diff --git a/README.md b/README.md index f334fd2..0a9fed4 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ HellPot is an endless honeypot based on [Heffalump](https://github.com/carlmjohn Notably it implements a [toml configuration file](https://github.com/spf13/viper), has [JSON logging](https://github.com/rs/zerolog), and comes with significant performance gains. - ![Exploding Heffalump](hellgif.gif) + ![Exploding Heffalump](https://tcp.ac/i/H8O9M.gif) ## Grave Consequences @@ -58,8 +58,8 @@ In the event of a missing configuration file, HellPot will attempt to place it's 666 ) ๐™อ˜อ๐™ฬ“อƒอ›๐™šอ‘อ„อ€ ๐™จอ†อ อ๐™ อ‘ฬพอŒ๐™ฎฬฝอŒอ† ๐™žอƒฬ”ฬ”๐™จอ’ออ ๐™›อ‘ฬšอ„๐™–อ›อ’๐™กอ‘อ†ฬฝ๐™กฬšฬพฬš๐™žอ‹ฬ’ฬ’๐™ฃฬพออ›๐™œอ’ฬ’อ€.อฬ”อโ€‹ -## Example Config (toml) - +## Configuration Reference + ```toml [deception] # Used as "Server" HTTP header. Note that reverse proxies may hide this. @@ -70,6 +70,10 @@ In the event of a missing configuration file, HellPot will attempt to place it's bind_addr = "127.0.0.1" bind_port = "8080" + # this contains a list of blacklisted useragent strings. (case sensitive) + # clients with useragents containing any of these strings will receive "Not found" for any requests. + uagent_string_blacklist = ["Cloudflare-Traffic-Manager", "curl"] + # Unix Socket Listener (will override default) unix_socket_path = "/var/run/hellpot" unix_socket_permissions = "0666" @@ -88,8 +92,11 @@ In the event of a missing configuration file, HellPot will attempt to place it's debug = true # extra verbose (-vv) trace = false + # JSON log files will be storn in the below directory. directory = "/home/kayos/.config/HellPot/logs/" + # disable all color in console output. when using Windows this will default to true. nocolor = false + # toggles the use of the current date as the names for new log files. use_date_filename = true [performance] diff --git a/config/config.go b/config/config.go index 7cd87d4..8a1dac0 100644 --- a/config/config.go +++ b/config/config.go @@ -158,7 +158,8 @@ func processOpts() { } // string slice options and their exported variables strSliceOpt := map[string]*[]string{ - "http.router.paths": &Paths, + "http.router.paths": &Paths, + "http.uagent_string_blacklist": &UseragentBlacklistMatchers, } // bool options and their exported variables boolOpt := map[string]*bool{ diff --git a/config/declarations.go b/config/declarations.go index 361d6c9..bc510d1 100644 --- a/config/declarations.go +++ b/config/declarations.go @@ -2,7 +2,7 @@ package config const ( // Version roughly represents the applications current version. - Version = "0.3.1" + Version = "0.4.0" // Title is the name of the application used throughout the configuration process. Title = "HellPot" ) @@ -38,6 +38,11 @@ var ( // if UseUnixSocket, also defined via our toml configuration file, is set to true. UnixSocketPath = "" UnixSocketPermissions uint32 + + // UseragentBlacklistMatchers contains useragent matches checked for with strings.Contains() that + // prevent HellPot from firing off. + // See: https://github.com/yunginnanet/HellPot/issues/23 + UseragentBlacklistMatchers []string ) // "performance" diff --git a/config/defaults.go b/config/defaults.go index 9718c9d..4621a9b 100644 --- a/config/defaults.go +++ b/config/defaults.go @@ -32,6 +32,7 @@ var defOpts = map[string]map[string]interface{}{ "unix_socket_permissions": "0666", "bind_addr": "127.0.0.1", "bind_port": "8080", + "router": map[string]interface{}{ "catchall": false, "makerobots": true, @@ -40,6 +41,9 @@ var defOpts = map[string]map[string]interface{}{ "wp-login", }, }, + "uagent_string_blacklist": []string{ + "Cloudflare-Traffic-Manager", + }, }, "performance": { "restrict_concurrency": false, diff --git a/go.mod b/go.mod index 7c6cc85..779679f 100644 --- a/go.mod +++ b/go.mod @@ -4,10 +4,10 @@ go 1.18 require ( git.tcp.direct/kayos/common/squish v0.0.0-20220210125455-40e3d2190a52 - github.com/fasthttp/router v1.4.8 + github.com/fasthttp/router v1.4.9 github.com/rs/zerolog v1.26.1 github.com/spf13/viper v1.11.0 - github.com/valyala/fasthttp v1.35.0 + github.com/valyala/fasthttp v1.36.0 ) require ( diff --git a/go.sum b/go.sum index bacffb5..41d0beb 100644 --- a/go.sum +++ b/go.sum @@ -60,15 +60,14 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/fasthttp/router v1.4.8 h1:4zj4sAzXibjA6ZW19MdMe3GaYD1SM+TXrMLzHcVMBOI= -github.com/fasthttp/router v1.4.8/go.mod h1:UUtJdXFYlqYRQ32EAtWOvNYIZ1XfyC5JJIknWai6foI= +github.com/fasthttp/router v1.4.9 h1:8s1HEqP+GvsC2B8vPdLAPHJegs4s28z7UsraPuHM1K8= +github.com/fasthttp/router v1.4.9/go.mod h1:oWPrQCi9QOrzxKC+rZuliS1+JhYj2bpR01J6T8vUDUQ= github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -181,8 +180,8 @@ github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= -github.com/valyala/fasthttp v1.35.0 h1:wwkR8mZn2NbigFsaw2Zj5r+xkmzjbrA/lyTmiSlal/Y= -github.com/valyala/fasthttp v1.35.0/go.mod h1:t/G+3rLek+CyY9bnIE+YlMRddxVAAGjhxndDB4i4C0I= +github.com/valyala/fasthttp v1.36.0 h1:NhqfO/cB7Ajn1czkKnWkMHyPYr5nyND14ZGPk23g0/c= +github.com/valyala/fasthttp v1.36.0/go.mod h1:t/G+3rLek+CyY9bnIE+YlMRddxVAAGjhxndDB4i4C0I= github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= diff --git a/hellgif.gif b/hellgif.gif deleted file mode 100644 index 35943dc..0000000 Binary files a/hellgif.gif and /dev/null differ diff --git a/http/router.go b/http/router.go index 7eb12f2..35536ad 100644 --- a/http/router.go +++ b/http/router.go @@ -3,7 +3,9 @@ package http import ( "bufio" "fmt" + "net/http" "runtime" + "strings" "time" "github.com/fasthttp/router" @@ -31,11 +33,20 @@ func hellPot(ctx *fasthttp.RequestCtx) { } remoteAddr := getRealRemote(ctx) + slog := log.With(). Str("USERAGENT", string(ctx.UserAgent())). Str("REMOTE_ADDR", remoteAddr). Interface("URL", string(ctx.RequestURI())).Logger() + for _, denied := range config.UseragentBlacklistMatchers { + if strings.Contains(string(ctx.UserAgent()), denied) { + slog.Trace().Msg("Ignoring useragent") + ctx.Error("Not found", http.StatusNotFound) + return + } + } + if config.Trace { slog = slog.With().Str("caller", path).Logger() }