V0.3.1 - IAC, Opsec, and Phishing Updates#5
Merged
Merged
Conversation
- Added Kaine Profile - Added BRC4 example - Updated Infrastructure Diagram
- Added command posts dashboard which consolidates all the redirectors into one place - Added new filtering mode "Hard Block", updated .env.example and configs to show this change - Updated Infrastructure Diagram to reflect new additions
…ments - Harden response header sanitization with BLOCKED_HEADERS blocklist and persona Server header injection on proxied responses - Add age/SOPS encrypted config support in the config loader - Add HTTP fingerprint filter for client identification in the pipeline - Add response timing normalization to prevent side-channel analysis - Add dynamic cloud provider IP range feeds (AWS, Azure, GCP) - Add `infraguard test-request` CLI for dry-run filter validation - Add multi-path upstream failover with per-upstream circuit breakers - Enable HTTP/2 listener support via h2 protocol - Add canary token injection (tracking pixel, honeypot link, hidden form) into decoy HTML responses - Add decoy target rotation (random/round-robin) for drop actions - Add burn detection watchdog monitoring vendor spike and multi-ASN probes - Add operator audit log table and helpers in the tracking database - Add dead man's switch with configurable TTL-based auto-expiry - Add `infraguard report` CLI for HTML engagement report generation - Fix config loader crash when env vars are unset (empty TLS blocks, empty-string domain keys)
Cloud-init (DO, AWS, Azure): - Clone InfraGuard from repo URL, build Docker image via docker compose build, create runtime dirs, signal ready - Replace docker_image variable with repo_url (default: https://github.com/Whispergate/InfraGuard.git) Deploy CLI post-provisioning (6-step lifecycle): - Wait for cloud-init bootstrap completion via SSH polling - Generate config bundle with populated .env (auto-generated API token, randomized health path, Let's Encrypt, upstream) - SCP config.yaml, C2 profile, and .env to /opt/infraguard/ - SSH to start docker compose services (proxy + dashboard) - Health poll to confirm InfraGuard is running Provider-specific SSH handling: - DO: root user, fingerprint-based key lookup - AWS: ubuntu user, key pair resource, sudo for docker - Azure: operator user, admin_ssh_key block, sudo for docker Additional fixes: - Move terraform modules into infraguard/deploy/terraform/ so they are included in pip/pipx installs (fixes "No configuration files" error when installed outside the repo) - Stage .tf files into work_dir before terraform init - Fix DO tag validation (dots replaced with dashes) - Fix DO SSH key 422 error (use fingerprint instead of resource) - Fix config loader crash on unset env vars (empty TLS blocks, empty-string domain keys)
[0.3.1] OPSEC hardening, IaC auto-deploy, phishing support, and operational improvements
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Infrastructure as Code:
with full auto-deploy lifecycle: provision → cloud-init bootstrap →
SCP config → docker compose up → health poll
Let's Encrypt config, and upstream mapping per C2 framework
config loader crash on unset env vars
OPSEC Hardening:
and cloud provider headers from leaking through upstream responses
headers detection, minimal-header CLI tool detection)
side-channel between proxied and locally-generated responses
Operational Resilience:
Phishing Framework Support:
Decoy & Intelligence:
InfraShield, Test blogs)
Operator Experience:
infraguard test-requestCLI for dry-run filter validationinfraguard reportCLI for HTML engagement report generationBug Fixes: