Malin/krawl.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
70 Commits 1 Branch 0 Tags
e8a79ef970511f0aa6f3169e8e86741cc889e1c8
Commit Graph

70 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Patrick Di Fazio
e8a79ef970 Merge pull request #29 from BlessedRebuS/feat/scoring-alogorithm 
Feat/scoring alogorithm
 2026-01-07 18:50:44 +01:00
Phillip Tarrant
b6c3710ca3 Merge branch 'dev' into feat/scoring-alogorithm 2026-01-07 11:43:58 -06:00
Patrick Di Fazio
7690841029 added categorization visualization and itmeline 2026-01-07 18:24:43 +01:00
Patrick Di Fazio
02aed9e65a added drop down menu and scoring graph to the dashboard 2026-01-06 18:50:36 +01:00
Patrick Di Fazio
190d74e1a7 modified krawl template for single page visualization 2026-01-05 17:27:27 +01:00
Patrick Di Fazio
4478c60956 added krawl homepage to templates 2026-01-05 17:07:10 +01:00
Patrick Di Fazio
bd8c326918 tuned weights 2026-01-05 16:54:43 +01:00
Leonardo Bambini
bf02fdb351 modified default analyzer values 2026-01-05 10:01:51 +01:00
Leonardo Bambini
ff98a77e1a parametrized into config.yaml + bug fix 2026-01-04 22:20:10 +01:00
Leonardo Bambini
48f38cb28e added scoring system + db model modifications 2026-01-04 19:12:23 +01:00
Patrick Di Fazio
604eba6c82 Merge pull request #27 from BlessedRebuS/chore/fix-merge-conflicts 
Sync Main and Dev with All Feature Branches
 2026-01-04 17:10:57 +01:00
Phillip Tarrant
07efa5bd40 Merge branch 'feat/config-yaml' into chore/fix-merge-conflicts 2026-01-03 14:45:32 -06:00
Phillip Tarrant
cde279960a adding feat/sql 2026-01-03 14:42:14 -06:00
Phillip Tarrant
7bd9d5055c fixing merge issues with main 2026-01-03 14:40:31 -06:00
Phillip Tarrant
4d1fd5491d Merge pull request #26 from BlessedRebuS/feat/add-deception-features 
Feat/add deception features
 2026-01-03 14:01:02 -06:00
Phillip Tarrant
4c490e30cb fixing dashboard to ensure starts with forward slash, put back the server_header option to allow pinning 2026-01-03 13:56:16 -06:00
Patrick Di Fazio
4a1d1cf7be added random SQL errors, random server errors, XSS baits 2026-01-03 17:16:37 +01:00
Patrick Di Fazio
5f8bb73546 added random SQL errors, random server errors, XSS baits 2026-01-03 17:14:58 +01:00
Phillip Tarrant
349c149335 Add logs directory bind mount with entrypoint permission fix 
- Add ./logs:/app/logs volume mount to docker-compose.yaml for log access
  - Create entrypoint.sh script that fixes directory ownership at startup
  - Install gosu in Dockerfile for secure privilege dropping
  - Use ENTRYPOINT to run permission fix as root, then drop to krawl user

  This ensures bind-mounted directories have correct permissions even when
  Docker creates them as root on the host.
 2026-01-02 13:52:51 -06:00
Phillip Tarrant
d458eb471d Migrate configuration from environment variables to YAML file 
- Add YAML-based configuration loaded from config.yaml (CONFIG_LOCATION env var)
  - Add PyYAML dependency and install requirements in Dockerfile
  - Replace Config.from_env() with get_config() singleton pattern
  - Remove server_header from config (now randomized from wordlists only)
  - Update docker-compose.yaml to mount config.yaml read-only
  - Update Helm chart: restructure values.yaml, generate config.yaml in ConfigMap
  - Update Kubernetes manifests: ConfigMap now contains config.yaml, deployments mount it
  - Remove Helm secret.yaml (dashboard path now auto-generated in config.yaml)
 2026-01-02 13:39:54 -06:00
Phillip Tarrant
5a00e374e6 Merge pull request #21 from BlessedRebuS/fix/add-kubernetes-db-config 
added db config for kubernetes and helm
 2025-12-30 06:03:47 -06:00
Patrick Di Fazio
c55b1375ad added db config for kubernetes and helm 2025-12-30 12:12:42 +01:00
Patrick Di Fazio
bf73bc7e2c Update README with demo and dashboard information 
Removed old sections and reorganized demo and dashboard links.
 2025-12-30 00:59:36 +01:00
Patrick Di Fazio
5ba02d3d0c Update README.md 2025-12-30 00:59:31 +01:00
Patrick Di Fazio
5a808c330c Update README.md 2025-12-30 00:59:15 +01:00
Patrick Di Fazio
0b1e9537d2 Added demo 2025-12-30 00:59:15 +01:00
Patrick Di Fazio
852a15976f Added demo 2025-12-30 00:59:15 +01:00
Patrick Di Fazio
828f04261f Added POST log and dashboard for used credentials 2025-12-30 00:59:15 +01:00
Phillip Tarrant
d13ceb4888 Added test script to show the server header 2025-12-30 00:59:15 +01:00
Phillip Tarrant
1486dfc913 Add configurable HTTP Server header for deception 
Add SERVER_HEADER environment variable to customize the HTTP Server
  response header, defaulting to Apache/2.2.22 (Ubuntu). This allows the
  honeypot to masquerade as different web servers to attract attackers.

  - Add server_header field to Config dataclass
  - Override version_string() in Handler to return configured header
  - Update documentation and all deployment configs
 2025-12-30 00:59:15 +01:00
Patrick Di Fazio
ee0dac91ba Merge pull request #20 from BlessedRebuS/BlessedRebuS-patch-1 
Fix indentation for server_header in config.py
 2025-12-30 00:32:39 +01:00
Patrick Di Fazio
354f8bf895 Fix indentation for server_header in config.py 2025-12-30 00:24:36 +01:00
Patrick Di Fazio
844e99f9ef Merge pull request #17 from leonardobambini/feat/randomized-server-header 
Feat/randomized server header
 2025-12-30 00:14:28 +01:00
Patrick Di Fazio
12dcf5ba39 Merge branch 'dev' into feat/randomized-server-header 2025-12-30 00:14:14 +01:00
Patrick Di Fazio
954017f638 Merge pull request #15 from BlessedRebuS/feat/sqlite3-storage 
Feat/sqlite3 storage
 2025-12-30 00:11:41 +01:00
Patrick Di Fazio
cddad984c3 Added timezone to helm values 2025-12-30 00:03:44 +01:00
Patrick Di Fazio
8a645c22e6 Merge branch 'dev' into feat/randomized-server-header 2025-12-30 00:02:44 +01:00
Patrick Di Fazio
06ffa2c480 Added wordlists and server header logic to helm 2025-12-29 23:57:37 +01:00
Leonardo Bambini
a9808599dc Added random server header and changed behavior of SERVER_HEADER env var 2025-12-29 18:55:44 +01:00
Leonardo Bambini
c2c43ac985 Added randomized server header and changed behavior of SERVER_HEADER env var 2025-12-29 18:51:37 +01:00
Phillip Tarrant
66b4d8fe6a adding pip and requirements to docker install and exposing data/krawl.db via docker-compose.yaml 2025-12-28 14:24:52 -06:00
Phillip Tarrant
a4baedffd9 updated dashboard to pull data from db. This closes issue #10 2025-12-28 13:56:23 -06:00
Phillip Tarrant
6487cb493d Merge branch 'dev' into feat/sqlite3-storage 2025-12-28 11:08:10 -06:00
Phillip Tarrant
f1c142c53d feat: add SQLite persistent storage for request logging 
- Add SQLAlchemy-based database layer for persistent storage
  - Create models for access_logs, credential_attempts, attack_detections, ip_stats
  - Include fields for future GeoIP and reputation enrichment
  - Implement sanitization utilities to protect against malicious payloads
  - Fix XSS vulnerability in dashboard template (HTML escape all user data)
  - Add DATABASE_PATH and DATABASE_RETENTION_DAYS config options
  - Dual storage: in-memory for dashboard performance + SQLite for persistence

  New files:
  - src/models.py - SQLAlchemy ORM models
  - src/database.py - DatabaseManager singleton
  - src/sanitizer.py - Input sanitization and HTML escaping
  - requirements.txt - SQLAlchemy dependency

  Security protections:
  - Parameterized queries via SQLAlchemy ORM
  - Field length limits to prevent storage exhaustion
  - Null byte and control character stripping
  - HTML escaping on dashboard output
 2025-12-28 10:43:32 -06:00
Patrick Di Fazio
a1a5e406b0 Merge pull request #14 from BlessedRebuS/beta 
Beta merge into dev to sync
 2025-12-28 17:40:02 +01:00
Phillip Tarrant
33132c708b Merge pull request #13 from BlessedRebuS/feat/allow-timezone-env-variable 
Added timezone env variable handling
 2025-12-28 10:35:48 -06:00
Patrick Di Fazio
6556e17f91 Added timezone env variable handling 2025-12-28 17:07:18 +01:00
Patrick Di Fazio
499760c939 Merge pull request #12 from BlessedRebuS/feat/log-post-credentials 
Added POST log and dashboard for used credentials
 2025-12-27 19:30:24 +01:00
Patrick Di Fazio
61ba574e92 Added POST log and dashboard for used credentials 2025-12-27 19:17:27 +01:00
Patrick Di Fazio
438646d646 Merge pull request #3 from ptarrant/feat/logging-system 
Add rotating file logging system with app and access loggers
 2025-12-27 00:22:44 +01:00