aziascreations/Web-NibblePoker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added PHP minification, Removed years-old honeypot-related trash

Browse Source 
Update .htaccess, clean.bat, and 11 more files...
This commit is contained in:
Herwin Bozet (NibblePoker)
2023-08-13 21:21:06 +02:00
parent fc37c5926f
commit c3ab5544e1
13 changed files with 97 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
.htaccess
View File

@@ -27,8 +27,8 @@ AddType text/javascript .mjs
Options -Indexes +FollowSymlinks -ExecCGI Options -Indexes +FollowSymlinks -ExecCGI
ServerSignature Off ServerSignature Off
# Helping out with minified pages and/or pre-rendered ones first if available # Serving minified pages and/or pre-rendered ones first if available.
DirectoryIndex index.min.html index.min.php index.html index.php DirectoryIndex index.min.html index.min.php index.php index.html
# Custom error pages. # Custom error pages.
ErrorDocument 403 /error.php ErrorDocument 403 /error.php
@@ -41,13 +41,14 @@ ErrorDocument 404 /error.php
# Default: 12 hours # Default: 12 hours
##Header set Cache-Control "max-age=43200, public, must-revalidate" ##Header set Cache-Control "max-age=43200, public, must-revalidate"
##
# Static files: 1 Week
<FilesMatch "\.(?i:gif|jpe?g|png|ico|svg|woff2|ttf|woff|otf)$"> <FilesMatch "\.(?i:gif|jpe?g|png|ico|svg|woff2|ttf|woff|otf)$">
# Static files: 1 Week
Header set Cache-Control "max-age=604800, public, must-revalidate" Header set Cache-Control "max-age=604800, public, must-revalidate"
</FilesMatch> </FilesMatch>
# Semi-static files: 1 Day
##<FilesMatch "\.(?i:css|js|mjs)$"> ##<FilesMatch "\.(?i:css|js|mjs)$">
## # Semi-static files: 1 Day
## Header set Cache-Control "max-age=86400, public, must-revalidate" ## Header set Cache-Control "max-age=86400, public, must-revalidate"
##</FilesMatch> ##</FilesMatch>
@@ -87,27 +88,3 @@ RewriteEngine On
# Languages. (Does not work with a regex) # Languages. (Does not work with a regex)
RewriteRule ^en/(.*)$ /$1 [QSA] RewriteRule ^en/(.*)$ /$1 [QSA]
RewriteRule ^fr/(.*)$ /$1 [QSA] RewriteRule ^fr/(.*)$ /$1 [QSA]
# Honeypots. (Just to fuck with automated scanners, gotta love those unsolicited emails tho...)
# Sending a 404 for git and IDEs folders just in case they ever get copied to the web server,
# or if one of the honeypot files is acessed directly.
# A 404 is preferred to prevent further scanning of this folder and from raising some flags.
# FIXME: These rules break the later honeypot rules !!!
#RedirectMatch 404 ^.*\.?(git|vs(code)|idea).*
#RedirectMatch 404 ^.*honeypot.*
# Internal redirections for scanning and exploit attempts.
# These rules are here since they're easier to implement in the .htaccess.
#RewriteRule ^.*(install|xmlrpc)\.php.*$ /honeypot/file-php.php [QSA]
#RewriteRule ^.*\.xml.*$ /honeypot/file-xml.php [QSA]
#RewriteRule ^.*wlwmanifest\.xml.*$ /honeypot/file-xml-wlwmanifest.php [QSA]
#RewriteRule ^.*\.env.*$ /honeypot/file-env.php [QSA]
#RewriteRule ^.*(ap(i|p.*)|cms|sit[eo]|shop.*|wp.*).*$ /honeypot/folder.php [QSA]
# Cases left to handle:
# * /wp-admin/post.php?id=whatever
# * /public /vendor /storage
# * //vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
# TODO: Implement bee-movie themed tarpit once I have a rate-limiting solution in place !

24
clean.bat Normal file
View File

@@ -0,0 +1,24 @@
@echo off
setlocal enabledelayedexpansion
:: Going into the script's directory
cd /D "%~dp0"
:main
echo.
echo Cleaning up the project
echo -----------------------
:php-clean
echo Clearing old minified PHP files...
pushd %CD%
for /r "%CD%" %%F in (*.min.php) do (
echo ^> Deleting "%%F"
del "%%F"
)
echo ^> Done ^!
popd
:end
:: FIXME: Won't this close the terminal when not called ?
exit /b

2
commons/strings.json
View File

File diff suppressed because one or more lines are too long

42
compile.bat
View File

@@ -1,9 +1,15 @@
@echo off @echo off
setlocal enabledelayedexpansion
:: Going into the script's directory :: Going into the script's directory
cd /D "%~dp0" cd /D "%~dp0"
:clean
call "%~dp0clean.bat"
:clean-end
:lang :lang
echo. echo.
echo Handling the languages echo Handling the languages
@@ -95,16 +101,42 @@ call "%~dp0node_modules\.bin\terser" lang.js -c -m --toplevel -o lang.min.js
call "%~dp0node_modules\.bin\terser" formulas.js -c -m --toplevel -o formulas.min.js call "%~dp0node_modules\.bin\terser" formulas.js -c -m --toplevel -o formulas.min.js
call "%~dp0node_modules\.bin\terser" units.js -c -m --toplevel -o units.min.js call "%~dp0node_modules\.bin\terser" units.js -c -m --toplevel -o units.min.js
call "%~dp0node_modules\.bin\terser" formula-wizard.js -c -m --toplevel -o formula-wizard.min.js call "%~dp0node_modules\.bin\terser" formula-wizard.js -c -m --toplevel -o formula-wizard.min.js
:: We also minify the .php file to help with some weird spacing issues that cannot be fixed with CSS.
:: This issue is usually handled by the reverse-proxy or a middleware, but since I need to export a SPA, I can't rely
:: on it
cd ..
call "%~dp0node_modules\.bin\html-minifier-terser" --conservative-collapse --collapse-inline-tag-whitespace --collapse-whitespace --remove-comments --decode-entities -o page.min.php page.php
popd popd
:formula-wizard-end :formula-wizard-end
:php
echo.
echo Handling the PHP files
echo -----------------------
:php-minify
echo Minifying PHP files...
pushd %CD%
:: We minify the .php files to help with some weird spacing issues that cannot be fixed with CSS.
:: This issue is usually handled by the reverse-proxy or a middleware, but since I need to export SPA(s), I can't rely on it
for /r "%CD%" %%F in (*.php) do (
set inputPath=%%F
set outputPath=%%~dpnF.min.php
echo ^> "!inputPath!" =^> "!outputPath!"
call "%~dp0node_modules\.bin\html-minifier-terser" --conservative-collapse --collapse-inline-tag-whitespace ^
--collapse-whitespace --remove-comments --decode-entities --continue-on-parse-error -o "!outputPath!" "!inputPath!"
)
popd
:php-relink
echo Linking minified PHP files together...
pushd %CD%
:: We change every .php extension to .min.php in all the minified file.
:: I didn't use Python because it fails miserably with utf-8 symbols...
for /r "%CD%" %%F in (*.min.php) do (
node "%~dp0php-relinker.js" "%%F"
)
popd
:php-end
goto end goto end

27
honeypot/file-env.php
View File

@@ -1,27 +0,0 @@
<?php
echo("# This is a a .env file for use in local development.
# Duplicate this file as .env in the root of the project
# and update the environment variables to match your
# desired config.
#
# DO NOT MAKE THIS FILE PUBLICLY ACCESSIBLE !
# PostgreSQL connection string for the DB
DATABASE_URL=postgres://fib.gov:5432/i_am_dickish_script_kiddy
# Logs' level
LOG_LEVEL=trace
# The environment to run the application in
NODE_ENV=development
# The HTTP port to run the application on
PORT=69
# The secret to encrypt session IDs with
SESSION_SECRET=R2V0IGZ1Y2tlZCB5b3UgZnVja2luZyB0d2F0ICE=
# The secret to get access to the admin panel
ADMIN_SECRET=SmV0IGZ1ZWwgY2FuJ3QgbWVsdCBzdGVlbCBiZWFtLCBCdXNoIGRpZCA5LzEx=
");
?>

14
honeypot/file-php.php
View File

@@ -1,14 +0,0 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
</head>
<body>
<h1>Title</h1>
<p>PHP file jail</p>
</body>
</html>

46
honeypot/file-xml-wlwmanifest.php
View File

@@ -1,46 +0,0 @@
<?php
header('Content-Type: text/xml; charset=utf-8');
echo("<?xml version=\"1.0\" encoding=\"utf-8\" ?>
<manifest xmlns=\"http://schemas.microsoft.com/wlw/manifest/weblog\">
<options>
<clientType>WordPress</clientType>
<supportsKeywords>Yes</supportsKeywords>
<supportsGetTags>Yes</supportsGetTags>
</options>
<weblog>
<serviceName>WordPress</serviceName>
<imageUrl>images/wlw/wp-icon.png</imageUrl>
<watermarkImageUrl>images/wlw/wp-watermark.png</watermarkImageUrl>
<homepageLinkText>View site</homepageLinkText>
<adminLinkText>Dashboard</adminLinkText>
<adminUrl>
<![CDATA[
{blog-postapi-url}/../wp-admin/
]]>
</adminUrl>
<postEditingUrl>
<![CDATA[
{blog-postapi-url}/../wp-admin/post.php?action=edit&post={post-id}
]]>
</postEditingUrl>
</weblog>
<buttons>
<button>
<id>0</id>
<text>Manage Comments</text>
<imageUrl>images/wlw/wp-comments.png</imageUrl>
<clickUrl>
<![CDATA[
{blog-postapi-url}/../wp-admin/edit-comments.php
]]>
</clickUrl>
</button>
</buttons>
</manifest>");
?>

28
honeypot/file-xml.php
View File

@@ -1,28 +0,0 @@
<?php
header('Content-Type: text/xml; charset=utf-8');
echo("<?xml version='1.0'?>
<module>
<name>VtigerVulnPlugin</name>
<label>VtigerVulnPlugin</label>
<parent>Tools</parent>
<version>1.01</version>
<dependencies>
<vtiger_version>7.0.0</vtiger_version>
<vtiger_max_version>7.*</vtiger_max_version>
</dependencies>
<license>
<file>LICENSE.txt</file>
</license>
<actions>
<action>
<name><![CDATA[Import]]></name>
<status>enabled</status>
</action>
<action>
<name><![CDATA[Export]]></name>
<status>disabled</status>
</action>
</actions>
</module>");
?>

14
honeypot/folder.php
View File

@@ -1,14 +0,0 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
</head>
<body>
<h1>Title</h1>
<p>Folder jail</p>
</body>
</html>

4
honeypot/readme.md
View File

@@ -1,4 +0,0 @@
# Honeypots
## ???
TODO

25
php-relinker.js Normal file
View File

@@ -0,0 +1,25 @@
const fs = require('fs');
if (process.argv.length < 3) {
console.log('Usage: node php-relinker.js <input_php_file>');
process.exit(1);
}
const inputFilePath = process.argv[2];
console.log(">", inputFilePath);
function replaceExtension(match) {
return match.replace('.php', '.min.php');
}
try {
const content = fs.readFileSync(inputFilePath, 'utf-8');
const modifiedContent = content.replace(/include.*\.php/g, replaceExtension);
fs.writeFileSync(inputFilePath, modifiedContent, 'utf-8');
} catch (error) {
if (error.code === 'ENOENT') {
console.log('> Error: File not found.');
} else {
console.error('> Error: An error occurred =>', error.message);
}
}

8
readme.md
View File

@@ -16,14 +16,6 @@ Unfinished, but all the files should be contained in the `content/` folder.
### Tools ### Tools
### Honeypot & Tarpits
There are a couple of files in the `honeypot/` and `tarpit/` folders that are used
to serve some basic fake files and pages that are often requested by automated scanners in order
to mess with them.
These pages can be removed by deleting the folders and removing the appropriate rules in
the [.htaccess](.htaccess) file.
## Requirements ## Requirements
These files are required and need to be installed manually for the website to work properly !<br> These files are required and need to be installed manually for the website to work properly !<br>

4
tools/.htaccess
View File

@@ -1,3 +1,7 @@
# FIXME: The minified content scripts fail for some reason !
# Could be the missing closing php tag !!!
DirectoryIndex index.php index.html
# Redirecting any URL that starts with "/tools" to the root of this folder. # Redirecting any URL that starts with "/tools" to the root of this folder.
RewriteEngine On RewriteEngine On
RewriteRule ^\/?(tools\/)?[a-zA-Z0-9\-]+\/?$ index.php [NC] RewriteRule ^\/?(tools\/)?[a-zA-Z0-9\-]+\/?$ index.php [NC]