Added randomized server header and changed behavior of SERVER_HEADER env var
This commit is contained in:
Leonardo Bambini
@@ -46,5 +46,5 @@ class Config:
|
|||||||
api_server_port=int(os.getenv('API_SERVER_PORT', 8080)),
|
api_server_port=int(os.getenv('API_SERVER_PORT', 8080)),
|
||||||
api_server_path=os.getenv('API_SERVER_PATH', '/api/v2/users'),
|
api_server_path=os.getenv('API_SERVER_PATH', '/api/v2/users'),
|
||||||
probability_error_codes=int(os.getenv('PROBABILITY_ERROR_CODES', 5)),
|
probability_error_codes=int(os.getenv('PROBABILITY_ERROR_CODES', 5)),
|
||||||
server_header=os.getenv('SERVER_HEADER', 'Apache/2.2.22 (Ubuntu)')
|
server_header=os.getenv('SERVER_HEADER')
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -9,7 +9,8 @@ import string
|
|||||||
import json
|
import json
|
||||||
from templates import html_templates
|
from templates import html_templates
|
||||||
from wordlists import get_wordlists
|
from wordlists import get_wordlists
|
||||||
|
from config import Config
|
||||||
|
from logger import get_app_logger
|
||||||
|
|
||||||
def random_username() -> str:
|
def random_username() -> str:
|
||||||
"""Generate random username"""
|
"""Generate random username"""
|
||||||
@@ -36,6 +37,16 @@ def random_email(username: str = None) -> str:
|
|||||||
username = random_username()
|
username = random_username()
|
||||||
return f"{username}@{random.choice(wl.email_domains)}"
|
return f"{username}@{random.choice(wl.email_domains)}"
|
||||||
|
|
||||||
|
def random_server_header() -> str:
|
||||||
|
"""Generate random server header"""
|
||||||
|
|
||||||
|
if Config.from_env().server_header:
|
||||||
|
server_header = Config.from_env().server_header
|
||||||
|
else:
|
||||||
|
wl = get_wordlists()
|
||||||
|
server_header = random.choice(wl.server_headers)
|
||||||
|
|
||||||
|
return server_header
|
||||||
|
|
||||||
def random_api_key() -> str:
|
def random_api_key() -> str:
|
||||||
"""Generate random API key"""
|
"""Generate random API key"""
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ from templates import html_templates
|
|||||||
from templates.dashboard_template import generate_dashboard
|
from templates.dashboard_template import generate_dashboard
|
||||||
from generators import (
|
from generators import (
|
||||||
credentials_txt, passwords_txt, users_json, api_keys_json,
|
credentials_txt, passwords_txt, users_json, api_keys_json,
|
||||||
api_response, directory_listing
|
api_response, directory_listing, random_server_header
|
||||||
)
|
)
|
||||||
from wordlists import get_wordlists
|
from wordlists import get_wordlists
|
||||||
|
|
||||||
@@ -52,7 +52,7 @@ class Handler(BaseHTTPRequestHandler):
|
|||||||
|
|
||||||
def version_string(self) -> str:
|
def version_string(self) -> str:
|
||||||
"""Return custom server version for deception."""
|
"""Return custom server version for deception."""
|
||||||
return self.config.server_header
|
return random_server_header()
|
||||||
|
|
||||||
def _should_return_error(self) -> bool:
|
def _should_return_error(self) -> bool:
|
||||||
"""Check if we should return an error based on probability"""
|
"""Check if we should return an error based on probability"""
|
||||||
|
|||||||
@@ -57,7 +57,8 @@ class Wordlists:
|
|||||||
},
|
},
|
||||||
"users": {
|
"users": {
|
||||||
"roles": ["Administrator", "User"]
|
"roles": ["Administrator", "User"]
|
||||||
}
|
},
|
||||||
|
"server_headers": ["Apache/2.4.41 (Ubuntu)", "nginx/1.18.0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
@property
|
@property
|
||||||
@@ -111,6 +112,10 @@ class Wordlists:
|
|||||||
@property
|
@property
|
||||||
def error_codes(self):
|
def error_codes(self):
|
||||||
return self._data.get("error_codes", [])
|
return self._data.get("error_codes", [])
|
||||||
|
|
||||||
|
@property
|
||||||
|
def server_headers(self):
|
||||||
|
return self._data.get("server_headers", [])
|
||||||
|
|
||||||
|
|
||||||
_wordlists_instance = None
|
_wordlists_instance = None
|
||||||
|
|||||||
Reference in New Issue
Block a user