Krawl is a cutting-edge, cloud-native deception server designed to counteract web crawlers and automated scanning tools by generating realistic fake web applications. Its primary goal is to detect, delay, and analyze malicious activities while presenting low-hanging vulnerabilities such as fake admin panels, configuration files, and exposed decoy credentials. By diverting attackers' resources, Krawl effectively distinguishes between benign and malicious crawlers, offering a strategic advantage for online security.

Key Features

• Spider Trap Pages: Utilizes infinite random links to exhaust crawler resources, inspired by the spidertrap project.
• Fake Login Pages: Create deceptive login interfaces for common applications like WordPress and phpMyAdmin.
• Honeypot Paths: Automatically advertised in the robots.txt file to lure scanners.
• Fake Credentials: Generates realistic usernames, passwords, and API keys to mislead attackers.
• Canary Token Integration: Enables triggering of external alerts upon specific interactions.
• Real-time Dashboard: Provides insights into suspicious activities, enhancing monitoring capabilities.
• Customizable Wordlists: Utilizes JSON-based configuration for easy personalization of fake data.
• Random Error Injection: Simulates genuine server responses to further deceive crawlers.

Deployment Options

Krawl can be deployed seamlessly using several methods:

• Helm Chart: Easily install Krawl on Kubernetes with a simple command, allowing customization options such as canary tokens.
• Kubernetes / Kustomize: Apply deployment manifests or clone the repository for manual configuration.
• Docker: Run Krawl in a contained environment, ensuring quick setup with Docker commands.
• Python: For users who prefer direct interaction, Krawl can also be launched as a Python application, providing flexibility in its deployment.

Monitoring and Customization

The Krawl dashboard offers comprehensive monitoring of suspicious activities, displaying metrics such as total accesses, unique visitors, and logs of triggering honeypot paths. For tailored configurations, environment variables can be adjusted to customize aspects such as server delays, link generation, and canary token URLs.

The genuine-looking pages created by Krawl simulate common vulnerabilities, such as fake database connection strings and API keys, to enhance deception. These pages trigger synthetic errors to mimic real misconfigurations, providing an in-depth tool for security professionals to analyze attack patterns.

Contribution and Use

Open contributions are encouraged to enhance Krawl's capabilities. By adhering to the project's guidelines, developers can assist in evolving this tool into a robust solution for web application security insights.

Krawl is intended for use in isolated environments for monitoring and testing purposes. Consistent observation of security events is recommended, along with compliance with legal regulations.

Explore Krawl to bolster Cybersecurity defenses against automated threats.