.ini","database.yml","wp-config.php",".htaccess","server.key","cert.pem","shadow.bak","passwd.old"]},"emails":{"domains":["example.com","company.com","localhost.com","test.com","domain.com","corporate.com","internal.net","enterprise.com","business.org"]},"error_codes":[400,401,403,404,500,502,503],"passwords":{"prefixes":["P@ssw0rd","Passw0rd","Admin","Secret","Welcome","System","Database","Secure","Master","Root"],"simple":["test","demo","temp","change","password","admin","letmein","welcome","default","sample"]},"server_headers":["Apache/2.2.22 (Ubuntu)","nginx/1.18.0","Microsoft-IIS/10.0","LiteSpeed","Caddy","Gunicorn/20.0.4","uvicorn/0.13.4","Express","Flask/1.1.2","Django/3.1"],"usernames":{"prefixes":["admin","user","developer","root","system","db","api","service","deploy","test","prod","backup","monitor","jenkins","webapp"],"suffixes":["","_prod","_dev","_test","123","2024","_backup","_admin","01","02","_user","_service","_api"]},"users":{"roles":["Administrator","Developer","Manager","User","Guest","Moderator","Editor","Viewer","Analyst","Support"]}} --- +# Source: krawl-chart/templates/pvc.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: krawl-db namespace: krawl-system labels: - app: krawl-server + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl + app.kubernetes.io/version: "1.0.0" spec: accessModes: - ReadWriteOnce @@ -281,30 +116,61 @@ spec: requests: storage: 1Gi --- +# Source: krawl-chart/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: krawl + namespace: krawl-system + labels: + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl + app.kubernetes.io/version: "1.0.0" +spec: + type: LoadBalancer + externalTrafficPolicy: Local + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 + ports: + - port: 5000 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl +--- +# Source: krawl-chart/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: krawl-server + name: krawl namespace: krawl-system labels: - app: krawl-server + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl + app.kubernetes.io/version: "1.0.0" spec: replicas: 1 selector: matchLabels: - app: krawl-server + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl template: metadata: labels: - app: krawl-server + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl spec: containers: - - name: krawl - image: ghcr.io/blessedrebus/krawl:latest + - name: krawl-chart + image: "ghcr.io/blessedrebus/krawl:1.0.0" imagePullPolicy: Always ports: - - containerPort: 5000 - name: http + - name: http + containerPort: 5000 protocol: TCP env: - name: CONFIG_LOCATION @@ -321,12 +187,12 @@ spec: - name: database mountPath: /app/data resources: - requests: - memory: "64Mi" - cpu: "100m" - limits: - memory: "256Mi" - cpu: "500m" + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 100m + memory: 64Mi volumes: - name: config configMap: @@ -338,104 +204,26 @@ spec: persistentVolumeClaim: claimName: krawl-db --- -apiVersion: v1 -kind: Service -metadata: - name: krawl-server - namespace: krawl-system - labels: - app: krawl-server -spec: - type: LoadBalancer - externalTrafficPolicy: Local - sessionAffinity: ClientIP - sessionAffinityConfig: - clientIP: - timeoutSeconds: 10800 - ports: - - port: 5000 - targetPort: 5000 - protocol: TCP - name: http - selector: - app: krawl-server ---- +# Source: krawl-chart/templates/ingress.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: krawl-ingress + name: krawl namespace: krawl-system + labels: + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl + app.kubernetes.io/version: "1.0.0" spec: ingressClassName: traefik rules: - - host: krawl.example.com # Change to your domain - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: krawl-server - port: - number: 5000 - # tls: - # - hosts: - # - krawl.example.com - # secretName: krawl-tls ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: krawl-network-policy - namespace: krawl-system -spec: - podSelector: - matchLabels: - app: krawl-server - policyTypes: - - Ingress - - Egress - ingress: - - from: - - podSelector: {} - - namespaceSelector: {} - - ipBlock: - cidr: 0.0.0.0/0 - ports: - - protocol: TCP - port: 5000 - egress: - - to: - - namespaceSelector: {} - - ipBlock: - cidr: 0.0.0.0/0 - ports: - - protocol: TCP - - protocol: UDP ---- -# Optional: HorizontalPodAutoscaler for auto-scaling -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: krawl-hpa - namespace: krawl-system -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: krawl-server - minReplicas: 1 - maxReplicas: 5 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 70 - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: 80 + - host: "krawl.example.com" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: krawl + port: + number: 5000 diff --git a/kubernetes/manifests/configmap.yaml b/kubernetes/manifests/configmap.yaml index d03e1c3..cdf6f1b 100644 --- a/kubernetes/manifests/configmap.yaml +++ b/kubernetes/manifests/configmap.yaml @@ -1,15 +1,19 @@ +# Source: krawl-chart/templates/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: krawl-config namespace: krawl-system + labels: + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl + app.kubernetes.io/version: "1.0.0" data: config.yaml: | # Krawl Honeypot Configuration server: port: 5000 delay: 100 - timezone: null links: min_length: 5 max_length: 15 @@ -22,10 +26,6 @@ data: token_tries: 10 dashboard: secret_path: null - api: - server_url: null - server_port: 8080 - server_path: "/api/v2/users" database: path: "data/krawl.db" retention_days: 30 diff --git a/kubernetes/manifests/deployment.yaml b/kubernetes/manifests/deployment.yaml index f970625..4c87a73 100644 --- a/kubernetes/manifests/deployment.yaml +++ b/kubernetes/manifests/deployment.yaml @@ -1,27 +1,32 @@ +# Source: krawl-chart/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: krawl-server + name: krawl namespace: krawl-system labels: - app: krawl-server + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl + app.kubernetes.io/version: "1.0.0" spec: replicas: 1 selector: matchLabels: - app: krawl-server + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl template: metadata: labels: - app: krawl-server + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl spec: containers: - - name: krawl - image: ghcr.io/blessedrebus/krawl:latest + - name: krawl-chart + image: "ghcr.io/blessedrebus/krawl:1.0.0" imagePullPolicy: Always ports: - - containerPort: 5000 - name: http + - name: http + containerPort: 5000 protocol: TCP env: - name: CONFIG_LOCATION @@ -38,12 +43,12 @@ spec: - name: database mountPath: /app/data resources: - requests: - memory: "64Mi" - cpu: "100m" - limits: - memory: "256Mi" - cpu: "500m" + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 100m + memory: 64Mi volumes: - name: config configMap: diff --git a/kubernetes/manifests/hpa.yaml b/kubernetes/manifests/hpa.yaml deleted file mode 100644 index 10bab0c..0000000 --- a/kubernetes/manifests/hpa.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Optional: HorizontalPodAutoscaler for auto-scaling -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: krawl-hpa - namespace: krawl-system -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: krawl-server - minReplicas: 1 - maxReplicas: 5 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 70 - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: 80 diff --git a/kubernetes/manifests/ingress.yaml b/kubernetes/manifests/ingress.yaml index 52cea39..5134798 100644 --- a/kubernetes/manifests/ingress.yaml +++ b/kubernetes/manifests/ingress.yaml @@ -1,22 +1,23 @@ +# Source: krawl-chart/templates/ingress.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: krawl-ingress + name: krawl namespace: krawl-system + labels: + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl + app.kubernetes.io/version: "1.0.0" spec: ingressClassName: traefik rules: - - host: krawl.example.com # Change to your domain - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: krawl-server - port: - number: 5000 - # tls: - # - hosts: - # - krawl.example.com - # secretName: krawl-tls + - host: "krawl.example.com" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: krawl + port: + number: 5000 diff --git a/kubernetes/manifests/network-policy.yaml b/kubernetes/manifests/network-policy.yaml index e765b36..7068531 100644 --- a/kubernetes/manifests/network-policy.yaml +++ b/kubernetes/manifests/network-policy.yaml @@ -1,29 +1,35 @@ +# Source: krawl-chart/templates/network-policy.yaml apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: krawl-network-policy + name: krawl namespace: krawl-system + labels: + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl + app.kubernetes.io/version: "1.0.0" spec: podSelector: matchLabels: - app: krawl-server + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl policyTypes: - - Ingress - - Egress + - Ingress + - Egress ingress: - - from: - - podSelector: {} - - namespaceSelector: {} - - ipBlock: - cidr: 0.0.0.0/0 - ports: - - protocol: TCP - port: 5000 + - from: + - podSelector: {} + - namespaceSelector: {} + - ipBlock: + cidr: 0.0.0.0/0 + ports: + - port: 5000 + protocol: TCP egress: - - to: - - namespaceSelector: {} - - ipBlock: - cidr: 0.0.0.0/0 - ports: - - protocol: TCP - - protocol: UDP + - ports: + - protocol: TCP + - protocol: UDP + to: + - namespaceSelector: {} + - ipBlock: + cidr: 0.0.0.0/0 diff --git a/kubernetes/manifests/pvc.yaml b/kubernetes/manifests/pvc.yaml index 6b771ff..526093d 100644 --- a/kubernetes/manifests/pvc.yaml +++ b/kubernetes/manifests/pvc.yaml @@ -1,10 +1,13 @@ +# Source: krawl-chart/templates/pvc.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: krawl-db namespace: krawl-system labels: - app: krawl-server + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl + app.kubernetes.io/version: "1.0.0" spec: accessModes: - ReadWriteOnce diff --git a/kubernetes/manifests/service.yaml b/kubernetes/manifests/service.yaml index 0f9291a..1b73cc0 100644 --- a/kubernetes/manifests/service.yaml +++ b/kubernetes/manifests/service.yaml @@ -1,10 +1,13 @@ +# Source: krawl-chart/templates/service.yaml apiVersion: v1 kind: Service metadata: - name: krawl-server + name: krawl namespace: krawl-system labels: - app: krawl-server + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl + app.kubernetes.io/version: "1.0.0" spec: type: LoadBalancer externalTrafficPolicy: Local @@ -14,8 +17,9 @@ spec: timeoutSeconds: 10800 ports: - port: 5000 - targetPort: 5000 + targetPort: http protocol: TCP name: http selector: - app: krawl-server + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl diff --git a/kubernetes/manifests/wordlists-configmap.yaml b/kubernetes/manifests/wordlists-configmap.yaml index cc541c6..279410e 100644 --- a/kubernetes/manifests/wordlists-configmap.yaml +++ b/kubernetes/manifests/wordlists-configmap.yaml @@ -1,217 +1,13 @@ +# Source: krawl-chart/templates/wordlists-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: krawl-wordlists namespace: krawl-system + labels: + app.kubernetes.io/name: krawl + app.kubernetes.io/instance: krawl + app.kubernetes.io/version: "1.0.0" data: wordlists.json: | - { - "usernames": { - "prefixes": [ - "admin", - "user", - "developer", - "root", - "system", - "db", - "api", - "service", - "deploy", - "test", - "prod", - "backup", - "monitor", - "jenkins", - "webapp" - ], - "suffixes": [ - "", - "_prod", - "_dev", - "_test", - "123", - "2024", - "_backup", - "_admin", - "01", - "02", - "_user", - "_service", - "_api" - ] - }, - "passwords": { - "prefixes": [ - "P@ssw0rd", - "Passw0rd", - "Admin", - "Secret", - "Welcome", - "System", - "Database", - "Secure", - "Master", - "Root" - ], - "simple": [ - "test", - "demo", - "temp", - "change", - "password", - "admin", - "letmein", - "welcome", - "default", - "sample" - ] - }, - "emails": { - "domains": [ - "example.com", - "company.com", - "localhost.com", - "test.com", - "domain.com", - "corporate.com", - "internal.net", - "enterprise.com", - "business.org" - ] - }, - "api_keys": { - "prefixes": [ - "sk_live_", - "sk_test_", - "api_", - "key_", - "token_", - "access_", - "secret_", - "prod_", - "" - ] - }, - "databases": { - "names": [ - "production", - "prod_db", - "main_db", - "app_database", - "users_db", - "customer_data", - "analytics", - "staging_db", - "dev_database", - "wordpress", - "ecommerce", - "crm_db", - "inventory" - ], - "hosts": [ - "localhost", - "db.internal", - "mysql.local", - "postgres.internal", - "127.0.0.1", - "db-server-01", - "database.prod", - "sql.company.com" - ] - }, - "applications": { - "names": [ - "WebApp", - "API Gateway", - "Dashboard", - "Admin Panel", - "CMS", - "Portal", - "Manager", - "Console", - "Control Panel", - "Backend" - ] - }, - "users": { - "roles": [ - "Administrator", - "Developer", - "Manager", - "User", - "Guest", - "Moderator", - "Editor", - "Viewer", - "Analyst", - "Support" - ] - }, - "directory_listing": { - "files": [ - "admin.txt", - "test.exe", - "backup.sql", - "database.sql", - "db_backup.sql", - "dump.sql", - "config.php", - "credentials.txt", - "passwords.txt", - "users.csv", - ".env", - "id_rsa", - "id_rsa.pub", - "private_key.pem", - "api_keys.json", - "secrets.yaml", - "admin_notes.txt", - "settings.ini", - "database.yml", - "wp-config.php", - ".htaccess", - "server.key", - "cert.pem", - "shadow.bak", - "passwd.old" - ], - "directories": [ - "uploads/", - "backups/", - "logs/", - "temp/", - "cache/", - "private/", - "config/", - "admin/", - "database/", - "backup/", - "old/", - "archive/", - ".git/", - "keys/", - "credentials/" - ] - }, - "error_codes": [ - 400, - 401, - 403, - 404, - 500, - 502, - 503 - ], - "server_headers": [ - "Apache/2.2.22 (Ubuntu)", - "nginx/1.18.0", - "Microsoft-IIS/10.0", - "LiteSpeed", - "Caddy", - "Gunicorn/20.0.4", - "uvicorn/0.13.4", - "Express", - "Flask/1.1.2", - "Django/3.1" - ] - } + {"api_keys":{"prefixes":["sk_live_","sk_test_","api_","key_","token_","access_","secret_","prod_",""]},"applications":{"names":["WebApp","API Gateway","Dashboard","Admin Panel","CMS","Portal","Manager","Console","Control Panel","Backend"]},"databases":{"hosts":["localhost","db.internal","mysql.local","postgres.internal","127.0.0.1","db-server-01","database.prod","sql.company.com"],"names":["production","prod_db","main_db","app_database","users_db","customer_data","analytics","staging_db","dev_database","wordpress","ecommerce","crm_db","inventory"]},"directory_listing":{"directories":["uploads/","backups/","logs/","temp/","cache/","private/","config/","admin/","database/","backup/","old/","archive/",".git/","keys/","credentials/"],"files":["admin.txt","test.exe","backup.sql","database.sql","db_backup.sql","dump.sql","config.php","credentials.txt","passwords.txt","users.csv",".env","id_rsa","id_rsa.pub","private_key.pem","api_keys.json","secrets.yaml","admin_notes.txt","settings.ini","database.yml","wp-config.php",".htaccess","server.key","cert.pem","shadow.bak","passwd.old"]},"emails":{"domains":["example.com","company.com","localhost.com","test.com","domain.com","corporate.com","internal.net","enterprise.com","business.org"]},"error_codes":[400,401,403,404,500,502,503],"passwords":{"prefixes":["P@ssw0rd","Passw0rd","Admin","Secret","Welcome","System","Database","Secure","Master","Root"],"simple":["test","demo","temp","change","password","admin","letmein","welcome","default","sample"]},"server_headers":["Apache/2.2.22 (Ubuntu)","nginx/1.18.0","Microsoft-IIS/10.0","LiteSpeed","Caddy","Gunicorn/20.0.4","uvicorn/0.13.4","Express","Flask/1.1.2","Django/3.1"],"usernames":{"prefixes":["admin","user","developer","root","system","db","api","service","deploy","test","prod","backup","monitor","jenkins","webapp"],"suffixes":["","_prod","_dev","_test","123","2024","_backup","_admin","01","02","_user","_service","_api"]},"users":{"roles":["Administrator","Developer","Manager","User","Guest","Moderator","Editor","Viewer","Analyst","Support"]}} diff --git a/src/config.py b/src/config.py index d3252e7..3e5983f 100644 --- a/src/config.py +++ b/src/config.py @@ -232,6 +232,9 @@ def override_config_from_env(config: Config = None): setattr(config, field, int(env_value)) elif field_type == float: setattr(config, field, float(env_value)) + elif field_type == bool: + # Handle boolean values (case-insensitive: true/false, yes/no, 1/0) + setattr(config, field, env_value.lower() in ("true", "yes", "1")) elif field_type == Tuple[int, int]: parts = env_value.split(",") if len(parts) == 2: