232 lines
7.2 KiB
YAML
232 lines
7.2 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: krawl-system
|
|
---
|
|
# Source: krawl-chart/templates/network-policy.yaml
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: krawl
|
|
namespace: krawl-system
|
|
labels:
|
|
app.kubernetes.io/name: krawl
|
|
app.kubernetes.io/instance: krawl
|
|
app.kubernetes.io/version: "1.0.0"
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: krawl
|
|
app.kubernetes.io/instance: krawl
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
- from:
|
|
- podSelector: {}
|
|
- namespaceSelector: {}
|
|
- ipBlock:
|
|
cidr: 0.0.0.0/0
|
|
ports:
|
|
- port: 5000
|
|
protocol: TCP
|
|
egress:
|
|
- ports:
|
|
- protocol: TCP
|
|
- protocol: UDP
|
|
to:
|
|
- namespaceSelector: {}
|
|
- ipBlock:
|
|
cidr: 0.0.0.0/0
|
|
---
|
|
# Source: krawl-chart/templates/configmap.yaml
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: krawl-config
|
|
namespace: krawl-system
|
|
labels:
|
|
app.kubernetes.io/name: krawl
|
|
app.kubernetes.io/instance: krawl
|
|
app.kubernetes.io/version: "1.0.0"
|
|
data:
|
|
config.yaml: |
|
|
# Krawl Honeypot Configuration
|
|
server:
|
|
port: 5000
|
|
delay: 100
|
|
links:
|
|
min_length: 5
|
|
max_length: 15
|
|
min_per_page: 10
|
|
max_per_page: 15
|
|
char_space: "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
|
|
max_counter: 10
|
|
canary:
|
|
token_url: null
|
|
token_tries: 10
|
|
dashboard:
|
|
secret_path: null
|
|
database:
|
|
path: "data/krawl.db"
|
|
retention_days: 30
|
|
behavior:
|
|
probability_error_codes: 0
|
|
analyzer:
|
|
http_risky_methods_threshold: 0.1
|
|
violated_robots_threshold: 0.1
|
|
uneven_request_timing_threshold: 0.5
|
|
uneven_request_timing_time_window_seconds: 300
|
|
user_agents_used_threshold: 2
|
|
attack_urls_threshold: 1
|
|
crawl:
|
|
infinite_pages_for_malicious: true
|
|
max_pages_limit: 250
|
|
ban_duration_seconds: 600
|
|
---
|
|
# Source: krawl-chart/templates/wordlists-configmap.yaml
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: krawl-wordlists
|
|
namespace: krawl-system
|
|
labels:
|
|
app.kubernetes.io/name: krawl
|
|
app.kubernetes.io/instance: krawl
|
|
app.kubernetes.io/version: "1.0.0"
|
|
data:
|
|
wordlists.json: |
|
|
{"api_keys":{"prefixes":["sk_live_","sk_test_","api_","key_","token_","access_","secret_","prod_",""]},"applications":{"names":["WebApp","API Gateway","Dashboard","Admin Panel","CMS","Portal","Manager","Console","Control Panel","Backend"]},"databases":{"hosts":["localhost","db.internal","mysql.local","postgres.internal","127.0.0.1","db-server-01","database.prod","sql.company.com"],"names":["production","prod_db","main_db","app_database","users_db","customer_data","analytics","staging_db","dev_database","wordpress","ecommerce","crm_db","inventory"]},"directory_listing":{"directories":["uploads/","backups/","logs/","temp/","cache/","private/","config/","admin/","database/","backup/","old/","archive/",".git/","keys/","credentials/"],"files":["admin.txt","test.exe","backup.sql","database.sql","db_backup.sql","dump.sql","config.php","credentials.txt","passwords.txt","users.csv",".env","id_rsa","id_rsa.pub","private_key.pem","api_keys.json","secrets.yaml","admin_notes.txt","settings.ini","database.yml","wp-config.php",".htaccess","server.key","cert.pem","shadow.bak","passwd.old"]},"emails":{"domains":["example.com","company.com","localhost.com","test.com","domain.com","corporate.com","internal.net","enterprise.com","business.org"]},"error_codes":[400,401,403,404,500,502,503],"passwords":{"prefixes":["P@ssw0rd","Passw0rd","Admin","Secret","Welcome","System","Database","Secure","Master","Root"],"simple":["test","demo","temp","change","password","admin","letmein","welcome","default","sample"]},"server_headers":["Apache/2.2.22 (Ubuntu)","nginx/1.18.0","Microsoft-IIS/10.0","LiteSpeed","Caddy","Gunicorn/20.0.4","uvicorn/0.13.4","Express","Flask/1.1.2","Django/3.1"],"usernames":{"prefixes":["admin","user","developer","root","system","db","api","service","deploy","test","prod","backup","monitor","jenkins","webapp"],"suffixes":["","_prod","_dev","_test","123","2024","_backup","_admin","01","02","_user","_service","_api"]},"users":{"roles":["Administrator","Developer","Manager","User","Guest","Moderator","Editor","Viewer","Analyst","Support"]}}
|
|
---
|
|
# Source: krawl-chart/templates/pvc.yaml
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: krawl-db
|
|
namespace: krawl-system
|
|
labels:
|
|
app.kubernetes.io/name: krawl
|
|
app.kubernetes.io/instance: krawl
|
|
app.kubernetes.io/version: "1.0.0"
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
---
|
|
# Source: krawl-chart/templates/service.yaml
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: krawl
|
|
namespace: krawl-system
|
|
labels:
|
|
app.kubernetes.io/name: krawl
|
|
app.kubernetes.io/instance: krawl
|
|
app.kubernetes.io/version: "1.0.0"
|
|
spec:
|
|
type: LoadBalancer
|
|
externalTrafficPolicy: Local
|
|
sessionAffinity: ClientIP
|
|
sessionAffinityConfig:
|
|
clientIP:
|
|
timeoutSeconds: 10800
|
|
ports:
|
|
- port: 5000
|
|
targetPort: http
|
|
protocol: TCP
|
|
name: http
|
|
selector:
|
|
app.kubernetes.io/name: krawl
|
|
app.kubernetes.io/instance: krawl
|
|
---
|
|
# Source: krawl-chart/templates/deployment.yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: krawl
|
|
namespace: krawl-system
|
|
labels:
|
|
app.kubernetes.io/name: krawl
|
|
app.kubernetes.io/instance: krawl
|
|
app.kubernetes.io/version: "1.0.0"
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: krawl
|
|
app.kubernetes.io/instance: krawl
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: krawl
|
|
app.kubernetes.io/instance: krawl
|
|
spec:
|
|
containers:
|
|
- name: krawl-chart
|
|
image: "ghcr.io/blessedrebus/krawl:1.0.0"
|
|
imagePullPolicy: Always
|
|
ports:
|
|
- name: http
|
|
containerPort: 5000
|
|
protocol: TCP
|
|
env:
|
|
- name: CONFIG_LOCATION
|
|
value: "config.yaml"
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /app/config.yaml
|
|
subPath: config.yaml
|
|
readOnly: true
|
|
- name: wordlists
|
|
mountPath: /app/wordlists.json
|
|
subPath: wordlists.json
|
|
readOnly: true
|
|
- name: database
|
|
mountPath: /app/data
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 256Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 64Mi
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: krawl-config
|
|
- name: wordlists
|
|
configMap:
|
|
name: krawl-wordlists
|
|
- name: database
|
|
persistentVolumeClaim:
|
|
claimName: krawl-db
|
|
---
|
|
# Source: krawl-chart/templates/ingress.yaml
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: krawl
|
|
namespace: krawl-system
|
|
labels:
|
|
app.kubernetes.io/name: krawl
|
|
app.kubernetes.io/instance: krawl
|
|
app.kubernetes.io/version: "1.0.0"
|
|
spec:
|
|
ingressClassName: traefik
|
|
rules:
|
|
- host: "krawl.example.com"
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: krawl
|
|
port:
|
|
number: 5000
|