Merge pull request #32 (development -> master)

README.md

@@ -8,7 +8,7 @@ HellPot is an endless honeypot based on [Heffalump](https://github.com/carlmjohn
 
 Notably it implements a [toml configuration file](https://github.com/spf13/viper), has [JSON logging](https://github.com/rs/zerolog), and comes with significant performance gains.
   
- ![Exploding Heffalump](hellgif.gif)
+ ![Exploding Heffalump](https://tcp.ac/i/H8O9M.gif)
 
 ## Grave Consequences
 
@@ -58,8 +58,8 @@ In the event of a missing configuration file, HellPot will attempt to place it's
 
 666 ) 𝙏͘͝𝙝̓̓͛𝙚͑̈́̀ 𝙨͆͠͝𝙠͑̾͌𝙮̽͌͆ 𝙞̓̔̔𝙨͒͐͝ 𝙛͑̈́̚𝙖͛͒𝙡͑͆̽𝙡̾̚̚𝙞͋̒̒𝙣̾͛͝𝙜͒̒̀.́̔͝​
 
-## Example Config (toml) 
-   
+## Configuration Reference 
+
 ```toml
 [deception]
   # Used as "Server" HTTP header. Note that reverse proxies may hide this.
@@ -70,6 +70,10 @@ In the event of a missing configuration file, HellPot will attempt to place it's
   bind_addr = "127.0.0.1"
   bind_port = "8080"
 
+  # this contains a list of blacklisted useragent strings. (case sensitive)
+  # clients with useragents containing any of these strings will receive "Not found" for any requests.
+  uagent_string_blacklist = ["Cloudflare-Traffic-Manager", "curl"]
+
   # Unix Socket Listener (will override default)
   unix_socket_path = "/var/run/hellpot"
   unix_socket_permissions = "0666"
@@ -88,8 +92,11 @@ In the event of a missing configuration file, HellPot will attempt to place it's
   debug = true
   # extra verbose (-vv)
   trace = false
+  # JSON log files will be storn in the below directory. 
   directory = "/home/kayos/.config/HellPot/logs/"
+  # disable all color in console output. when using Windows this will default to true.
   nocolor = false
+  # toggles the use of the current date as the names for new log files.
   use_date_filename = true
 
 [performance]

config/config.go

@@ -158,7 +158,8 @@ func processOpts() {
 	}
 	// string slice options and their exported variables
 	strSliceOpt := map[string]*[]string{
-		"http.router.paths": &Paths,
+		"http.router.paths":            &Paths,
+		"http.uagent_string_blacklist": &UseragentBlacklistMatchers,
 	}
 	// bool options and their exported variables
 	boolOpt := map[string]*bool{

config/declarations.go

@@ -2,7 +2,7 @@ package config
 
 const (
 	// Version roughly represents the applications current version.
-	Version = "0.3.1"
+	Version = "0.4.0"
 	// Title is the name of the application used throughout the configuration process.
 	Title = "HellPot"
 )
@@ -38,6 +38,11 @@ var (
 	// if UseUnixSocket, also defined via our toml configuration file, is set to true.
 	UnixSocketPath        = ""
 	UnixSocketPermissions uint32
+
+	// UseragentBlacklistMatchers contains useragent matches checked for with strings.Contains() that
+	// prevent HellPot from firing off.
+	// See: https://github.com/yunginnanet/HellPot/issues/23
+	UseragentBlacklistMatchers []string
 )
 
 // "performance"

config/defaults.go

@@ -32,6 +32,7 @@ var defOpts = map[string]map[string]interface{}{
 		"unix_socket_permissions": "0666",
 		"bind_addr":               "127.0.0.1",
 		"bind_port":               "8080",
+
 		"router": map[string]interface{}{
 			"catchall":   false,
 			"makerobots": true,
@@ -40,6 +41,9 @@ var defOpts = map[string]map[string]interface{}{
 				"wp-login",
 			},
 		},
+		"uagent_string_blacklist": []string{
+			"Cloudflare-Traffic-Manager",
+		},
 	},
 	"performance": {
 		"restrict_concurrency": false,

go.mod

@@ -4,10 +4,10 @@ go 1.18
 
 require (
 	git.tcp.direct/kayos/common/squish v0.0.0-20220210125455-40e3d2190a52
-	github.com/fasthttp/router v1.4.8
+	github.com/fasthttp/router v1.4.9
 	github.com/rs/zerolog v1.26.1
 	github.com/spf13/viper v1.11.0
-	github.com/valyala/fasthttp v1.35.0
+	github.com/valyala/fasthttp v1.36.0
 )
 
 require (

go.sum

@@ -60,15 +60,14 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
 github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/fasthttp/router v1.4.8 h1:4zj4sAzXibjA6ZW19MdMe3GaYD1SM+TXrMLzHcVMBOI=
-github.com/fasthttp/router v1.4.8/go.mod h1:UUtJdXFYlqYRQ32EAtWOvNYIZ1XfyC5JJIknWai6foI=
+github.com/fasthttp/router v1.4.9 h1:8s1HEqP+GvsC2B8vPdLAPHJegs4s28z7UsraPuHM1K8=
+github.com/fasthttp/router v1.4.9/go.mod h1:oWPrQCi9QOrzxKC+rZuliS1+JhYj2bpR01J6T8vUDUQ=
 github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
 github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -181,8 +180,8 @@ github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasthttp v1.35.0 h1:wwkR8mZn2NbigFsaw2Zj5r+xkmzjbrA/lyTmiSlal/Y=
-github.com/valyala/fasthttp v1.35.0/go.mod h1:t/G+3rLek+CyY9bnIE+YlMRddxVAAGjhxndDB4i4C0I=
+github.com/valyala/fasthttp v1.36.0 h1:NhqfO/cB7Ajn1czkKnWkMHyPYr5nyND14ZGPk23g0/c=
+github.com/valyala/fasthttp v1.36.0/go.mod h1:t/G+3rLek+CyY9bnIE+YlMRddxVAAGjhxndDB4i4C0I=
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

http/router.go

@@ -3,7 +3,9 @@ package http
 import (
 	"bufio"
 	"fmt"
+	"net/http"
 	"runtime"
+	"strings"
 	"time"
 
 	"github.com/fasthttp/router"
@@ -31,11 +33,20 @@ func hellPot(ctx *fasthttp.RequestCtx) {
 	}
 
 	remoteAddr := getRealRemote(ctx)
+
 	slog := log.With().
 		Str("USERAGENT", string(ctx.UserAgent())).
 		Str("REMOTE_ADDR", remoteAddr).
 		Interface("URL", string(ctx.RequestURI())).Logger()
 
+	for _, denied := range config.UseragentBlacklistMatchers {
+		if strings.Contains(string(ctx.UserAgent()), denied) {
+			slog.Trace().Msg("Ignoring useragent")
+			ctx.Error("Not found", http.StatusNotFound)
+			return
+		}
+	}
+
 	if config.Trace {
 		slog = slog.With().Str("caller", path).Logger()
 	}