bojemoi/blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: bojemoi:cf788a140cd6bdecf8539c632ea41f668f55af6c
Branches Tags
bojemoi:main
..
compare: bojemoi:main
Branches Tags
bojemoi:main

79 Commits
cf788a140c ... main

Author SHA1 Message Date
Betty
262abc8fe7 post: commit e8778da in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 13s
Details
2026-04-24 23:00:23 +02:00
Betty
cfee8ae97a post: commit 760c08d in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 12s
Details
2026-04-24 22:38:10 +02:00
Betty
6ba4f34c68 post: push 1 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 12s
Details
2026-04-24 22:36:06 +02:00
Betty
eaf58058f5 post: commit fad9bc3 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-04-24 22:36:03 +02:00
Betty
33b36393c1 post: push 11 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 12s
Details
2026-04-24 22:34:17 +02:00
Betty
1340621b18 post: commit 4aba669 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-04-24 22:34:13 +02:00
Betty
6bf4bf67e3 post: commit eb9a1ee in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 12s
Details
2026-04-17 13:37:35 +02:00
Betty
521bbe44ea post: commit 1c2ee83 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 12s
Details
2026-04-17 13:35:02 +02:00
Betty
3e5b630489 post: commit 047a7a8 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-04-17 13:23:31 +02:00
Betty
f267cc13bd post: commit 4adce3e in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-04-17 13:20:31 +02:00
Betty
0c0b36eefa post: commit cf02179 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 12s
Details
2026-04-17 13:20:21 +02:00
Betty
7be4c71ef6 post: commit 9e5b612 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-04-17 13:20:16 +02:00
Betty
bcc332d720 post: commit 081acdb in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-04-17 13:20:12 +02:00
Betty
7496deadea post: commit b9abb6d in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-04-17 13:20:09 +02:00
Betty
f20ff46c3d post: commit 13e2bf9 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-04-17 13:20:05 +02:00
Betty
262e3f8f46 post: commit 4e1f103 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-04-17 13:19:59 +02:00
Betty
84ae43a413 post: commit 37b5b4b in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 12s
Details
2026-04-16 17:36:15 +02:00
Betty
5bbd2358f3 post: commit 901f0d3 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 12s
Details
2026-04-16 17:27:37 +02:00
Betty
4c89bc8312 post: commit 497faba in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-04-16 14:23:17 +02:00
Betty
5e960b7fcd post: commit 6d98c32 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-04-16 13:46:19 +02:00
Betty
b95d553e6c post: push 1 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-04-16 10:21:08 +02:00
Betty
6fc7a877d2 post: commit 93d5ceb in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-04-16 10:21:06 +02:00
Betty
1504ef361f post: commit 091a227 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-04-16 10:16:50 +02:00
Betty
fd96b347f2 post: push 1 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 12s
Details
2026-04-16 10:08:42 +02:00
Betty
d3b9be5f7a post: commit 907b0c3 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-04-16 10:08:38 +02:00
Betty
16ae10287e post: push 1 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 12s
Details
2026-04-15 23:00:18 +02:00
Betty
5c4f867167 post: commit 4fa26f4 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-04-15 23:00:10 +02:00
Betty
cb7b97b11d post: commit e2761e1 in bojemoi_boot
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-04-09 22:29:02 +02:00
Betty
48b74cde3e post: commit 1e20eb6 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-04-09 22:19:58 +02:00
Betty
43ef400071 post: commit 1f2d521 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-04-09 22:01:02 +02:00
Betty
d145790595 post: push 2 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-04-09 21:55:48 +02:00
Betty
74a34f72a8 post: commit 0699664 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-04-09 21:55:45 +02:00
Betty
507ccc4cd8 post: commit 10af16e in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-04-09 21:55:36 +02:00
Betty
3fb120b7b1 post: push 1 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-04-09 16:54:56 +02:00
Betty
9cf9bbe3fd post: commit 7eedf64 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-04-09 16:54:52 +02:00
Betty
4e7e704bbc post: push 2 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-04-09 16:22:52 +02:00
Betty
7b2492cc0c post: commit 0e0519a in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-04-09 16:22:47 +02:00
Betty
99b692979d post: commit 440a412 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-04-05 22:08:34 +02:00
Betty
b550111526 post: push 2 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-04-05 00:49:11 +02:00
Betty
e599d026af post: commit 24c1a17 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-04-05 00:48:15 +02:00
Betty
dcf5143806 post: commit 454674c in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-04-05 00:34:19 +02:00
Betty
6004b237eb post: push 2 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-04-05 00:13:03 +02:00
Betty
2fef729d93 post: commit 002f809 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-04-05 00:12:45 +02:00
Betty
3240126da9 post: commit fb7c5ff in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-04-04 00:23:55 +02:00
Betty
e8e3d05539 post: push 1 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-04-03 16:11:06 +02:00
Betty
a6bd13c28c post: commit f6b4ac5 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-04-03 16:11:03 +02:00
Betty
9bb1c46280 post: commit 4c71a4d in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-03-31 21:04:32 +02:00
Betty
c803a759ae post: push 1 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-03-31 20:36:46 +02:00
Betty
f1d4f4292b post: commit b5b5641 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-03-31 20:36:26 +02:00
Betty
139a366066 post: commit dc4caca in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-03-30 22:05:24 +02:00
Betty
0b1a1c5e86 post: commit ea02190 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-03-30 21:37:23 +02:00
Betty
aa3b4e6966 post: push 1 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 20s
Details
2026-03-30 21:25:03 +02:00
Betty
83e6966ca0 post: commit 631b96e in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-03-30 21:24:59 +02:00
Betty
3857c3258c post: push 1 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
2026-03-30 16:51:07 +02:00
Betty
35d7743705 post: commit 9eb4c92 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-03-30 16:51:03 +02:00
Betty
b5273f3480 post: commit 2a51f30 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-03-26 18:51:19 +01:00
Betty
8b3df064e1 post: commit 2195edf in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 9s
Details
2026-03-26 18:34:03 +01:00
Betty
38e9805165 post: push 1 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 9s
Details
2026-03-26 18:12:18 +01:00
Betty
a811ee00c6 post: commit 9a69b23 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 12s
Details
2026-03-26 18:05:53 +01:00
Betty
8bb6d0257f post: push 1 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-03-25 23:19:31 +01:00
Betty
b4bd662d7b post: commit 2c09e8b in bojemoi_boot
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-03-25 23:19:25 +01:00
Betty
244bf3c6eb post: commit d3bbec7 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 9s
Details
2026-03-25 23:19:10 +01:00
Betty
3ecba81eb5 post: push 1 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 9s
Details
2026-03-25 23:05:18 +01:00
Betty
37067295a0 post: commit 27f5ef4 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-03-25 23:05:15 +01:00
Betty
4cde83394a post: push 1 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 9s
Details
2026-03-25 22:52:52 +01:00
Betty
37b3c67bc1 post: commit 5a9bdd9 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-03-25 22:52:47 +01:00
Betty
5cc512f97b post: push 1 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-03-25 22:44:45 +01:00
Betty
20e02cb6db post: commit a79479d in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-03-25 22:44:40 +01:00
Betty
f5d0fc36e3 post: push 2 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-03-23 18:56:55 +01:00
Betty
7d0f3ce09c post: commit 392a1a2 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-03-23 18:56:52 +01:00
Betty
94ab525a21 post: commit 11a8e69 in bojemoi
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-03-21 13:53:28 +01:00
Betty
0cd0304141 post: push 3 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-03-18 13:52:20 +01:00
Betty
c0561b9c6c post: commit fced696 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-03-18 13:52:17 +01:00
Betty
9d75e01250 post: commit 1041a8b in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-03-18 13:52:12 +01:00
Betty
40ce65e539 post: commit b93e503 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-03-18 13:52:09 +01:00
Betty
741c7050fc post: push 1 commit(s) to bojemoi/main
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 10s
Details
2026-03-18 13:51:08 +01:00
Betty
04dc718cfe post: commit 8671e81 in bojemoi
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
2026-03-18 13:51:00 +01:00
Betty
bebf03a8e7 post: zéro credential en clair dans alertmanager.yml — Docker secrets
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 9s
Details
2026-03-14 22:08:27 +01:00
Betty
6af7aff46c post: push 1 commit(s) to bojemoi/main 2026-03-14 22:08:27 +01:00
79 changed files with 4363 additions and 0 deletions
Expand all files Collapse all files

174
content/posts/alertmanager-docker-secrets-fr.md Normal file
View File

@@ -0,0 +1,174 @@
---
title: "Zéro credential en clair dans alertmanager.yml — Docker secrets à la rescousse"
date: 2026-03-14T21:00:00+00:00
draft: false
tags: ["cybersecurity", "devops", "docker", "docker-swarm", "homelab", "selfhosted", "infosec", "opensource", "blue-team", "soc", "gitops", "debutant-en-cyber", "apprendre-la-cyber", "build-in-public", "french-tech"]
summary: "Mon alertmanager.yml avait deux credentials en clair : un token Telegram et un mot de passe SMTP. Je les ai migrés vers des Docker secrets en dix minutes — sans patcher l'image ni écrire une ligne de script."
description: "Migration pas-à-pas de credentials Alertmanager vers des Docker secrets en Swarm mode : bot_token_file et smtp_auth_password_file, sans entrypoint personnalisé."
author: "Bojemoi"
ShowToc: true
ShowReadingTime: true
---
J'ai intégré Trivy dans mon pipeline CI pour scanner mes Dockerfiles. Premier résultat : Trivy me signale des secrets hardcodés dans mon propre `alertmanager.yml` commité en clair dans le repo.
Ironie du sort — l'outil de scan de sécurité me trouve une faille dans ma configuration de monitoring.
## Le Problème
Mon `alertmanager.yml` contenait deux credentials en clair :
```yaml
global:
smtp_auth_password: '8_qz7oZmQVBGhkvo-U64tA' # mot de passe SMTP Proton Mail Bridge
receivers:
- name: 'telegram-perimeter'
telegram_configs:
- bot_token: '8174135689:AAH...' # token du bot Telegram
```
Ces deux valeurs étaient commitées dans le repo Git. Toute personne ayant accès au repo (ou à un backup) pouvait :
- Envoyer des messages à n'importe quel chat Telegram via le bot
- S'authentifier sur le serveur SMTP du bridge Protonmail
## La Solution Native d'Alertmanager
Alertmanager supporte nativement la lecture de credentials depuis des fichiers, via les paramètres suffixés `_file`. Pas besoin de script d'entrypoint, pas besoin de patcher l'image.
| Paramètre inline | Équivalent fichier |
|---|---|
| `bot_token` | `bot_token_file` |
| `smtp_auth_password` | `smtp_auth_password_file` |
| `api_key` (PagerDuty, etc.) | `api_key_file` |
La documentation Alertmanager liste ces variantes pour la plupart des intégrations. C'est la façon propre de gérer les secrets en environnement conteneurisé.
## Mise en Œuvre en Docker Swarm
### 1. Créer les secrets Docker
Le token Telegram existait déjà comme secret Swarm (`telegram_bot_token`, créé 6 semaines plus tôt pour le service Telegram). Réutilisation directe.
Pour le mot de passe SMTP, création d'un nouveau secret :
```bash
echo -n '8_qz7oZmQVBGhkvo-U64tA' | docker secret create alertmanager_smtp_pass -
```
```bash
docker secret ls | grep -E "telegram_bot|smtp"
# rfi2cjxk... telegram_bot_token 6 weeks ago
# r5zodtm4... alertmanager_smtp_pass just now
```
### 2. Mettre à Jour alertmanager.yml
```yaml
global:
smtp_auth_password_file: /run/secrets/alertmanager_smtp_pass # ← fichier
receivers:
- name: 'telegram-perimeter'
telegram_configs:
- bot_token_file: /run/secrets/telegram_bot_token # ← fichier
```
Les credentials en clair disparaissent du fichier. Le repo est propre.
### 3. Monter les Secrets dans la Stack
Dans la définition du service alertmanager (`stack/01-service-hl.yml`) :
```yaml
services:
alertmanager:
# ...
secrets:
- telegram_bot_token
- alertmanager_smtp_pass
secrets:
telegram_bot_token:
external: true
alertmanager_smtp_pass:
external: true
```
### 4. Appliquer sans Rebuild
Puisqu'il n'y a pas de changement d'image, un simple `service update` suffit :
```bash
# Première migration (bot token)
docker service update \
--secret-add telegram_bot_token \
--force \
base_alertmanager
# Deuxième migration (SMTP)
docker service update \
--secret-add alertmanager_smtp_pass \
--force \
base_alertmanager
```
Docker Swarm monte automatiquement les secrets dans `/run/secrets/<nom>` à l'intérieur du container. Alertmanager lit les fichiers au démarrage.
## Vérification
```bash
docker service ps base_alertmanager
# Running 21 seconds ago ← pas de crash
docker service logs base_alertmanager --since 30s
# level=INFO msg="Loading configuration file" ...
# (pas d'erreur d'authentification)
```
Et dans `alertmanager.yml` désormais commité :
```yaml
global:
smtp_auth_password_file: /run/secrets/alertmanager_smtp_pass
receivers:
- name: 'telegram-perimeter'
telegram_configs:
- bot_token_file: /run/secrets/telegram_bot_token
```
Aucun credential en clair. Trivy est content.
## Ce que Docker Swarm Garantit sur les Secrets
- Les secrets sont chiffrés au repos (dans la Raft store) et en transit (TLS mutuel entre les nœuds)
- Montés en `tmpfs` dans le container — jamais écrits sur disque
- Visibles uniquement par les tâches qui en ont besoin (déclaration explicite dans le service)
- Non récupérables via `docker secret inspect` (seulement les métadonnées)
Pour les faire tourner sur les bons nœuds, les contraintes de placement Swarm font déjà le travail.
## Generalisation
Ce pattern `*_file` n'est pas propre à Alertmanager. On le retrouve dans :
- **Prometheus** : `bearer_token_file`, `password_file` dans les scrape configs
- **Grafana** : `GF_DATABASE_PASSWORD__FILE`, `GF_SECURITY_ADMIN_PASSWORD__FILE`
- **Loki** : idem via les variables d'environnement `_FILE`
- **Traefik** : les providers supportent les fichiers de secrets
Le principe est identique : paramètre standard remplacé par son équivalent `_file` pointant vers `/run/secrets/<nom>`.
## Bilan
| | Avant | Après |
|---|---|---|
| Credentials dans le repo | ✗ 2 en clair | ✓ 0 |
| Alertmanager fonctionnel | ✓ | ✓ |
| Changement d'image requis | — | Non |
| Script d'entrypoint custom | — | Non |
| Temps de migration | — | ~15 min |
La leçon : avant d'écrire un script de substitution de variables ou de patcher une image, vérifier si l'outil ne supporte pas déjà nativement la lecture depuis des fichiers. Alertmanager, Prometheus, Grafana — la plupart des outils de l'écosystème Prometheus le font.

39
content/posts/commits/2026-03-18-commit-1041a8b.md Normal file
View File

@@ -0,0 +1,39 @@
---
title: "[bojemoi] blog: add alertmanager Docker secrets post (FR)"
date: 2026-03-18T13:52:12+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 1041a8b par Betty dans bojemoi"
author: "Betty"
---
## Commit `1041a8b`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `1041a8bda741d876cf2219db23acbc10e7e304f0` |
### Description
Article sur la gestion des credentials alertmanager (SMTP, Telegram)
via Docker secrets — zéro credential en clair dans les stack files.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
A blog/alertmanager-docker-secrets-fr.md
```
### Diff Summary
```
blog/alertmanager-docker-secrets-fr.md | 174 +++++++++++++++++++++++++++++++++
1 file changed, 174 insertions(+)
```

48
content/posts/commits/2026-03-18-commit-8671e81.md Normal file
View File

@@ -0,0 +1,48 @@
---
title: "[bojemoi] feat: add breachforum CTI discovery service (stack 66)"
date: 2026-03-18T13:50:59+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 8671e81 par Betty dans bojemoi"
author: "Betty"
---
## Commit `8671e81`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `8671e81c7066d225e67a59773637a06cc0471a0f` |
### Description
Multi-source .onion discovery: Ahmia, Reddit, Tor directories.
Validates via embedded Tor SOCKS5, stores in PostgreSQL (bojemoi_cti),
alerts Telegram PTaaS group on new discoveries. Runs hourly loop.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
A discovery/Dockerfile
A discovery/breachforum_discovery_api.py
A discovery/breachforum_onion_discovery.py
A discovery/entrypoint.sh
A stack/66-service-discovery.yml
```
### Diff Summary
```
discovery/Dockerfile | 34 +++
discovery/breachforum_discovery_api.py | 259 +++++++++++++++++++
discovery/breachforum_onion_discovery.py | 421 +++++++++++++++++++++++++++++++
discovery/entrypoint.sh | 33 +++
stack/66-service-discovery.yml | 73 ++++++
5 files changed, 820 insertions(+)
```

46
content/posts/commits/2026-03-18-commit-b93e503.md Normal file
View File

@@ -0,0 +1,46 @@
---
title: "[bojemoi] feat(borodino/uzi): auto-detect LHOST, split LPORT_BIND, improve exploit targeting"
date: 2026-03-18T13:52:08+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit b93e503 par Betty dans bojemoi"
author: "Betty"
---
## Commit `b93e503`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `b93e503aa9dad4480f64441469d4b9edfe7ea8be` |
### Description
- Auto-detect public IP via ipify/ifconfig.me (fallback to local IP)
- Split LPORT (payload) vs LPORT_BIND (handler) for NAT environments
- Listener binds 0.0.0.0 instead of LHOST
- get_random_host: ILIKE + filter on purpose (server/device/router/firewall)
- Handle RPORT from open_ports, set empty string for PASSWORD fields
- Prioritize bind payloads over reverse for internet targets
- Remove upfront linux module search (now per-host via build_targeted_exploits)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/thearm_uzi
M stack/40-service-borodino.yml
```
### Diff Summary
```
borodino/thearm_uzi | 53 +++++++++++++++++++++++++++++++++++--------
stack/40-service-borodino.yml | 5 ++--
2 files changed, 46 insertions(+), 12 deletions(-)
```

58
content/posts/commits/2026-03-18-commit-fced696.md Normal file
View File

@@ -0,0 +1,58 @@
---
title: "[bojemoi] chore: add Discord bot scaffold + breachforum discovery scripts"
date: 2026-03-18T13:52:16+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit fced696 par Betty dans bojemoi"
author: "Betty"
---
## Commit `fced696`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `fced6969ff26f0d023add39a0eb4bf764c2ef291` |
### Description
- discord/: structure.yml + create_structure.sh for Discord bot setup
- scripts/: original breachforum discovery archive files (Dockerfile,
docker-compose, API, onion discovery, examples, integration guide)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
A discord/.env.example
A discord/create_structure.sh
A discord/structure.yml
A scripts/Dockerfile.discovery
A scripts/INTEGRATION_GUIDE.sh
A scripts/README.md
A scripts/breachforum_discovery_api.py
A scripts/breachforum_onion_discovery.py
A scripts/docker-compose.discovery.yml
A scripts/examples_usage.py
```
### Diff Summary
```
discord/.env.example | 17 ++
discord/create_structure.sh | 68 +++++
discord/structure.yml | 38 +++
scripts/Dockerfile.discovery | 34 +++
scripts/INTEGRATION_GUIDE.sh | 205 +++++++++++++
scripts/README.md | 540 +++++++++++++++++++++++++++++++++
scripts/breachforum_discovery_api.py | 259 ++++++++++++++++
scripts/breachforum_onion_discovery.py | 421 +++++++++++++++++++++++++
scripts/docker-compose.discovery.yml | 99 ++++++
scripts/examples_usage.py | 301 ++++++++++++++++++
10 files changed, 1982 insertions(+)
```

49
content/posts/commits/2026-03-21-commit-11a8e69.md Normal file
View File

@@ -0,0 +1,49 @@
---
title: "[bojemoi] feat(borodino/uzi): use Claude AI to extract MSF search terms from service info"
date: 2026-03-21T13:53:26+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 11a8e69 par Betty dans bojemoi"
author: "Betty"
---
## Commit `11a8e69`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `11a8e69e56d84465e551709e19aa64403cba2d6f` |
### Description
- Add `s.info` column to `get_host_services_by_address` query
- Add `extract_search_terms_via_ai()` using Claude Haiku to parse service
info strings (e.g. "vsftpd 2.3.4" → "vsftpd", "UnrealIRCd" → "unreal")
- Merge AI terms with static SERVICE_EXPLOIT_MAP in build_targeted_exploits
- Fix tuple unpacking to handle 3-tuple (port, name, info)
- Add `anthropic` pip package to Dockerfile.borodino
- Add ANTHROPIC_API_KEY env var to uzi-service in stack
- Set bm12-service DEBUG_MODE=1, replicas=1 for debug workflow
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/Dockerfile.borodino
M borodino/thearm_uzi
M stack/40-service-borodino.yml
```
### Diff Summary
```
borodino/Dockerfile.borodino | 3 +-
borodino/thearm_uzi | 70 ++++++++++++++++++++++++++++++++++++++++---
stack/40-service-borodino.yml | 21 +++++--------
3 files changed, 76 insertions(+), 18 deletions(-)
```

41
content/posts/commits/2026-03-23-commit-392a1a2.md Normal file
View File

@@ -0,0 +1,41 @@
---
title: "[bojemoi] feat(borodino/uzi): enrich meterpreter Telegram alerts with sysinfo/uid/pid"
date: 2026-03-23T18:56:51+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 392a1a2 par Betty dans bojemoi"
author: "Betty"
---
## Commit `392a1a2`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `392a1a2a4a7be69eb0f597ac7f6eca2b20290355` |
### Description
- Add arch, tunnel_peer from MSF session dict to all alerts
- Run sysinfo, getuid, getpid on meterpreter session after upgrade
- Fix alert spam: send only new_shells (not all current sessions)
- Add send_telegram_alert call on successful meterpreter upgrade
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/thearm_uzi
```
### Diff Summary
```
borodino/thearm_uzi | 388 ++++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 314 insertions(+), 74 deletions(-)
```

53
content/posts/commits/2026-03-25-commit-27f5ef4.md Normal file
View File

@@ -0,0 +1,53 @@
---
title: "[bojemoi] feat(orchestrator): add VulnHub VM automation endpoints"
date: 2026-03-25T23:05:13+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 27f5ef4 par Betty dans bojemoi"
author: "Betty"
---
## Commit `27f5ef4`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `27f5ef454a4d419fd606a38a1272cdb13778148f` |
### Description
- Add VULNHUB_CATALOG with 8 VMs (metasploitable2/3, dvwa, dc-1,
kioptrix-1, basic-pentesting-1, lampiao, pwnlab-init)
- VulnHubManager: asyncpg pool + host_debug upsert (multi-target,
unlike rapid7 which replaces)
- Endpoints: GET catalog, GET targets, POST deploy/{vm_id},
DELETE {vm_id} — clone XenServer template → start → poll IP →
register in host_debug for bm12/uzi DEBUG_MODE scanning
- Add Pydantic models: VulnHubDeployRequest/Response, VulnHubTargetsResponse
- Add scripts/import_vulnhub_ova.sh: xe vm-import helper for
first-time OVA → template creation on XenServer host
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M provisioning/orchestrator/app/main.py
M provisioning/orchestrator/app/models/schemas.py
A provisioning/orchestrator/app/services/vulnhub_manager.py
A scripts/import_vulnhub_ova.sh
```
### Diff Summary
```
provisioning/orchestrator/app/main.py | 184 +++++++++++++++++++-
provisioning/orchestrator/app/models/schemas.py | 53 ++++++
.../orchestrator/app/services/vulnhub_manager.py | 188 +++++++++++++++++++++
scripts/import_vulnhub_ova.sh | 123 ++++++++++++++
4 files changed, 547 insertions(+), 1 deletion(-)
```

36
content/posts/commits/2026-03-25-commit-2c09e8b.md Normal file
View File

@@ -0,0 +1,36 @@
---
title: "[bojemoi_boot] fix(docker-socket-proxy): enable POST/DELETE for orchestrator service management"
date: 2026-03-25T23:19:24+01:00
draft: false
tags: ["commit", "bojemoi_boot", "main"]
categories: ["Git Activity"]
summary: "Commit 2c09e8b par Betty dans bojemoi_boot"
author: "Betty"
---
## Commit `2c09e8b`
| | |
|---|---|
| **Repository** | bojemoi_boot |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `2c09e8b58620567008227717cd3b4c1e6275b354` |
### Description
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M stack/01-boot-service.yml
```
### Diff Summary
```
stack/01-boot-service.yml | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
```

56
content/posts/commits/2026-03-25-commit-5a9bdd9.md Normal file
View File

@@ -0,0 +1,56 @@
---
title: "[bojemoi] feat(borodino): enrich bm12/uzi with VulnHub-style attack surface detection"
date: 2026-03-25T22:52:46+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 5a9bdd9 par Betty dans bojemoi"
author: "Betty"
---
## Commit `5a9bdd9`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `5a9bdd9da9c03d43ef601a9663f565f51950dcde` |
### Description
bm12:
- NSE: add http-shellshock, http-php-version, http-webdav-scan, http-auth-finder,
http-default-accounts to HTTP/HTTPS scripts
- NSE: add smtp-open-relay, add nfs (nfs-ls,nfs-showmount,nfs-statfs,rpcinfo)
- _VULN_INDICATORS: 20 patterns (vsftpd 2.3.4 backdoor, ProFTPD mod_copy, WordPress,
Joomla, Drupal, Shellshock CGI, Tomcat manager, WebDAV, phpMyAdmin, Jenkins,
Struts, Redis/MongoDB noauth, Samba old, SNMP public, SMTP open relay, NFS export)
- detect_vuln_indicators(): parses service banners against _VULN_INDICATORS
- run_scan(): call detect_vuln_indicators, store attack_surface in scan_details,
boost type=vuln_web when web vulns detected (after IoT priority)
uzi:
- _OS_EXPLOIT_PATHS: add vuln_web → exploit/unix/webapp/, multi/http/, unix/http/
- _VULN_EXPLOIT_TERMS: maps 18 vuln indicators to MSF search terms
- get_os_paths(): handle vuln_web type
- build_targeted_exploits(): accept scan_details, extract attack_surface terms
- main loop: pass scan_details, apply vuln_web type override, log attack_surface
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/thearm_bm12
M borodino/thearm_uzi
```
### Diff Summary
```
borodino/thearm_bm12 | 98 +++++++++++++++++++++++++++++++++++++++++++++++++---
borodino/thearm_uzi | 69 +++++++++++++++++++++++++++++-------
2 files changed, 151 insertions(+), 16 deletions(-)
```

108
content/posts/commits/2026-03-25-commit-a79479d.md Normal file
View File

@@ -0,0 +1,108 @@
---
title: "[bojemoi] feat: multi-stage Dockerfiles, DVAR IoT target, bm12/uzi ARM enrichment"
date: 2026-03-25T22:44:39+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit a79479d par Betty dans bojemoi"
author: "Betty"
---
## Commit `a79479d`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `a79479d732a7eb95cb017eee5084f11e08946849` |
### Description
Dockerfiles:
- Convert 8 Dockerfiles to multi-stage / virtual build-deps pattern:
- oblast/Dockerfile.zaproxy: remove make/ant/automake/autoconf/gcc from final stage, openjdk-jdk → jre
- telegram-bot, discovery: proper builder/runtime stages, gcc+libpq-dev removed from runtime
- tsushima: dedicated masscan-builder stage + --virtual .ruby-build-deps
- borodino/Dockerfile.borodino, berezina/Dockerfile.berezina: --virtual .build-deps removed after bundle install
- narva/Dockerfile.narva, borodino/Dockerfile.berezina: remove unused build tools (no bundle install)
- Compile Python sources in: mcp-server, discovery, sentinel/collector, koursk-2
- cccp.sh: docker buildx build --push (direct registry), ensure_registry() boot stack check
DVAR IoT:
- dvar/: Dockerfile.dvar (QEMU ARM emulation, cross-compiled vuln HTTP server), entrypoint, vuln_httpd.c
- stack/56-service-dvar.yml: pentest + iot_network networks, worker placement
- scripts/metasploitable2_exploit.py: Metasploitable2 exploit helper
Borodino bm12/uzi:
- thearm_bm12: arch detection (_ARCH_PATTERNS, _IOT_KEYWORDS), IoT/ARM banner parsing, stores arch in hosts.arch
- thearm_uzi: ARM/MIPS payload selection, IoT OS path, host_arch from DB, generic IoT support
- stack/40-service-borodino.yml: bm12_v3 scan_status target, updated service config
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M .dockerignore
M berezina/Dockerfile.berezina
M borodino/.dockerignore
M borodino/Dockerfile.berezina
M borodino/Dockerfile.borodino
M borodino/thearm_bm12
M borodino/thearm_uzi
M borodino/toto
M discovery/Dockerfile
M discovery/breachforum_onion_discovery.py
M discovery/entrypoint.sh
A dvar/Dockerfile.dvar
A dvar/entrypoint.sh
A dvar/src/vuln_httpd.c
M koursk-2/Dockerfile.koursk-2
M koursk-2/scripts/rsync-start.sh
M mcp-server/Dockerfile
M narva/Dockerfile.narva
M oblast/Dockerfile.zaproxy
M scripts/cccp.sh
A scripts/metasploitable2_exploit.py
M scripts/startover.sh
M sentinel/collector/Dockerfile
M stack/40-service-borodino.yml
A stack/56-service-dvar.yml
A toto
M tsushima/Dockerfile.tsushima
```
### Diff Summary
```
.dockerignore | 1 +
berezina/Dockerfile.berezina | 73 +-
borodino/.dockerignore | 1 +
borodino/Dockerfile.berezina | 29 +-
borodino/Dockerfile.borodino | 51 +-
borodino/thearm_bm12 | 151 ++++-
borodino/thearm_uzi | 579 ++++++++++------
borodino/toto | 1092 ++++++++++++++++++++++++++----
discovery/Dockerfile | 27 +-
discovery/breachforum_onion_discovery.py | 160 ++++-
discovery/entrypoint.sh | 2 +-
dvar/Dockerfile.dvar | 55 ++
dvar/entrypoint.sh | 87 +++
dvar/src/vuln_httpd.c | 194 ++++++
koursk-2/Dockerfile.koursk-2 | 5 +
koursk-2/scripts/rsync-start.sh | 2 +-
mcp-server/Dockerfile | 6 +-
narva/Dockerfile.narva | 14 +-
oblast/Dockerfile.zaproxy | 7 +-
scripts/cccp.sh | 173 +++--
scripts/metasploitable2_exploit.py | 388 +++++++++++
scripts/startover.sh | 1 +
sentinel/collector/Dockerfile | 6 +-
stack/40-service-borodino.yml | 18 +-
stack/56-service-dvar.yml | 55 ++
toto | 945 ++++++++++++++++++++++++++
tsushima/Dockerfile.tsushima | 84 +--
27 files changed, 3504 insertions(+), 702 deletions(-)
```

43
content/posts/commits/2026-03-25-commit-d3bbec7.md Normal file
View File

@@ -0,0 +1,43 @@
---
title: "[bojemoi] fix(orchestrator): use docker-socket-proxy instead of direct socket"
date: 2026-03-25T23:19:08+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit d3bbec7 par Betty dans bojemoi"
author: "Betty"
---
## Commit `d3bbec7`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `d3bbec7b84da8e313944c74b1f56efe8c9822820` |
### Description
- Remove /var/run/docker.sock bind mount from orchestrator service
(was failing with PermissionError since container now runs non-root)
- Add DOCKER_SWARM_URL=tcp://docker-socket-proxy:2375 env var
- Enable POST=1 DELETE=1 on boot/docker-socket-proxy (needed for
service create/delete via orchestrator API)
- Fix config mode 0440→0444 so non-root appuser can read .env config
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M stack/01-service-hl.yml
```
### Diff Summary
```
stack/01-service-hl.yml | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
```

42
content/posts/commits/2026-03-26-commit-2195edf.md Normal file
View File

@@ -0,0 +1,42 @@
---
title: "[bojemoi] fix(zap-scanner): handle DOES_NOT_EXIST + add timeout to scan wait loops"
date: 2026-03-26T18:34:02+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 2195edf par Betty dans bojemoi"
author: "Betty"
---
## Commit `2195edf`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `2195edf5009018178f410e8e1a197ae412d059d4` |
### Description
- wait_for_active_scan_completion: break on DOES_NOT_EXIST response
(ZAP restarted → old scan ID gone), add 3600s timeout
- wait_for_spider_completion: same fix, 1800s timeout
- Add timeout=10s to requests.get() calls in both loops
- Scanner was stuck since 2026-03-20 polling dead scan ID 3
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M oblast-1/zap_scanner.py
```
### Diff Summary
```
oblast-1/zap_scanner.py | 55 +++++++++++++++++++++++++++++++++----------------
1 file changed, 37 insertions(+), 18 deletions(-)
```

54
content/posts/commits/2026-03-26-commit-2a51f30.md Normal file
View File

@@ -0,0 +1,54 @@
---
title: "[bojemoi] refactor(zap-scanner): Redis queue + zap_scan_log + Faraday + concurrency"
date: 2026-03-26T18:51:18+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 2a51f30 par Betty dans bojemoi"
author: "Betty"
---
## Commit `2a51f30`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `2a51f3001b29121a572207ae8f42aa46964ac772` |
### Description
Architecture v2:
- DbFeeder thread: charge hosts web non scannés depuis msf.hosts
(NOT IN zap_scan_log) → Redis queue zap:targets toutes les 300s
- ScanWorker: N scans ZAP concurrents (défaut 3), spider→active scan,
DOES_NOT_EXIST/timeout gérés proprement
- zap_scan_log table: tracking persistant (host_id PK, alerts, status)
— plus de rescans aléatoires des mêmes hosts
- Faraday export: POST vulns via API v3 après chaque scan
- Fix: DB_NAME 'msg' → 'msf', Redis connection error ne crashe plus
- Stack: add REDIS_HOST/PORT, ZAP_CONCURRENCY, FARADAY_WORKSPACE,
scanner sur réseau pentest+backend pour atteindre Redis et ZAP
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M oblast-1/Dockerfile.oblast-1
M oblast-1/requirements.txt
M oblast-1/zap_scanner.py
M stack/40-service-borodino.yml
```
### Diff Summary
```
oblast-1/Dockerfile.oblast-1 | 31 +-
oblast-1/requirements.txt | 2 +-
oblast-1/zap_scanner.py | 737 ++++++++++++++++++++----------------------
stack/40-service-borodino.yml | 42 ++-
4 files changed, 388 insertions(+), 424 deletions(-)
```

50
content/posts/commits/2026-03-26-commit-9a69b23.md Normal file
View File

@@ -0,0 +1,50 @@
---
title: "[bojemoi] refactor(borodino): standardize env var management across ak47/bm12/uzi"
date: 2026-03-26T18:05:51+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 9a69b23 par Betty dans bojemoi"
author: "Betty"
---
## Commit `9a69b23`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `9a69b23259505b2016fee26c42a285a4896d92a2` |
### Description
- Stack: add PG_HOST/PORT/USER/PASSWORD/DBNAME to all 3 services;
add IP2LOC_DBNAME for ak47
- ak47: replace hardcoded user/password/dbname + ping-based IP
resolution with $PG_* env vars; use pg_isready with hostname directly
- bm12: PG_HOST was hardcoded "postgres" → os.getenv(); remove
hardcoded PG_PASSWORD default; add PG_PORT to psycopg2.connect()
- uzi: same as bm12; MODE_RUN was hardcoded 1 → os.getenv("MODE_RUN")
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/thearm_ak47
M borodino/thearm_bm12
M borodino/thearm_uzi
M stack/40-service-borodino.yml
```
### Diff Summary
```
borodino/thearm_ak47 | 40 ++++++++++++++++++----------------------
borodino/thearm_bm12 | 7 ++++---
borodino/thearm_uzi | 23 +++++++++++------------
stack/40-service-borodino.yml | 16 ++++++++++++++++
4 files changed, 49 insertions(+), 37 deletions(-)
```

56
content/posts/commits/2026-03-30-commit-631b96e.md Normal file
View File

@@ -0,0 +1,56 @@
---
title: "[bojemoi] feat(borodino): OpenVPN gateway + fix ak47/bm12 env vars"
date: 2026-03-30T21:24:58+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 631b96e par Betty dans bojemoi"
author: "Betty"
---
## Commit `631b96e`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `631b96e0ca6c8c73c1b320dc3ca9d3ef9ec3e44c` |
### Description
- Switch wg-gateway from WireGuard to OpenVPN (ProtonVPN TCP config)
- Dockerfile.wg-gateway: wireguard-tools → openvpn
- wg-gateway-start.sh: wg-quick → openvpn daemon, wait for tun0, NAT via tun0
- Secrets: protonvpn_wg → protonvpn_ovpn + protonvpn_auth
- Add route-setup.sh: split-tunnel wrapper for ak47/bm12 (RFC1918 via
overlay, internet via VPN gateway)
- Fix ak47/bm12 environment sections: YAML merge replaces lists, so
postgres credentials were missing after adding SCAN_GATEWAY_HOST
- Add .claude/commands/borodino.md skill for C2 stack operations
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
A .claude/commands/borodino.md
M borodino/Dockerfile.borodino
A borodino/Dockerfile.wg-gateway
A borodino/route-setup.sh
A borodino/wg-gateway-start.sh
M stack/40-service-borodino.yml
```
### Diff Summary
```
.claude/commands/borodino.md | 156 +++++++++++++++++++++++++++++++++++++++++
borodino/Dockerfile.borodino | 2 +
borodino/Dockerfile.wg-gateway | 16 +++++
borodino/route-setup.sh | 37 ++++++++++
borodino/wg-gateway-start.sh | 67 ++++++++++++++++++
stack/40-service-borodino.yml | 75 +++++++++++++++++++-
6 files changed, 351 insertions(+), 2 deletions(-)
```

106
content/posts/commits/2026-03-30-commit-9eb4c92.md Normal file
View File

@@ -0,0 +1,106 @@
---
title: "[bojemoi] feat(c2): multi-redirector infrastructure + split borodino images"
date: 2026-03-30T16:51:02+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 9eb4c92 par Betty dans bojemoi"
author: "Betty"
---
## Commit `9eb4c92`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `9eb4c9236b88b18f05b572b6459a3b331190a5ab` |
### Description
C2 redirector infrastructure:
- redirector/: nginx GeoIP2 container (debian:bookworm-slim) proxying to bojemoi.me:8443
- scripts/c2-vpn-init-pki.sh: EasyRSA PKI init (CA + server cert + lab-manager client)
- scripts/provision-redirector.sh: Fly.io redirector provisioning
- scripts/c2-manage.sh: start/stop/list/delete management script
- cloud-init/redirector-template.yaml: VPS cloud-init template
Architecture: Implants → Redirectors → bojemoi.me:8443 → VPN → 192.168.1.x:4444
Borodino image split:
- Dockerfile.borodino: lightweight Alpine (ak47 + bm12, ~150 MB, no MSF)
- Dockerfile.borodino-msf: full Ruby+MSF image (uzi + msf-teamserver, ~4 GB)
- start_msf_server.sh: msfrpcd teamserver on 0.0.0.0:55553 (shared by all uzi workers)
- start_uzi.sh: MSF_HOST support (local vs remote teamserver)
- thearm_uzi: _pick_redirector() reads C2_REDIRECTORS env, MSF_HOST configurable
Stack borodino:
- New msf-teamserver service (1 replica worker, borodino-msf image)
- uzi-service: MSF_HOST=msf-teamserver, C2_REDIRECTORS=37.16.12.4
- ak47/bm12: now use lightweight borodino image
Remove discovery service (breachforum scraper deprecated)
volumes/c2-vpn/.gitignore: exclude PKI keys/certs from git
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/Dockerfile.borodino
A borodino/Dockerfile.borodino-msf
A borodino/start_msf_server.sh
M borodino/start_uzi.sh
M borodino/thearm_uzi
A cloud-init/redirector-template.yaml
D discovery/Dockerfile
D discovery/breachforum_discovery_api.py
D discovery/breachforum_onion_discovery.py
D discovery/entrypoint.sh
A redirector/Dockerfile
A redirector/c2-proxy.conf
A redirector/nginx.conf
D scripts/Dockerfile.discovery
D scripts/breachforum_discovery_api.py
D scripts/breachforum_onion_discovery.py
A scripts/c2-manage.sh
A scripts/c2-vpn-init-pki.sh
D scripts/docker-compose.discovery.yml
A scripts/provision-redirector.sh
M stack/40-service-borodino.yml
D stack/66-service-discovery.yml
A volumes/c2-vpn/.gitignore
A volumes/c2-vpn/README.md
```
### Diff Summary
```
borodino/Dockerfile.borodino | 62 +---
borodino/Dockerfile.borodino-msf | 58 ++++
borodino/start_msf_server.sh | 51 +++
borodino/start_uzi.sh | 68 ++--
borodino/thearm_uzi | 84 ++++-
cloud-init/redirector-template.yaml | 317 ++++++++++++++++++
discovery/Dockerfile | 35 --
discovery/breachforum_discovery_api.py | 259 ---------------
discovery/breachforum_onion_discovery.py | 529 -------------------------------
discovery/entrypoint.sh | 33 --
redirector/Dockerfile | 33 ++
redirector/c2-proxy.conf | 39 +++
redirector/nginx.conf | 43 +++
scripts/Dockerfile.discovery | 34 --
scripts/breachforum_discovery_api.py | 259 ---------------
scripts/breachforum_onion_discovery.py | 421 ------------------------
scripts/c2-manage.sh | 415 ++++++++++++++++++++++++
scripts/c2-vpn-init-pki.sh | 255 +++++++++++++++
scripts/docker-compose.discovery.yml | 99 ------
scripts/provision-redirector.sh | 91 ++++++
stack/40-service-borodino.yml | 76 ++++-
stack/66-service-discovery.yml | 73 -----
volumes/c2-vpn/.gitignore | 6 +
volumes/c2-vpn/README.md | 46 +++
24 files changed, 1559 insertions(+), 1827 deletions(-)
```

48
content/posts/commits/2026-03-30-commit-dc4caca.md Normal file
View File

@@ -0,0 +1,48 @@
---
title: "[bojemoi] feat(ak47): nmap local + msfrpc import via msf-teamserver (Option B)"
date: 2026-03-30T22:05:23+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit dc4caca par Betty dans bojemoi"
author: "Betty"
---
## Commit `dc4caca`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `dc4caca53147c67b9895a9badf7dcd262229b306` |
### Description
Replace msfconsole db_nmap with split approach:
- nmap -oX scan on ak47 (via ProtonVPN, no MSF required)
- msf_import.py: import XML via db.import_data msfrpc call
- Skip import if no hosts up (avoids RPC overhead for empty scans)
- Add msgpack to borodino:latest pip deps
- Add iproute2 + route-setup.sh to borodino-msf for uzi VPN routing
- Add MSF_HOST/MSF_PORT env vars to ak47-service
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/Dockerfile.borodino
A borodino/msf_import.py
M stack/40-service-borodino.yml
```
### Diff Summary
```
borodino/Dockerfile.borodino | 7 +++--
borodino/msf_import.py | 69 +++++++++++++++++++++++++++++++++++++++++++
stack/40-service-borodino.yml | 2 ++
3 files changed, 75 insertions(+), 3 deletions(-)
```

47
content/posts/commits/2026-03-30-commit-ea02190.md Normal file
View File

@@ -0,0 +1,47 @@
---
title: "[bojemoi] feat(uzi): route exploit traffic via ProtonVPN gateway"
date: 2026-03-30T21:37:22+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit ea02190 par Betty dans bojemoi"
author: "Betty"
---
## Commit `ea02190`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `ea02190a0546a0295e329eb710256cc0f3030ddb` |
### Description
Add VPN routing to uzi-service (same pattern as ak47/bm12):
- Dockerfile.borodino-msf: add iproute2 + route-setup.sh
- uzi-service: add scan_net network, NET_ADMIN cap, SCAN_GATEWAY_HOST
- command: route-setup.sh wrapper before start_uzi.sh
Exploit delivery traffic now exits via ProtonVPN (149.102.244.100),
masking worker node IPs. C2 sessions (inbound to msf-teamserver) are
unaffected (RFC1918 routes preserved via overlay gateway).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/Dockerfile.borodino-msf
M stack/40-service-borodino.yml
```
### Diff Summary
```
borodino/Dockerfile.borodino-msf | 3 ++-
stack/40-service-borodino.yml | 9 ++++++++-
2 files changed, 10 insertions(+), 2 deletions(-)
```

40
content/posts/commits/2026-03-31-commit-4c71a4d.md Normal file
View File

@@ -0,0 +1,40 @@
---
title: "[bojemoi] feat(nuclei-api): route scans via ProtonVPN (wg-gateway)"
date: 2026-03-31T21:04:31+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 4c71a4d par Betty dans bojemoi"
author: "Betty"
---
## Commit `4c71a4d`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `4c71a4d3b9a32e326635d57f8435ef4b773b1f76` |
### Description
Add scan_net + NET_ADMIN to nuclei-api. Run apk/pip/nuclei-update
first (default route), then configure routing via wg-gateway before
starting uvicorn. Use $$ escaping for shell vars in Docker stack YAML.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M stack/40-service-borodino.yml
```
### Diff Summary
```
stack/40-service-borodino.yml | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
```

77
content/posts/commits/2026-03-31-commit-b5b5641.md Normal file
View File

@@ -0,0 +1,77 @@
---
title: "[bojemoi] feat(nuclei): Redis queue pipeline + dedicated Faraday workspaces + Redis Commander"
date: 2026-03-31T20:36:25+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit b5b5641 par Betty dans bojemoi"
author: "Betty"
---
## Commit `b5b5641`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `b5b56414da22c77a1827f2b4591659727d4e3c44` |
### Description
- thearm_bm12: LPUSH pentest:nuclei_queue after bm12_v3 classification (event-driven)
- thearm_nuclei: replace DB polling with BRPOP (0 CPU idle) + 30s backfill fallback
- thearm_logpull: pull nginx logs from Fly.io redirectors + Lightsail → redirector_hits
- redirector/nginx.conf: real IP via fly-client-ip header, log to stdout
- redirector/entrypoint.sh: symlink nginx logs to stdout/stderr
- Dockerfile.borodino: add redis + openssh-client, include thearm_nuclei/logpull
- nuclei_api/main.py: push findings to Faraday after scan
- plugin_nuclei.py: add push_to_faraday() helper
- stack/40-service-borodino.yml:
- nuclei-worker: BRPOP mode, REDIS_HOST/PORT, dedicated workspace=nuclei
- nuclei-api: workspace=nuclei, FARADAY_URL=http://faraday:5985
- zap-scanner: workspace=zap
- uzi-service: workspace=uzi
- logpull service: nginx log pull worker (manager placement)
- redis-commander: web UI at redis.bojemoi.lab
- Remove Burp Suite plugin + stack export (replaced by Nuclei)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/Dockerfile.borodino
A borodino/redirector/Dockerfile
A borodino/redirector/entrypoint.sh
A borodino/redirector/nginx.conf
M borodino/thearm_bm12
A borodino/thearm_logpull
A borodino/thearm_nuclei
M samsonov/nuclei_api/main.py
D samsonov/pentest_orchestrator/plugins/plugin_burp.py
M samsonov/pentest_orchestrator/plugins/plugin_nuclei.py
D scripts/gameover.sh
D scripts/stack_burp.export
M stack/40-service-borodino.yml
```
### Diff Summary
```
borodino/Dockerfile.borodino | 6 +-
borodino/redirector/Dockerfile | 18 +
borodino/redirector/entrypoint.sh | 77 ++++
borodino/redirector/nginx.conf | 63 ++++
borodino/thearm_bm12 | 23 +-
borodino/thearm_logpull | 212 +++++++++++
borodino/thearm_nuclei | 410 +++++++++++++++++++++
samsonov/nuclei_api/main.py | 116 +++++-
.../pentest_orchestrator/plugins/plugin_burp.py | 326 ----------------
.../pentest_orchestrator/plugins/plugin_nuclei.py | 28 ++
scripts/gameover.sh | 18 -
scripts/stack_burp.export | 57 ---
stack/40-service-borodino.yml | 139 ++++++-
13 files changed, 1082 insertions(+), 411 deletions(-)
```

85
content/posts/commits/2026-04-03-commit-f6b4ac5.md Normal file
View File

@@ -0,0 +1,85 @@
---
title: "[bojemoi] feat: Ollama/Mistral local inference + remove Burp Suite + C2 listener auto-start"
date: 2026-04-03T16:11:02+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit f6b4ac5 par Betty dans bojemoi"
author: "Betty"
---
## Commit `f6b4ac5`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `f6b4ac5822c8eb8186be28a2bc30af8d332757db` |
### Description
Ollama/Mistral migration (ml-threat):
- Add 51-service-ollama.yml: Ollama GPU stack on meta-68 (T400), OLLAMA_LOAD_TIMEOUT=300
- Replace Anthropic API with Ollama OpenAI-compatible endpoint in 45-service-ml-threat-intel.yml
- Remove anthropic_api_key secret, add OLLAMA_BASE_URL env var
Remove Burp Suite integration:
- Drop plugin_burp from pentest orchestrator, commands, wiki, test scripts
- Remove burp config block from config.json
MSF teamserver:
- Auto-start C2 multi/handler (windows/x64/meterpreter/reverse_https) on startup
- Support C2_REDIRECTORS env for OverrideLHOST/LPORT
ak47: switch from msfconsole db_nmap to local nmap + msf_import.pyc
ZAP scanner:
- Replace token auth with basic auth (FARADAY_USER/FARADAY_PASSWORD)
- Add faraday_get_or_create_host() for v3 API compliance
- Skip active scan when spider finds 0 URLs (host unreachable)
- Fix CIDR mask in build_url() and Faraday host IP
provision-redirector.sh: embed VPN config + MSF target as Fly secrets
Prometheus: update basicauth hash
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M .claude/commands/pentest.md
M borodino/start_msf_server.sh
M borodino/thearm_ak47
M oblast-1/zap_scanner.py
M samsonov/pentest_orchestrator/config/config.json
M samsonov/pentest_orchestrator/main.py
M scripts/provision-redirector.sh
M scripts/test_wget.sh
M stack/01-service-hl.yml
M stack/45-service-ml-threat-intel.yml
A stack/51-service-ollama.yml
M stack/READ.me
M wiki/Pentest-Orchestrator.md
```
### Diff Summary
```
.claude/commands/pentest.md | 2 +-
borodino/start_msf_server.sh | 25 +++++++-
borodino/thearm_ak47 | 7 +-
oblast-1/zap_scanner.py | 81 +++++++++++++++++++-----
samsonov/pentest_orchestrator/config/config.json | 7 +-
samsonov/pentest_orchestrator/main.py | 4 +-
scripts/provision-redirector.sh | 27 +++++++-
scripts/test_wget.sh | 2 -
stack/01-service-hl.yml | 5 +-
stack/45-service-ml-threat-intel.yml | 5 +-
stack/51-service-ollama.yml | 51 +++++++++++++++
stack/READ.me | 2 +-
wiki/Pentest-Orchestrator.md | 1 -
13 files changed, 179 insertions(+), 40 deletions(-)
```

77
content/posts/commits/2026-04-04-commit-fb7c5ff.md Normal file
View File

@@ -0,0 +1,77 @@
---
title: "[bojemoi] feat: Ollama AI template gen, C2 proxy_proto, ZAP throttle, vulnx removal"
date: 2026-04-04T00:23:54+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit fb7c5ff par Betty dans bojemoi"
author: "Betty"
---
## Commit `fb7c5ff`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `fb7c5ffb383f76bef73929f3d716a83cbf252e23` |
### Description
Ollama × Nuclei AI (option 1):
- nuclei_ai.py: NucleiAI class with suggest_tags(), analyze_findings(),
generate_templates() (up to 2 custom YAML templates per scan context)
- main.py: scan_details field in ScanRequest, AI template pre-scan pass,
merge results, pyyaml added to pip install
- thearm_nuclei: enrich_tags() via Ollama, submit_scan() passes scan_details
- 51-service-ollama.yml: placement via node.labels.nvidia.vgpu instead of hostname
C2 redirector Proxy Protocol (real client IPs in redirector_hits):
- nginx.conf: listen 443 ssl proxy_protocol, log $proxy_protocol_addr
- provision-redirector.sh: --port 443:443/tcp:proxy_proto
- thearm_logpull: FLY_API_TOKEN env var (fix broken --access-token flag),
level_re parser (fix rfind(']') bug finding wrong bracket)
ZAP/Faraday CPU fix (periodic 100% CPU on meta-69):
- zap_scanner.py: time.sleep(0.15) throttle between Faraday POSTs
- ZAP_CONCURRENCY 3→1, resource limits on zaproxy (2CPU/4G),
zap-scanner (0.5CPU/256M), faraday (1.5CPU/2G)
Housekeeping:
- startover.sh: force-restart nuclei-api after borodino deploy
- Remove vulnx service (orphaned, superseded by nuclei)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/redirector/nginx.conf
M borodino/thearm_logpull
M borodino/thearm_nuclei
M oblast-1/zap_scanner.py
M samsonov/nuclei_api/main.py
A samsonov/nuclei_api/nuclei_ai.py
M scripts/provision-redirector.sh
M scripts/startover.sh
M stack/40-service-borodino.yml
M stack/51-service-ollama.yml
```
### Diff Summary
```
borodino/redirector/nginx.conf | 12 +-
borodino/thearm_logpull | 24 ++--
borodino/thearm_nuclei | 82 ++++++++++-
oblast-1/zap_scanner.py | 1 +
samsonov/nuclei_api/main.py | 52 ++++++-
samsonov/nuclei_api/nuclei_ai.py | 298 +++++++++++++++++++++++++++++++++++++++
scripts/provision-redirector.sh | 2 +-
scripts/startover.sh | 6 +
stack/40-service-borodino.yml | 79 ++++-------
stack/51-service-ollama.yml | 4 +-
10 files changed, 482 insertions(+), 78 deletions(-)
```

59
content/posts/commits/2026-04-05-commit-002f809.md Normal file
View File

@@ -0,0 +1,59 @@
---
title: "[bojemoi] feat: uzi_scan_log + zap severity breakdown + nuclei [][]fix + eve-cleaner merge"
date: 2026-04-05T00:12:44+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 002f809 par Betty dans bojemoi"
author: "Betty"
---
## Commit `002f809`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `002f809c64fe9361aa36bf46aea23b5e6fe9bf01` |
### Description
- borodino/thearm_uzi: add ensure_uzi_scan_log()/mark_uzi_result(), dedup via
NOT IN uzi_scan_log, faraday_ok tracking, PG vars fix (YAML merge caveat)
- oblast-1/zap_scanner.py: add critical/high/medium/low/info columns + faraday_ok
to zap_scan_log, severity_breakdown(), faraday_post_vulns() returns int
- samsonov/nuclei_api/main.py: fix [][]bug (skip empty array lines on AI append),
validate JSON in JSONL counter, ai_analysis stored in Redis
- stack/01-suricata-host.yml: merge dozor eve-cleaner into single service
- stack/40-service-borodino.yml: add PG vars to uzi-service (YAML merge fix)
- stack/48-service-dozor.yml: remove eve-cleaner (merged into suricata stack)
- stack/51-service-ollama.yml: minor update
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/thearm_uzi
M oblast-1/zap_scanner.py
M samsonov/nuclei_api/main.py
M stack/01-suricata-host.yml
M stack/40-service-borodino.yml
M stack/48-service-dozor.yml
M stack/51-service-ollama.yml
```
### Diff Summary
```
borodino/thearm_uzi | 114 ++++++++++++++++++++++++++++++++++++----
oblast-1/zap_scanner.py | 117 ++++++++++++++++++++++++++++++++++++------
samsonov/nuclei_api/main.py | 61 +++++++++++++++++++---
stack/01-suricata-host.yml | 21 ++++++--
stack/40-service-borodino.yml | 5 ++
stack/48-service-dozor.yml | 33 ------------
stack/51-service-ollama.yml | 2 +-
7 files changed, 282 insertions(+), 71 deletions(-)
```

61
content/posts/commits/2026-04-05-commit-24c1a17.md Normal file
View File

@@ -0,0 +1,61 @@
---
title: "[bojemoi] feat(grafana): dashboards bind mount + scan-results dashboard + config swap fix"
date: 2026-04-05T00:48:14+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 24c1a17 par Betty dans bojemoi"
author: "Betty"
---
## Commit `24c1a17`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `24c1a17329f8046482acedb7cf6b714be7253f20` |
### Description
- stack/01-service-hl.yml:
- Grafana: bind mount /opt/bojemoi/volumes/grafana/dashboards → /var/lib/grafana/dashboards
- Grafana: rename Docker configs (grafana-datasources_v2, grafana-dashboards-provider_v2)
to fix immutability error + correct the datasource/dashboard config swap
- Loki: publish port 3100 on host (mode: host) for redirector log drain via VPN
- volumes/grafana/provisioning/dashboards/dashboards.yml:
- Cleaned (removed embedded K8s ConfigMap garbage)
- 3 providers: Pentest, Security, Attack Heatmap
- volumes/grafana/provisioning/datasources/datasources.yml:
- Added PostgreSQL-MSF datasource (postgres:5432/msf) for scan log queries
- volumes/grafana/dashboards/pentest/scan-results.json (NEW):
- Dashboard with 3 sections: Nuclei / ZAP / UZI
- Stats: total scans, findings/alerts, critical/high, faraday_ok
- Tables: top vulns per tool
- Pie charts: status breakdown
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M stack/01-service-hl.yml
A volumes/grafana/dashboards/pentest/scan-results.json
M volumes/grafana/provisioning/dashboards/dashboards.yml
M volumes/grafana/provisioning/datasources/datasources.yml
```
### Diff Summary
```
stack/01-service-hl.yml | 20 +-
.../grafana/dashboards/pentest/scan-results.json | 202 +++++
.../grafana/provisioning/dashboards/dashboards.yml | 838 +--------------------
.../provisioning/datasources/datasources.yml | 18 +
4 files changed, 249 insertions(+), 829 deletions(-)
```

84
content/posts/commits/2026-04-05-commit-440a412.md Normal file
View File

@@ -0,0 +1,84 @@
---
title: "[bojemoi] feat: make project distributable — templatize stacks + install wizard"
date: 2026-04-05T22:08:33+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 440a412 par Betty dans bojemoi"
author: "Betty"
---
## Commit `440a412`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `440a4121d9e4b987ff859b4649c06ec9b63dbbd3` |
### Description
- Add .env.example with 70+ documented variables (passwords, domains, IPs, paths)
- Add install.sh: interactive wizard → generates .env → deploys stacks
- Add scripts/create-secrets.sh: creates all Docker Swarm secrets interactively
- Rewrite README.md: quickstart, architecture diagram, stack reference, ops guide
- Templatize all 16 stack files: replace hardcoded values with ${VAR} references
- localhost:5000 → ${IMAGE_REGISTRY}
- bojemoi.lab → ${LAB_DOMAIN}
- /opt/bojemoi → ${BOJEMOI_BASE_PATH}
- passwords (bojemoi, bojemoi2, totototo) → ${POSTGRES_PASSWORD}, ${FARADAY_PASSWORD}, etc.
- IPs, node hostnames, Telegram chat ID, C2 redirectors → env vars
- Update .gitignore: add .env.local, .env.*.local
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
A .env.example
M .gitignore
M README.md
A install.sh
A scripts/create-secrets.sh
M stack/01-service-hl.yml
M stack/01-suricata-host.yml
M stack/40-service-borodino.yml
M stack/45-service-ml-threat-intel.yml
M stack/46-service-razvedka.yml
M stack/47-service-vigie.yml
M stack/48-service-dozor.yml
M stack/49-service-mcp.yml
M stack/50-service-trivy.yml
M stack/51-service-ollama.yml
M stack/55-service-sentinel.yml
M stack/56-service-dvar.yml
M stack/60-service-telegram.yml
M stack/65-service-medved.yml
```
### Diff Summary
```
.env.example | 224 +++++++++++++++++++
.gitignore | 2 +
README.md | 225 +++++++++++++++----
install.sh | 415 +++++++++++++++++++++++++++++++++++
scripts/create-secrets.sh | 212 ++++++++++++++++++
stack/01-service-hl.yml | 200 ++++++++---------
stack/01-suricata-host.yml | 18 +-
stack/40-service-borodino.yml | 136 ++++++------
stack/45-service-ml-threat-intel.yml | 8 +-
stack/46-service-razvedka.yml | 4 +-
stack/47-service-vigie.yml | 4 +-
stack/48-service-dozor.yml | 6 +-
stack/49-service-mcp.yml | 2 +-
stack/50-service-trivy.yml | 2 +-
stack/51-service-ollama.yml | 40 +++-
stack/55-service-sentinel.yml | 4 +-
stack/56-service-dvar.yml | 4 +-
stack/60-service-telegram.yml | 4 +-
stack/65-service-medved.yml | 2 +-
19 files changed, 1280 insertions(+), 232 deletions(-)
```

51
content/posts/commits/2026-04-05-commit-454674c.md Normal file
View File

@@ -0,0 +1,51 @@
---
title: "[bojemoi] feat(redirector): Loki log drain via VPN"
date: 2026-04-05T00:34:18+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 454674c par Betty dans bojemoi"
author: "Betty"
---
## Commit `454674c`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `454674c1bdfe9f430e84739cd50ef00fe4e3a8bf` |
### Description
- Publish Loki port 3100 on manager host (mode: host)
- Add loki-shipper.py: tails nginx access.log, batches to Loki every 5s
- Dockerfile: add python3 + loki-shipper.py
- entrypoint.sh: real log files (not stdout symlink) + tail for fly logs
+ start shipper after VPN tunnel is up
- Fly.io machine updated: REDIRECTOR_NAME=redirector-1, LOKI_URL set
Labels: job=nginx-redirector, app=redirector-1, region=cdg
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/redirector/Dockerfile
M borodino/redirector/entrypoint.sh
A borodino/redirector/loki-shipper.py
M stack/01-service-hl.yml
```
### Diff Summary
```
borodino/redirector/Dockerfile | 2 +
borodino/redirector/entrypoint.sh | 13 +++++--
borodino/redirector/loki-shipper.py | 73 +++++++++++++++++++++++++++++++++++++
stack/01-service-hl.yml | 6 ++-
4 files changed, 90 insertions(+), 4 deletions(-)
```

120
content/posts/commits/2026-04-09-commit-0699664.md Normal file
View File

@@ -0,0 +1,120 @@
---
title: "[bojemoi] feat: multi-service updates — nuclei API, nym-proxy, grafana reorg, prometheus rules"
date: 2026-04-09T21:55:44+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 0699664 par Betty dans bojemoi"
author: "Betty"
---
## Commit `0699664`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `06996646ee1025939b579d5e88de77c06bc310e1` |
### Description
Services:
- samsonov/nuclei_api: new Dockerfile + entrypoint; main.py updates
- samsonov: add Dockerfile.nuclei
- nym-proxy: new service (Dockerfile + entrypoint)
- stack: add 02-service-maintenance.yml, 41-service-nym.yml
- oblast-1: Dockerfile + zap_scanner.py updates
- tsushima: masscan_msf_script.py updates
- borodino: osint_lookup.py updates; thearm_ak47/bm12/logpull/nuclei refinements
- scripts/cccp.sh: orchestration improvements
Grafana / monitoring:
- dashboards/security/: reorganize sentinel + vigie + security-minimal into subdir
- dashboards/general/: add loki-stack-monitoring + nvidia-dcgm dashboards
- dashboards/pentest/: update pentest-overview + scan-results; add vuln-management
- provisioning/dashboards.yml: reflect new layout
- prometheus.yml + alert_rules.yml + alerts.yml: rule updates
- alloy/config.alloy: minor update
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/osint_lookup.py
M borodino/thearm_ak47
M borodino/thearm_bm12
M borodino/thearm_logpull
M borodino/thearm_nuclei
A nym-proxy/Dockerfile
A nym-proxy/entrypoint.sh
M oblast-1/Dockerfile.oblast-1
M oblast-1/zap_scanner.py
A samsonov/Dockerfile.nuclei
A samsonov/nuclei_api/Dockerfile
A samsonov/nuclei_api/entrypoint.sh
M samsonov/nuclei_api/main.py
A samsonov/nuclei_api/requirements.txt
M scripts/cccp.sh
A stack/02-service-maintenance.yml
A stack/41-service-nym.yml
M tsushima/masscan_msf_script.py
M volumes/alloy/config/config.alloy
D volumes/grafana/dashboards/dashboard-security-minimal.json
A volumes/grafana/dashboards/general/loki-stack-monitoring.json
A volumes/grafana/dashboards/general/nvidia-dcgm.json
M volumes/grafana/dashboards/pentest/pentest-overview.json
M volumes/grafana/dashboards/pentest/scan-results.json
A volumes/grafana/dashboards/pentest/vuln-management.json
A volumes/grafana/dashboards/security/dashboard-security-minimal.json
A volumes/grafana/dashboards/security/sentinel.json
A volumes/grafana/dashboards/security/vigie.json
D volumes/grafana/dashboards/sentinel.json
D volumes/grafana/dashboards/vigie.json
M volumes/grafana/provisioning/dashboards/dashboards.yml
M volumes/prometheus/prometheus.yml
M volumes/prometheus/rules/alert_rules.yml
M volumes/prometheus/rules/alerts.yml
```
### Diff Summary
```
borodino/osint_lookup.py | 23 +-
borodino/thearm_ak47 | 3 +-
borodino/thearm_bm12 | 19 +-
borodino/thearm_logpull | 19 +-
borodino/thearm_nuclei | 19 +-
nym-proxy/Dockerfile | 19 +
nym-proxy/entrypoint.sh | 24 +
oblast-1/Dockerfile.oblast-1 | 10 +-
oblast-1/zap_scanner.py | 26 +-
samsonov/Dockerfile.nuclei | 1 +
samsonov/nuclei_api/Dockerfile | 24 +
samsonov/nuclei_api/entrypoint.sh | 28 +
samsonov/nuclei_api/main.py | 34 +-
samsonov/nuclei_api/requirements.txt | 6 +
scripts/cccp.sh | 474 +++++----
stack/02-service-maintenance.yml | 31 +
stack/41-service-nym.yml | 67 ++
tsushima/masscan_msf_script.py | 26 +-
volumes/alloy/config/config.alloy | 2 +-
.../dashboards/dashboard-security-minimal.json | 35 -
.../dashboards/general/loki-stack-monitoring.json | 239 +++++
.../grafana/dashboards/general/nvidia-dcgm.json | 804 ++++++++++++++
.../dashboards/pentest/pentest-overview.json | 187 +++-
.../grafana/dashboards/pentest/scan-results.json | 1112 +++++++++++++++++---
.../dashboards/pentest/vuln-management.json | 766 ++++++++++++++
.../security/dashboard-security-minimal.json | 35 +
volumes/grafana/dashboards/security/sentinel.json | 235 +++++
volumes/grafana/dashboards/security/vigie.json | 146 +++
volumes/grafana/dashboards/sentinel.json | 235 -----
volumes/grafana/dashboards/vigie.json | 146 ---
.../grafana/provisioning/dashboards/dashboards.yml | 12 +-
volumes/prometheus/prometheus.yml | 17 +
volumes/prometheus/rules/alert_rules.yml | 15 +-
volumes/prometheus/rules/alerts.yml | 28 +-
34 files changed, 3977 insertions(+), 890 deletions(-)
```

51
content/posts/commits/2026-04-09-commit-0e0519a.md Normal file
View File

@@ -0,0 +1,51 @@
---
title: "[bojemoi] feat(uzi): brute-force credentials Phase 0 sur 15 services"
date: 2026-04-09T16:22:46+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 0e0519a par Betty dans bojemoi"
author: "Betty"
---
## Commit `0e0519a`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `0e0519a10341ca2a19066b4ef4d5a808477f66a6` |
### Description
Remplace run_ssh_bruteforce() par une architecture générique :
- BRUTE_MODULES dict : 15 services (ssh, ftp, telnet, smb, mysql,
postgresql, mssql, vnc, snmp, imap, pop3, smtp, http/https,
tomcat, mongodb) avec module MSF, ports, wordlists et options
- run_brute_force_service() : fonction générique auxiliary MSF,
gère USER_FILE/PASS_FILE optionnels, THREADS, extra opts,
détection sessions et reporting Faraday
- run_bruteforce_phase() : Phase 0 orchestre tous les services
détectés, déduplique par module, respecte attack_surface_key
(ex: tomcat uniquement si bm12 l'a confirmé)
- Toutes les wordlists configurables via env vars (surchargeables
dans le stack sans rebuild)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/thearm_uzi
M stack/40-service-borodino.yml
```
### Diff Summary
```
borodino/thearm_uzi | 303 +++++++++++++++++++++++++++++++++++++++++-
stack/40-service-borodino.yml | 143 +++++++++++++-------
2 files changed, 395 insertions(+), 51 deletions(-)
```

58
content/posts/commits/2026-04-09-commit-10af16e.md Normal file
View File

@@ -0,0 +1,58 @@
---
title: "[bojemoi] feat(redirector): OPSEC hardening — Let's Encrypt + header suppression + MSF keepalive"
date: 2026-04-09T21:55:35+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 10af16e par Betty dans bojemoi"
author: "Betty"
---
## Commit `10af16e`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `10af16e9fdf0d0548b10291c972dee0b08665722` |
### Description
- entrypoint.sh: acquire Let's Encrypt cert via acme.sh at startup (webroot
HTTP-01 on redirector-1.fly.dev); fallback self-signed uses CN=api.microsoft.com
instead of CN=localhost; register-account step to avoid invalidContact error
- nginx.conf: load headers_more module + more_clear_headers Server; add ACME
challenge location /.well-known/acme-challenge/ and /healthz on port 80
- Dockerfile: add ca-certificates, libnginx-mod-http-headers-more-filter, socat;
download acme.sh script directly (avoids silent pipe install failure)
- start_msf_server.sh: pipe stdin keepalive (tail -f /dev/null | msfconsole) to
prevent handler exit on EOF; add watchdog loop + port 4444 readiness check
- .claude/commands/opsec-check.md: new /opsec-check skill (6-phase C2 OPSEC audit)
- .claude/commands/topology.md: new /topology skill (swarm service dependency check)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
A .claude/commands/opsec-check.md
A .claude/commands/topology.md
M borodino/redirector/Dockerfile
M borodino/redirector/entrypoint.sh
M borodino/redirector/nginx.conf
M borodino/start_msf_server.sh
```
### Diff Summary
```
.claude/commands/opsec-check.md | 242 ++++++++++++++++++++++++++++++++++++++
.claude/commands/topology.md | 150 +++++++++++++++++++++++
borodino/redirector/Dockerfile | 14 ++-
borodino/redirector/entrypoint.sh | 54 +++++++--
borodino/redirector/nginx.conf | 21 +++-
borodino/start_msf_server.sh | 37 +++++-
6 files changed, 503 insertions(+), 15 deletions(-)
```

40
content/posts/commits/2026-04-09-commit-1e20eb6.md Normal file
View File

@@ -0,0 +1,40 @@
---
title: "[bojemoi] fix(security): remove postgres port 5432 from public ingress"
date: 2026-04-09T22:19:57+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 1e20eb6 par Betty dans bojemoi"
author: "Betty"
---
## Commit `1e20eb6`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `1e20eb638e74ba5a2c1e0595a5992322d141a571` |
### Description
Port 5432:5432 was published in ingress mode on base_postgres, making
PostgreSQL accessible on all Swarm node IPs. Removed — postgres is only
reachable via the backend overlay network (internal services only).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M stack/01-service-hl.yml
```
### Diff Summary
```
stack/01-service-hl.yml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
```

46
content/posts/commits/2026-04-09-commit-1f2d521.md Normal file
View File

@@ -0,0 +1,46 @@
---
title: "[bojemoi] feat(opsec-check): +3 phases — DNS empreinte, segmentation pivot, iptables"
date: 2026-04-09T22:01:00+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 1f2d521 par Betty dans bojemoi"
author: "Betty"
---
## Commit `1f2d521`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `1f2d52187073118c7ef0a4b4b84cf2449db75128` |
### Description
Phase 7 (dns): PTR inverse, crt.sh Certificate Transparency (détecter lien
cert entre C2 et labo), WHOIS privacy check
Phase 8 (segmentation): pivot latéral depuis borodino_ak47 — tente grafana,
gitea, traefik, prometheus; vérifie que postgres/redis/faraday restent joignables
Phase 9 (iptables): audit DOCKER-USER + FORWARD sur les 4 nœuds Swarm via SSH
Fix phase 3 (scan): borodino_scan_net n'est pas attachable directement —
exec depuis container ak47 existant via SSH sur le nœud worker
Fix ProtonVPN detection: accept anapaya/proton orgs (exit IP varie selon serveur)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M .claude/commands/opsec-check.md
```
### Diff Summary
```
.claude/commands/opsec-check.md | 157 +++++++++++++++++++++++++++++++++++++---
1 file changed, 146 insertions(+), 11 deletions(-)
```

49
content/posts/commits/2026-04-09-commit-7eedf64.md Normal file
View File

@@ -0,0 +1,49 @@
---
title: "[bojemoi] feat(uzi): SecLists wordlists + USERPASS_FILE support"
date: 2026-04-09T16:54:51+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 7eedf64 par Betty dans bojemoi"
author: "Betty"
---
## Commit `7eedf64`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `7eedf64729b135c3d2ee9bf087b18b3cbf801fd0` |
### Description
- SecLists cloné dans /opt/bojemoi/SecLists (gitignore, rsync vers workers)
- BRUTE_MODULES : USERPASS_FILE prioritaire (user:pass SecLists Default-Credentials)
pour ssh/ftp/telnet/mysql/postgresql/mssql/tomcat + fallback USER_FILE/PASS_FILE
- VNC/SNMP : PASS_FILE only (vnc-betterdefaultpasslist / snmp_default_pass)
- SMB/IMAP/POP3/SMTP/HTTP/MongoDB : cirt-default-usernames + 10k-most-common
- run_brute_force_service() : détecte USERPASS_FILE et set aux['USERPASS_FILE']
- Stack YAML : bind mount /opt/bojemoi/SecLists ro dans uzi
- Bind mount source corrigé en /opt/bojemoi/SecLists (sous rsync scope)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M .gitignore
M borodino/thearm_uzi
M stack/40-service-borodino.yml
```
### Diff Summary
```
.gitignore | 1 +
borodino/thearm_uzi | 200 ++++++++++++++++++++++++------------------
stack/40-service-borodino.yml | 78 +++++++++-------
3 files changed, 160 insertions(+), 119 deletions(-)
```

43
content/posts/commits/2026-04-09-commit-e2761e1.md Normal file
View File

@@ -0,0 +1,43 @@
---
title: "[bojemoi_boot] fix(security): remove dnsmasq webproc port 8080 from public ingress"
date: 2026-04-09T22:29:01+02:00
draft: false
tags: ["commit", "bojemoi_boot", "main"]
categories: ["Git Activity"]
summary: "Commit e2761e1 par Betty dans bojemoi_boot"
author: "Betty"
---
## Commit `e2761e1`
| | |
|---|---|
| **Repository** | bojemoi_boot |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `e2761e17dbeb6ea4e6344ca349d4c3fd4fde1b0b` |
### Description
Port 8080 (webproc admin UI) was published directly, accessible from any
container on the backend/overlay networks. A compromised container could
rewrite dnsmasq config to redirect internal domains.
Admin UI remains accessible via Traefik at dnsmasq.bojemoi.lab (HTTPS).
Port 53 (DNS resolution) unchanged.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M stack/01-boot-service.yml
```
### Diff Summary
```
stack/01-boot-service.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
```

97
content/posts/commits/2026-04-15-commit-4fa26f4.md Normal file
View File

@@ -0,0 +1,97 @@
---
title: "[bojemoi] feat(vuln-mgmt): migrate Faraday CE → DefectDojo"
date: 2026-04-15T23:00:02+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 4fa26f4 par Betty dans bojemoi"
author: "Betty"
---
## Commit `4fa26f4`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `4fa26f4a4ccf477472a6642963dcd9578daf9b83` |
### Description
Replace Faraday CE with DefectDojo across the full stack:
- stack/70-service-defectdojo.yml: new stack (nginx+uwsgi+celery+initializer+triage)
- mcp-server/tools/defectdojo.py: DefectDojo API v2 client (list_products, get_findings, add_finding)
- medved/honeypot/defectdojo_reporter.py: token-based reporter, idempotent DB column migration
- faraday-triage/triage.py: rewrite to use REST API instead of direct PostgreSQL access
- borodino, nuclei-api, zap-scanner: FARADAY_* → DEFECTDOJO_* env vars + dojo_api_token secret
- nginx: faraday.conf → defectdojo.conf, upstream faraday → defectdojo
- prometheus: FaradayDown → DefectDojoDown, faraday_vulnerabilities → triage_findings_pending
Fixes: NYM_PROXY :+ interpolation, postgres role password sync, uwsgi DNS alias,
node.labels.defectdojo=true on meta-68, old honeypot stack removal.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
A faraday-triage/Dockerfile
A faraday-triage/requirements.txt
A faraday-triage/triage.py
M mcp-server/server.py
A mcp-server/tools/defectdojo.py
D mcp-server/tools/faraday.py
M medved/honeypot/config.py
M medved/honeypot/db.py
A medved/honeypot/defectdojo_reporter.py
D medved/honeypot/faraday_reporter.py
M medved/honeypot/main.py
M medved/honeypot/metrics.py
M oblast-1/zap_scanner.py
M samsonov/nuclei_api/main.py
D samsonov/pentest_orchestrator/plugins/plugin_faraday.py
M stack/40-service-borodino.yml
M stack/49-service-mcp.yml
M stack/65-service-medved.yml
A stack/70-service-defectdojo.yml
M volumes/nginx/conf.d/default.conf
A volumes/nginx/conf.d/sites/defectdojo.conf
D volumes/nginx/conf.d/sites/faraday.conf
M volumes/nginx/conf.d/upstreams/upstreams.conf
M volumes/prometheus/rules/alert_rules.yml
M volumes/prometheus/rules/alerts.yml
```
### Diff Summary
```
faraday-triage/Dockerfile | 10 +
faraday-triage/requirements.txt | 3 +
faraday-triage/triage.py | 354 ++++++++++++++
mcp-server/server.py | 49 +-
mcp-server/tools/defectdojo.py | 190 ++++++++
mcp-server/tools/faraday.py | 126 -----
medved/honeypot/config.py | 16 +-
medved/honeypot/db.py | 29 +-
medved/honeypot/defectdojo_reporter.py | 234 +++++++++
medved/honeypot/faraday_reporter.py | 200 --------
medved/honeypot/main.py | 6 +-
medved/honeypot/metrics.py | 6 +-
oblast-1/zap_scanner.py | 212 ++++++---
samsonov/nuclei_api/main.py | 212 +++++----
.../pentest_orchestrator/plugins/plugin_faraday.py | 522 ---------------------
stack/40-service-borodino.yml | 99 +---
stack/49-service-mcp.yml | 7 +-
stack/65-service-medved.yml | 14 +-
stack/70-service-defectdojo.yml | 295 ++++++++++++
volumes/nginx/conf.d/default.conf | 6 +-
volumes/nginx/conf.d/sites/defectdojo.conf | 31 ++
volumes/nginx/conf.d/sites/faraday.conf | 65 ---
volumes/nginx/conf.d/upstreams/upstreams.conf | 6 +-
volumes/prometheus/rules/alert_rules.yml | 8 +-
volumes/prometheus/rules/alerts.yml | 52 +-
25 files changed, 1502 insertions(+), 1250 deletions(-)
```

41
content/posts/commits/2026-04-16-commit-091a227.md Normal file
View File

@@ -0,0 +1,41 @@
---
title: "[bojemoi] fix(nuclei): migrate faraday_ok → dojo_imported in thearm_nuclei"
date: 2026-04-16T10:16:50+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 091a227 par Betty dans bojemoi"
author: "Betty"
---
## Commit `091a227`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `091a2271ea7dbfd11685b115c4a6e4f67a24e2fe` |
### Description
- thearm_nuclei: mark_result() uses dojo_imported (int) instead of faraday_ok (bool)
- reads dojo_imported from nuclei-api scan response (was faraday_imported)
- log message updated: faraday= → dojo=
- DB migration applied: nuclei_scan_log.faraday_ok BOOLEAN → dojo_imported INTEGER
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/thearm_nuclei
```
### Diff Summary
```
borodino/thearm_nuclei | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
```

42
content/posts/commits/2026-04-16-commit-37b5b4b.md Normal file
View File

@@ -0,0 +1,42 @@
---
title: "[bojemoi] feat(triage): enable dojo-triage agent (DRY_RUN=false)"
date: 2026-04-16T17:36:14+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 37b5b4b par Betty dans bojemoi"
author: "Betty"
---
## Commit `37b5b4b`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `37b5b4bd32050b4036029d51e0ac415cb475f8bd` |
### Description
Triage agent now applies decisions on DefectDojo findings:
- Closes honeypot findings
- Risk-accepts: scanner noise (User Agent Fuzzer, ZAP Out of Date),
header hygiene findings, Low/Info with no CVE
- Sends ambiguous cases to Mistral 7b via Ollama
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M stack/70-service-defectdojo.yml
```
### Diff Summary
```
stack/70-service-defectdojo.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
```

43
content/posts/commits/2026-04-16-commit-497faba.md Normal file
View File

@@ -0,0 +1,43 @@
---
title: "[bojemoi] fix(uzi): fix Optional import + pymetasploit3 msgpack>=1.0 compatibility"
date: 2026-04-16T14:23:16+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 497faba par Betty dans bojemoi"
author: "Betty"
---
## Commit `497faba`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `497faba5cd7be8edbde2ae3a9d176c31f261f19b` |
### Description
- Add missing `from typing import Optional` in thearm_uzi
- Patch pymetasploit3 msfrpc.py at build time: add raw=False to all
msgpack.unpackb() calls to decode bytes keys as strings (msgpack>=1.0
changed default from raw=False to raw=True, breaking auth.login check)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/Dockerfile.borodino-msf
M borodino/thearm_uzi
```
### Diff Summary
```
borodino/Dockerfile.borodino-msf | 5 ++++-
borodino/thearm_uzi | 1 +
2 files changed, 5 insertions(+), 1 deletion(-)
```

42
content/posts/commits/2026-04-16-commit-6d98c32.md Normal file
View File

@@ -0,0 +1,42 @@
---
title: "[bojemoi] fix(nuclei): add found_by + numerical_severity, fix endpoints format in DefectDojo push"
date: 2026-04-16T13:46:18+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 6d98c32 par Betty dans bojemoi"
author: "Betty"
---
## Commit `6d98c32`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `6d98c32d0d45a8671072e6c98828e1805523b52a` |
### Description
- Add _NUCLEI_NUM_SEV mapping (S0-S4)
- _dojo_get_or_create_test now returns (test_id, test_type_id, product_id)
- Add _dojo_get_or_create_endpoint helper to create proper endpoint IDs
- push_to_defectdojo: inject found_by, numerical_severity, endpoint IDs
- Remove invalid endpoints: [{"host": ip}] format (was silently rejected)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M samsonov/nuclei_api/main.py
```
### Diff Summary
```
samsonov/nuclei_api/main.py | 61 ++++++++++++++++++++++++++++++++++-----------
1 file changed, 47 insertions(+), 14 deletions(-)
```

41
content/posts/commits/2026-04-16-commit-901f0d3.md Normal file
View File

@@ -0,0 +1,41 @@
---
title: "[bojemoi] fix(zap): create proper DefectDojo endpoints with IDs instead of inline objects"
date: 2026-04-16T17:27:37+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 901f0d3 par Betty dans bojemoi"
author: "Betty"
---
## Commit `901f0d3`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `901f0d34cf4915fb56c44dfecea724682aba835d` |
### Description
- Add _dojo_product_cache and _dojo_endpoint_cache dicts
- _dojo_get_or_create_test now also stores product_id in cache
- Add _dojo_get_or_create_endpoint helper (GET or POST /api/v2/endpoints/)
- dojo_post_vulns: use endpoint ID in findings instead of {"host": ip} dict
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M oblast-1/zap_scanner.py
```
### Diff Summary
```
oblast-1/zap_scanner.py | 40 +++++++++++++++++++++++++++++++++++++---
1 file changed, 37 insertions(+), 3 deletions(-)
```

55
content/posts/commits/2026-04-16-commit-907b0c3.md Normal file
View File

@@ -0,0 +1,55 @@
---
title: "[bojemoi] fix(vuln-mgmt): wire uzi + zap → DefectDojo, fix dnsmasq"
date: 2026-04-16T10:08:37+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 907b0c3 par Betty dans bojemoi"
author: "Betty"
---
## Commit `907b0c3`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `907b0c321c47781a69d53a787b71dab77dc91c7f` |
### Description
- borodino/thearm_uzi: migrate Faraday → DefectDojo
- Read token from /run/secrets/dojo_api_token (no env vars)
- Replace faraday_get_or_create_host + faraday_report_pwn
with _dojo_get_or_create_test + dojo_report_pwn
- Auto-creates Product/Engagement/Test hierarchy on first pwn
- oblast-1/zap_scanner.py: fix required DefectDojo fields
- Add numerical_severity (S0-S4) to findings
- Add found_by (test_type_id) via _dojo_test_type_cache
- Use ZAP Scan test_type instead of Manual
- stack/70-service-defectdojo.yml: remove bad prometheus label (port 9113)
- volumes/dnsmask/01-base.conf: dojo.bojemoi.lab + defectdojo.bojemoi.lab,
remove duplicate faraday entries
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/thearm_uzi
M oblast-1/zap_scanner.py
M stack/70-service-defectdojo.yml
M volumes/dnsmask/dnsmask.d/01-base.conf
```
### Diff Summary
```
borodino/thearm_uzi | 192 +++++++++++++++++++++------------
oblast-1/zap_scanner.py | 20 +++-
stack/70-service-defectdojo.yml | 3 -
volumes/dnsmask/dnsmask.d/01-base.conf | 5 +-
4 files changed, 142 insertions(+), 78 deletions(-)
```

40
content/posts/commits/2026-04-16-commit-93d5ceb.md Normal file
View File

@@ -0,0 +1,40 @@
---
title: "[bojemoi] feat(grafana): add DefectDojo section to vuln-management dashboard"
date: 2026-04-16T10:21:05+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 93d5ceb par Betty dans bojemoi"
author: "Betty"
---
## Commit `93d5ceb`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `93d5ceb634e132427c14c83c734e727d20d3853c` |
### Description
8 new panels: pending findings by severity (Critical/High/Medium stats),
ZAP + nuclei import totals, LLM triage errors, findings timeseries.
Sources: Prometheus (triage metrics) + PostgreSQL (scan logs).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M volumes/grafana/dashboards/pentest/vuln-management.json
```
### Diff Summary
```
.../dashboards/pentest/vuln-management.json | 1197 +++++++++++++++++++-
1 file changed, 1196 insertions(+), 1 deletion(-)
```

57
content/posts/commits/2026-04-17-commit-047a7a8.md Normal file
View File

@@ -0,0 +1,57 @@
---
title: "[bojemoi] docs: update ARCHITECTURE + README, add runbook"
date: 2026-04-17T13:23:30+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 047a7a8 par Betty dans bojemoi"
author: "Betty"
---
## Commit `047a7a8`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `047a7a8b405d067390dec85e75fe966211fea33b` |
### Description
- ARCHITECTURE.md: Faraday → DefectDojo, add dojo/ptaas-init/c2-monitor stacks,
fix MCP tools (list_products/get_findings/add_finding), fix postgres dir
- README.md: Faraday → DefectDojo, fix medved description, add dojo stack
- docs/runbook/: 6 runbooks ops (protonmail, borodino, secrets, nodes, stacks, postgres-ssl)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M ARCHITECTURE.md
M README.md
A docs/runbook/README.md
A docs/runbook/borodino-rebuild.md
A docs/runbook/docker-secrets.md
A docs/runbook/node-access.md
A docs/runbook/postgres-ssl.md
A docs/runbook/protonmail-bridge.md
A docs/runbook/stack-deploy.md
```
### Diff Summary
```
ARCHITECTURE.md | 20 ++++++-----
README.md | 13 +++----
docs/runbook/README.md | 12 +++++++
docs/runbook/borodino-rebuild.md | 44 ++++++++++++++++++++++++
docs/runbook/docker-secrets.md | 54 +++++++++++++++++++++++++++++
docs/runbook/node-access.md | 49 ++++++++++++++++++++++++++
docs/runbook/postgres-ssl.md | 52 ++++++++++++++++++++++++++++
docs/runbook/protonmail-bridge.md | 69 +++++++++++++++++++++++++++++++++++++
docs/runbook/stack-deploy.md | 72 +++++++++++++++++++++++++++++++++++++++
9 files changed, 371 insertions(+), 14 deletions(-)
```

40
content/posts/commits/2026-04-17-commit-081acdb.md Normal file
View File

@@ -0,0 +1,40 @@
---
title: "[bojemoi] feat(monitoring): prometheus targets + alert rules + alloy config"
date: 2026-04-17T13:20:11+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 081acdb par Betty dans bojemoi"
author: "Betty"
---
## Commit `081acdb`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `081acdb0c6ee7a6fb2cd6569119f19627db62fb0` |
### Description
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M volumes/alloy/config/config.alloy
M volumes/prometheus/prometheus.yml
M volumes/prometheus/rules/alerts.yml
```
### Diff Summary
```
volumes/alloy/config/config.alloy | 4 ++--
volumes/prometheus/prometheus.yml | 5 +++++
volumes/prometheus/rules/alerts.yml | 21 +++++++++++++++++++++
3 files changed, 28 insertions(+), 2 deletions(-)
```

51
content/posts/commits/2026-04-17-commit-13e2bf9.md Normal file
View File

@@ -0,0 +1,51 @@
---
title: "[bojemoi] fix: borodino/nym/zap/nuclei — pending fixes"
date: 2026-04-17T13:20:04+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 13e2bf9 par Betty dans bojemoi"
author: "Betty"
---
## Commit `13e2bf9`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `13e2bf9dcf422f9eef2557f5cc3b3abfb1767952` |
### Description
- borodino: msf_server startup + uzi Optional import fix
- nym-proxy: Dockerfile update
- oblast-1: Dockerfile + zap_scanner.py DefectDojo endpoints fix
- nuclei_api: found_by + numerical_severity + endpoints format
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M borodino/start_msf_server.sh
M borodino/thearm_uzi
M nym-proxy/Dockerfile
M oblast-1/Dockerfile.oblast-1
M oblast-1/zap_scanner.py
M samsonov/nuclei_api/main.py
```
### Diff Summary
```
borodino/start_msf_server.sh | 25 +++++++++++++++++++++++--
borodino/thearm_uzi | 7 ++++++-
nym-proxy/Dockerfile | 2 +-
oblast-1/Dockerfile.oblast-1 | 2 --
oblast-1/zap_scanner.py | 8 +++++++-
samsonov/nuclei_api/main.py | 7 ++++++-
6 files changed, 43 insertions(+), 8 deletions(-)
```

44
content/posts/commits/2026-04-17-commit-1c2ee83.md Normal file
View File

@@ -0,0 +1,44 @@
---
title: "[bojemoi] feat(postgres): init SQL — create all databases on first start"
date: 2026-04-17T13:35:01+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 1c2ee83 par Betty dans bojemoi"
author: "Betty"
---
## Commit `1c2ee83`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `1c2ee83151ef77c8f92365a2b126e06a8372d4c6` |
### Description
- volumes/postgres/init/01-create-databases.sql: CREATE DATABASE for
msf, grafana, ip2location, karacho, bojemoi_threat_intel,
defectdojo, razvedka, vigie, sentinel
- stack/01-service-hl.yml: mount init SQL via Docker config
at /docker-entrypoint-initdb.d/ (executed once on empty data dir)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M stack/01-service-hl.yml
A volumes/postgres/init/01-create-databases.sql
```
### Diff Summary
```
stack/01-service-hl.yml | 7 +++
volumes/postgres/init/01-create-databases.sql | 76 +++++++++++++++++++++++++++
2 files changed, 83 insertions(+)
```

66
content/posts/commits/2026-04-17-commit-4adce3e.md Normal file
View File

@@ -0,0 +1,66 @@
---
title: "[bojemoi] feat: new components — c2-monitor, ptaas-init, postgres-ssl, RIPE import"
date: 2026-04-17T13:20:30+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 4adce3e par Betty dans bojemoi"
author: "Betty"
---
## Commit `4adce3e`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `4adce3e1621ea335306353b5fda41d5cf24274d3` |
### Description
- ARCHITECTURE.md: full architecture document
- c2-monitor/: C2 session monitoring service
- ptaas-init/: PTaaS initialization service
- borodino/Dockerfile.postgres-ssl: postgres with SSL support
- volumes/postgres/: custom entrypoint + postgresql.conf
- scripts/import_ripe_cidrs.py: RIPE CIDR import tool
- stack/02-init-ptaas.yml: PTaaS init stack
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
A ARCHITECTURE.md
A borodino/Dockerfile.postgres-ssl
A c2-monitor/Dockerfile
A c2-monitor/monitor.py
A c2-monitor/requirements.txt
A ptaas-init/Dockerfile
A ptaas-init/init.py
A ptaas-init/requirements.txt
A scripts/import_ripe_cidrs.py
A stack/02-init-ptaas.yml
A volumes/postgres/conf/pg_hba.conf
A volumes/postgres/postgres-entrypoint.sh
```
### Diff Summary
```
ARCHITECTURE.md | 319 ++++++++++++++++++++++++++++++++
borodino/Dockerfile.postgres-ssl | 6 +
c2-monitor/Dockerfile | 10 +
c2-monitor/monitor.py | 205 ++++++++++++++++++++
c2-monitor/requirements.txt | 4 +
ptaas-init/Dockerfile | 12 ++
ptaas-init/init.py | 241 ++++++++++++++++++++++++
ptaas-init/requirements.txt | 3 +
scripts/import_ripe_cidrs.py | 113 +++++++++++
stack/02-init-ptaas.yml | 64 +++++++
volumes/postgres/conf/pg_hba.conf | 22 +++
volumes/postgres/postgres-entrypoint.sh | 14 ++
12 files changed, 1013 insertions(+)
```

68
content/posts/commits/2026-04-17-commit-4e1f103.md Normal file
View File

@@ -0,0 +1,68 @@
---
title: "[bojemoi] chore: exclude postgres SSL certs + remove obsolete scripts"
date: 2026-04-17T13:19:58+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 4e1f103 par Betty dans bojemoi"
author: "Betty"
---
## Commit `4e1f103`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `4e1f103ac7d679c59333e5c470d3d40a586c5ef2` |
### Description
- .gitignore: add volumes/postgres/ssl/ (private keys)
- scripts: rm 14 obsolete files (v1 backups, .export snapshots,
Faraday migration scripts, test stubs, duplicate versions)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M .gitignore
D scripts/cccp-v2.sh
D scripts/cccp.sh.1
D scripts/check_image_v1.py
D scripts/import_2_faraday.py
D scripts/mockba-v1.sh
D scripts/orchestrator-zap-nuclei-faraday.sh
D scripts/stack_armement.export
D scripts/stack_base.export
D scripts/stack_faraday.export
D scripts/stack_masscan.export
D scripts/stack_owasp.export
D scripts/test_deploiement.sh
D scripts/test_reso.sh
D scripts/test_wget.sh
```
### Diff Summary
```
.gitignore | 1 +
scripts/cccp-v2.sh | 195 -------------
scripts/cccp.sh.1 | 138 ---------
scripts/check_image_v1.py | 451 -----------------------------
scripts/import_2_faraday.py | 118 --------
scripts/mockba-v1.sh | 114 --------
scripts/orchestrator-zap-nuclei-faraday.sh | 154 ----------
scripts/stack_armement.export | 113 --------
scripts/stack_base.export | 431 ---------------------------
scripts/stack_faraday.export | 51 ----
scripts/stack_masscan.export | 42 ---
scripts/stack_owasp.export | 66 -----
scripts/test_deploiement.sh | 10 -
scripts/test_reso.sh | 6 -
scripts/test_wget.sh | 48 ---
15 files changed, 1 insertion(+), 1937 deletions(-)
```

51
content/posts/commits/2026-04-17-commit-9e5b612.md Normal file
View File

@@ -0,0 +1,51 @@
---
title: "[bojemoi] feat(grafana): update pentest + security dashboards"
date: 2026-04-17T13:20:16+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 9e5b612 par Betty dans bojemoi"
author: "Betty"
---
## Commit `9e5b612`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `9e5b61253fc0cfcb99b714f8e0befb943bfd7d15` |
### Description
- pentest-overview: extended panels
- scan-results: refactor
- c2-sessions: new dashboard
- security: sentinel, vigie, dashboard-security-minimal updates
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
A volumes/grafana/dashboards/pentest/c2-sessions.json
M volumes/grafana/dashboards/pentest/pentest-overview.json
M volumes/grafana/dashboards/pentest/scan-results.json
M volumes/grafana/dashboards/security/dashboard-security-minimal.json
M volumes/grafana/dashboards/security/sentinel.json
M volumes/grafana/dashboards/security/vigie.json
```
### Diff Summary
```
.../grafana/dashboards/pentest/c2-sessions.json | 198 +++++
.../dashboards/pentest/pentest-overview.json | 256 +++++-
.../grafana/dashboards/pentest/scan-results.json | 966 +++++----------------
.../security/dashboard-security-minimal.json | 2 +-
volumes/grafana/dashboards/security/sentinel.json | 14 +-
volumes/grafana/dashboards/security/vigie.json | 12 +-
6 files changed, 678 insertions(+), 770 deletions(-)
```

44
content/posts/commits/2026-04-17-commit-b9abb6d.md Normal file
View File

@@ -0,0 +1,44 @@
---
title: "[bojemoi] feat(stacks): update base, borodino, nym, dozor, ollama"
date: 2026-04-17T13:20:08+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit b9abb6d par Betty dans bojemoi"
author: "Betty"
---
## Commit `b9abb6d`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `b9abb6d91f5394729b4d1ecedeb87dc234687111` |
### Description
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M stack/01-service-hl.yml
M stack/40-service-borodino.yml
M stack/41-service-nym.yml
M stack/48-service-dozor.yml
M stack/51-service-ollama.yml
```
### Diff Summary
```
stack/01-service-hl.yml | 65 ++++++++++++++++++++++++++++++++++--------
stack/40-service-borodino.yml | 66 +++++++++++++++++++++++++++++++++++++++++++
stack/41-service-nym.yml | 6 ++--
stack/48-service-dozor.yml | 3 ++
stack/51-service-ollama.yml | 3 ++
5 files changed, 129 insertions(+), 14 deletions(-)
```

36
content/posts/commits/2026-04-17-commit-cf02179.md Normal file
View File

@@ -0,0 +1,36 @@
---
title: "[bojemoi] chore(claude): update monitor command"
date: 2026-04-17T13:20:20+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit cf02179 par Betty dans bojemoi"
author: "Betty"
---
## Commit `cf02179`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `cf02179d21e380fa07b6c8ed6cc36bb3b32ac5fc` |
### Description
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M .claude/commands/monitor.md
```
### Diff Summary
```
.claude/commands/monitor.md | 48 ++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 47 insertions(+), 1 deletion(-)
```

48
content/posts/commits/2026-04-17-commit-eb9a1ee.md Normal file
View File

@@ -0,0 +1,48 @@
---
title: "[bojemoi] feat(packaging): package-dist.sh + Makefile + install/env fixes"
date: 2026-04-17T13:37:34+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit eb9a1ee par Betty dans bojemoi"
author: "Betty"
---
## Commit `eb9a1ee`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `eb9a1ee7a3e8e4ebd4fcc2eaed96bccb017bb639` |
### Description
- scripts/package-dist.sh: génère archive de distribution
(.pyc only, stacks défensifs, Dockerfiles, configs, docs)
- Makefile: targets build/push/deploy/status/validate/clean/nodes
- install.sh: Faraday → DefectDojo, add dojo stack
- .env.example: Faraday → DefectDojo section
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M .env.example
A Makefile
M install.sh
A scripts/package-dist.sh
```
### Diff Summary
```
.env.example | 18 +--
Makefile | 108 +++++++++++++++++
install.sh | 19 +--
scripts/package-dist.sh | 305 ++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 432 insertions(+), 18 deletions(-)
```

79
content/posts/commits/2026-04-24-commit-4aba669.md Normal file
View File

@@ -0,0 +1,79 @@
---
title: "[bojemoi] feat(orchestrator): local cloud-init templates — remove Gitea runtime dependency"
date: 2026-04-24T22:34:13+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 4aba669 par Betty dans bojemoi"
author: "Betty"
---
## Commit `4aba669`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `4aba669f0e4971f0d1a4da8bd6e68d3883474c54` |
### Description
Templates are now stored in provisioning/cloud-init/ (synced from Gitea
bojemoi-configs via SSH) and mounted read-only into the orchestrator container
at /app/cloud-init.
- Add LocalTemplateClient (mirrors GiteaClient interface, reads from disk)
- Add TEMPLATES_DIR setting in config.py (default /app/cloud-init)
- Swap all template calls in main.py from gitea_client → template_client
- CloudInitGenerator now receives template_client instead of gitea_client
- Add bind-mount in stack/01-service-hl.yml: provisioning/cloud-init → /app/cloud-init:ro
- Gitea client retained only for health-check ping
Fixes: VM deploys silently failing when Gitea TLS cert expires.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
A provisioning/cloud-init/alpine/database.yaml
A provisioning/cloud-init/alpine/minimal.yaml
A provisioning/cloud-init/alpine/webserver.yaml
A provisioning/cloud-init/common/hardening.sh
A provisioning/cloud-init/common/setup_docker.sh
A provisioning/cloud-init/common/setup_monitoring.sh
A provisioning/cloud-init/debian/default.yaml
A provisioning/cloud-init/debian/webserver.yaml
A provisioning/cloud-init/ubuntu/database.yaml
A provisioning/cloud-init/ubuntu/default.yaml
A provisioning/cloud-init/ubuntu/webserver.yaml
M provisioning/orchestrator/app/config.py
M provisioning/orchestrator/app/main.py
M provisioning/orchestrator/app/services/cloudinit_gen.py
A provisioning/orchestrator/app/services/local_template_client.py
M stack/01-service-hl.yml
```
### Diff Summary
```
provisioning/cloud-init/alpine/database.yaml | 62 +++++++
provisioning/cloud-init/alpine/minimal.yaml | 41 +++++
provisioning/cloud-init/alpine/webserver.yaml | 65 +++++++
provisioning/cloud-init/common/hardening.sh | 92 ++++++++++
provisioning/cloud-init/common/setup_docker.sh | 64 +++++++
provisioning/cloud-init/common/setup_monitoring.sh | 50 ++++++
provisioning/cloud-init/debian/default.yaml | 54 ++++++
provisioning/cloud-init/debian/webserver.yaml | 72 ++++++++
provisioning/cloud-init/ubuntu/database.yaml | 73 ++++++++
provisioning/cloud-init/ubuntu/default.yaml | 54 ++++++
provisioning/cloud-init/ubuntu/webserver.yaml | 72 ++++++++
provisioning/orchestrator/app/config.py | 54 ++++--
provisioning/orchestrator/app/main.py | 191 ++++++---------------
.../orchestrator/app/services/cloudinit_gen.py | 8 +-
.../app/services/local_template_client.py | 159 +++++++++++++++++
stack/01-service-hl.yml | 88 ++++++----
16 files changed, 998 insertions(+), 201 deletions(-)
```

41
content/posts/commits/2026-04-24-commit-760c08d.md Normal file
View File

@@ -0,0 +1,41 @@
---
title: "[bojemoi] docs(orchestrator): add user manual — provisioning/MANUAL.md"
date: 2026-04-24T22:38:08+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 760c08d par Betty dans bojemoi"
author: "Betty"
---
## Commit `760c08d`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `760c08d40031e164fca4bd6a12afa63f75add97b` |
### Description
Covers all API endpoints (VM deploy, container deploy, Rapid7 debug VM,
VulnHub catalogue, host_debug, templates, blockchain, metrics), IP
validation, ops procedures (rebuild/redeploy, template sync), and
Jinja2 template authoring guide.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
A provisioning/MANUAL.md
```
### Diff Summary
```
provisioning/MANUAL.md | 581 +++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 581 insertions(+)
```

69
content/posts/commits/2026-04-24-commit-e8778da.md Normal file
View File

@@ -0,0 +1,69 @@
---
title: "[bojemoi] feat(orchestrator): xe-guest-utilities in cloud-init, IP detection, boot disk from VDI"
date: 2026-04-24T23:00:22+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit e8778da par Betty dans bojemoi"
author: "Betty"
---
## Commit `e8778da`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `e8778da95365c0e582aa011e7b12243abd6cf380` |
### Description
Problem: alpine-meta XenServer template has no disk (CD-only); VMs halted
immediately. IP was never detected because XenTools had nothing to run on.
Changes:
- cloud-init alpine/minimal,webserver,database: add xe-guest-utilities to
packages, rc-update add + rc-service start in runcmd so XenStore gets
the guest IP after first boot
- xenserver_client_real.py create_vm: after VM.provision(), check if any
disk VBD exists. If not and boot_vdi_uuid is provided, copy the source
VDI into the same SR, resize to requested disk size, and attach as
primary bootable disk (userdevice=0, type=Disk, bootable=True).
Removed the old step-4 pre-provision resize loop (now handled post-provision).
- config.py: add ALPINE_BOOT_VDI_UUID (df288d22-..., "alpine root" VDI)
- main.py: pass boot_vdi_uuid=settings.ALPINE_BOOT_VDI_UUID for alpine
deploys; poll for guest IP after VM creation; register real IP in
host_debug (fallback to UUID if XenTools not ready within timeout)
- schemas.py: add ip_poll_timeout to VMDeployRequest (default 120s, 0=skip);
add ip_address to DeploymentResponse
Tested: test-alpine-01 deployed, IP=192.168.1.247, host_debug id=5.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M provisioning/cloud-init/alpine/database.yaml
M provisioning/cloud-init/alpine/minimal.yaml
M provisioning/cloud-init/alpine/webserver.yaml
M provisioning/orchestrator/app/config.py
M provisioning/orchestrator/app/main.py
M provisioning/orchestrator/app/models/schemas.py
M provisioning/orchestrator/app/services/xenserver_client_real.py
```
### Diff Summary
```
provisioning/cloud-init/alpine/database.yaml | 4 ++
provisioning/cloud-init/alpine/minimal.yaml | 4 ++
provisioning/cloud-init/alpine/webserver.yaml | 4 ++
provisioning/orchestrator/app/config.py | 3 +
provisioning/orchestrator/app/main.py | 32 +++++++--
provisioning/orchestrator/app/models/schemas.py | 7 ++
.../app/services/xenserver_client_real.py | 75 ++++++++++++++++++----
7 files changed, 109 insertions(+), 20 deletions(-)
```

144
content/posts/commits/2026-04-24-commit-fad9bc3.md Normal file
View File

@@ -0,0 +1,144 @@
---
title: "[bojemoi] feat: merge DefectDojo into borodino stack, add alert-agent, discord, suricata-exporter"
date: 2026-04-24T22:36:02+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit fad9bc3 par Betty dans bojemoi"
author: "Betty"
---
## Commit `fad9bc3`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `fad9bc309a6829eab6c423395fcbdaf8e043a282` |
### Description
Stack consolidation:
- Move DefectDojo (nginx, uWSGI, Celery Beat/Worker, initializer, dojo-triage)
from standalone 70-service-defectdojo.yml into 40-service-borodino.yml
- Move nym-proxy from 41-service-nym.yml into borodino stack
- Delete stack/70-service-defectdojo.yml and stack/41-service-nym.yml
- Add c2-monitor service to borodino stack
New components:
- alert-agent/ + stack/48-service-alert-agent.yml — alert routing agent
- suricata-exporter/ — Prometheus exporter for Suricata
- discord/ — Discord channel provisioning scripts (populate, post_architecture,
post_blueteam, post_infra_channels, post_intel_channels, cleanup)
- scripts/gameover.sh — full teardown script
- scripts/startover.sh — full deploy with Alertmanager silence support
Service updates:
- razvedka: Dockerfile + config update
- vigie: Dockerfile + config update
- provisioning/orchestrator/app/services/database.py: refactored
- stack/01-suricata-host.yml, 02-service-maintenance.yml,
45-service-ml-threat-intel.yml, 60-service-telegram.yml: minor fixes
- volumes/alertmanager/alertmanager.yml, dnsmask.conf, suricata.yaml: config updates
Docs:
- ARCHITECTURE.md: update node labels, stack table, DefectDojo section, c2-monitor flow
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
M ARCHITECTURE.md
A alert-agent/Dockerfile.alert-agent
A alert-agent/alert_agent/__init__.py
A alert-agent/alert_agent/__main__.py
A alert-agent/alert_agent/actions.py
A alert-agent/alert_agent/alerter.py
A alert-agent/alert_agent/config.py
A alert-agent/alert_agent/db.py
A alert-agent/alert_agent/enricher.py
A alert-agent/alert_agent/llm.py
A alert-agent/alert_agent/metrics.py
A alert-agent/alert_agent/webhook.py
A alert-agent/requirements.txt
A discord/ARCHITECTURE.md
A discord/cleanup.py
A discord/populate.py
A discord/post_architecture.py
A discord/post_blueteam.py
A discord/post_infra_channels.py
A discord/post_intel_channels.py
M provisioning/orchestrator/app/services/database.py
M razvedka/Dockerfile.razvedka
M razvedka/auth_helper.py
M razvedka/razvedka/config.py
A scripts/gameover.sh
M scripts/startover.sh
M stack/01-suricata-host.yml
M stack/02-service-maintenance.yml
M stack/40-service-borodino.yml
D stack/41-service-nym.yml
M stack/45-service-ml-threat-intel.yml
M stack/46-service-razvedka.yml
M stack/47-service-vigie.yml
A stack/48-service-alert-agent.yml
M stack/60-service-telegram.yml
D stack/70-service-defectdojo.yml
A suricata-exporter/Dockerfile
M vigie/Dockerfile.vigie
M vigie/vigie/config.py
M volumes/alertmanager/alertmanager.yml
M volumes/dnsmask/dnsmask.conf
M volumes/suricata/suricata.yaml
```
### Diff Summary
```
ARCHITECTURE.md | 65 +++-
alert-agent/Dockerfile.alert-agent | 17 +
alert-agent/alert_agent/__init__.py | 0
alert-agent/alert_agent/__main__.py | 45 +++
alert-agent/alert_agent/actions.py | 146 +++++++
alert-agent/alert_agent/alerter.py | 58 +++
alert-agent/alert_agent/config.py | 58 +++
alert-agent/alert_agent/db.py | 107 ++++++
alert-agent/alert_agent/enricher.py | 105 ++++++
alert-agent/alert_agent/llm.py | 99 +++++
alert-agent/alert_agent/metrics.py | 25 ++
alert-agent/alert_agent/webhook.py | 125 ++++++
alert-agent/requirements.txt | 6 +
discord/ARCHITECTURE.md | 0
discord/cleanup.py | 47 +++
discord/populate.py | 420 +++++++++++++++++++++
discord/post_architecture.py | 88 +++++
discord/post_blueteam.py | 175 +++++++++
discord/post_infra_channels.py | 321 ++++++++++++++++
discord/post_intel_channels.py | 242 ++++++++++++
provisioning/orchestrator/app/services/database.py | 231 +++---------
razvedka/Dockerfile.razvedka | 3 +
razvedka/auth_helper.py | 10 +-
razvedka/razvedka/config.py | 4 +
scripts/gameover.sh | 142 +++++++
scripts/startover.sh | 40 +-
stack/01-suricata-host.yml | 98 +++--
stack/02-service-maintenance.yml | 2 +-
stack/40-service-borodino.yml | 371 +++++++++++++++++-
stack/41-service-nym.yml | 67 ----
stack/45-service-ml-threat-intel.yml | 5 +-
stack/46-service-razvedka.yml | 21 +-
stack/47-service-vigie.yml | 21 +-
stack/48-service-alert-agent.yml | 73 ++++
stack/60-service-telegram.yml | 9 +-
stack/70-service-defectdojo.yml | 292 --------------
suricata-exporter/Dockerfile | 10 +
vigie/Dockerfile.vigie | 3 +
vigie/vigie/config.py | 4 +
volumes/alertmanager/alertmanager.yml | 8 +
volumes/dnsmask/dnsmask.conf | 2 +
volumes/suricata/suricata.yaml | 1 +
42 files changed, 2951 insertions(+), 615 deletions(-)
```

31
content/posts/pushes/2026-03-14-push-bojemoi-main-8d7722b.md Normal file
View File

@@ -0,0 +1,31 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-03-14T22:01:42+01:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **8d7722b** sec: move alertmanager SMTP password to Docker secret (Betty)
### Diff Summary
```
stack/01-service-hl.yml | 3 +++
volumes/alertmanager/alertmanager.yml | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
```

34
content/posts/pushes/2026-03-18-push-bojemoi-main-8671e81.md Normal file
View File

@@ -0,0 +1,34 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-03-18T13:50:59+01:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **8671e81** feat: add breachforum CTI discovery service (stack 66) (Betty)
### Diff Summary
```
discovery/Dockerfile | 34 +++
discovery/breachforum_discovery_api.py | 259 +++++++++++++++++++
discovery/breachforum_onion_discovery.py | 421 +++++++++++++++++++++++++++++++
discovery/entrypoint.sh | 33 +++
stack/66-service-discovery.yml | 73 ++++++
5 files changed, 820 insertions(+)
```

44
content/posts/pushes/2026-03-18-push-bojemoi-main-fced696.md Normal file
View File

@@ -0,0 +1,44 @@
---
title: "[bojemoi] Push 3 commit(s) to main"
date: 2026-03-18T13:52:16+01:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 3 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 3 |
| **Pushed by** | Betty |
### Commits
- **fced696** chore: add Discord bot scaffold + breachforum discovery scripts (Betty)
- **1041a8b** blog: add alertmanager Docker secrets post (FR) (Betty)
- **b93e503** feat(borodino/uzi): auto-detect LHOST, split LPORT_BIND, improve exploit targeting (Betty)
### Diff Summary
```
blog/alertmanager-docker-secrets-fr.md | 174 +++++++++++
borodino/thearm_uzi | 53 +++-
discord/.env.example | 17 ++
discord/create_structure.sh | 68 +++++
discord/structure.yml | 38 +++
scripts/Dockerfile.discovery | 34 +++
scripts/INTEGRATION_GUIDE.sh | 205 +++++++++++++
scripts/README.md | 540 +++++++++++++++++++++++++++++++++
scripts/breachforum_discovery_api.py | 259 ++++++++++++++++
scripts/breachforum_onion_discovery.py | 421 +++++++++++++++++++++++++
scripts/docker-compose.discovery.yml | 99 ++++++
scripts/examples_usage.py | 301 ++++++++++++++++++
stack/40-service-borodino.yml | 5 +-
13 files changed, 2202 insertions(+), 12 deletions(-)
```

33
content/posts/pushes/2026-03-23-push-bojemoi-main-392a1a2.md Normal file
View File

@@ -0,0 +1,33 @@
---
title: "[bojemoi] Push 2 commit(s) to main"
date: 2026-03-23T18:56:51+01:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 2 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 2 |
| **Pushed by** | Betty |
### Commits
- **392a1a2** feat(borodino/uzi): enrich meterpreter Telegram alerts with sysinfo/uid/pid (Betty)
- **11a8e69** feat(borodino/uzi): use Claude AI to extract MSF search terms from service info (Betty)
### Diff Summary
```
borodino/Dockerfile.borodino | 3 +-
borodino/thearm_uzi | 436 +++++++++++++++++++++++++++++++++++-------
stack/40-service-borodino.yml | 21 +-
3 files changed, 379 insertions(+), 81 deletions(-)
```

33
content/posts/pushes/2026-03-25-push-bojemoi-main-27f5ef4.md Normal file
View File

@@ -0,0 +1,33 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-03-25T23:05:13+01:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **27f5ef4** feat(orchestrator): add VulnHub VM automation endpoints (Betty)
### Diff Summary
```
provisioning/orchestrator/app/main.py | 184 +++++++++++++++++++-
provisioning/orchestrator/app/models/schemas.py | 53 ++++++
.../orchestrator/app/services/vulnhub_manager.py | 188 +++++++++++++++++++++
scripts/import_vulnhub_ova.sh | 123 ++++++++++++++
4 files changed, 547 insertions(+), 1 deletion(-)
```

31
content/posts/pushes/2026-03-25-push-bojemoi-main-5a9bdd9.md Normal file
View File

@@ -0,0 +1,31 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-03-25T22:52:46+01:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **5a9bdd9** feat(borodino): enrich bm12/uzi with VulnHub-style attack surface detection (Betty)
### Diff Summary
```
borodino/thearm_bm12 | 98 +++++++++++++++++++++++++++++++++++++++++++++++++---
borodino/thearm_uzi | 69 +++++++++++++++++++++++++++++-------
2 files changed, 151 insertions(+), 16 deletions(-)
```

56
content/posts/pushes/2026-03-25-push-bojemoi-main-a79479d.md Normal file
View File

@@ -0,0 +1,56 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-03-25T22:44:39+01:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **a79479d** feat: multi-stage Dockerfiles, DVAR IoT target, bm12/uzi ARM enrichment (Betty)
### Diff Summary
```
.dockerignore | 1 +
berezina/Dockerfile.berezina | 73 +-
borodino/.dockerignore | 1 +
borodino/Dockerfile.berezina | 29 +-
borodino/Dockerfile.borodino | 51 +-
borodino/thearm_bm12 | 151 ++++-
borodino/thearm_uzi | 579 ++++++++++------
borodino/toto | 1092 ++++++++++++++++++++++++++----
discovery/Dockerfile | 27 +-
discovery/breachforum_onion_discovery.py | 160 ++++-
discovery/entrypoint.sh | 2 +-
dvar/Dockerfile.dvar | 55 ++
dvar/entrypoint.sh | 87 +++
dvar/src/vuln_httpd.c | 194 ++++++
koursk-2/Dockerfile.koursk-2 | 5 +
koursk-2/scripts/rsync-start.sh | 2 +-
mcp-server/Dockerfile | 6 +-
narva/Dockerfile.narva | 14 +-
oblast/Dockerfile.zaproxy | 7 +-
scripts/cccp.sh | 173 +++--
scripts/metasploitable2_exploit.py | 388 +++++++++++
scripts/startover.sh | 1 +
sentinel/collector/Dockerfile | 6 +-
stack/40-service-borodino.yml | 18 +-
stack/56-service-dvar.yml | 55 ++
toto | 945 ++++++++++++++++++++++++++
tsushima/Dockerfile.tsushima | 84 +--
27 files changed, 3504 insertions(+), 702 deletions(-)
```

30
content/posts/pushes/2026-03-25-push-bojemoi-main-d3bbec7.md Normal file
View File

@@ -0,0 +1,30 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-03-25T23:19:08+01:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **d3bbec7** fix(orchestrator): use docker-socket-proxy instead of direct socket (Betty)
### Diff Summary
```
stack/01-service-hl.yml | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
```

33
content/posts/pushes/2026-03-26-push-bojemoi-main-9a69b23.md Normal file
View File

@@ -0,0 +1,33 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-03-26T18:05:51+01:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **9a69b23** refactor(borodino): standardize env var management across ak47/bm12/uzi (Betty)
### Diff Summary
```
borodino/thearm_ak47 | 40 ++++++++++++++++++----------------------
borodino/thearm_bm12 | 7 ++++---
borodino/thearm_uzi | 23 +++++++++++------------
stack/40-service-borodino.yml | 16 ++++++++++++++++
4 files changed, 49 insertions(+), 37 deletions(-)
```

35
content/posts/pushes/2026-03-30-push-bojemoi-main-631b96e.md Normal file
View File

@@ -0,0 +1,35 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-03-30T21:24:58+02:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **631b96e** feat(borodino): OpenVPN gateway + fix ak47/bm12 env vars (Betty)
### Diff Summary
```
.claude/commands/borodino.md | 156 +++++++++++++++++++++++++++++++++++++++++
borodino/Dockerfile.borodino | 2 +
borodino/Dockerfile.wg-gateway | 16 +++++
borodino/route-setup.sh | 37 ++++++++++
borodino/wg-gateway-start.sh | 67 ++++++++++++++++++
stack/40-service-borodino.yml | 75 +++++++++++++++++++-
6 files changed, 351 insertions(+), 2 deletions(-)
```

53
content/posts/pushes/2026-03-30-push-bojemoi-main-9eb4c92.md Normal file
View File

@@ -0,0 +1,53 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-03-30T16:51:02+02:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **9eb4c92** feat(c2): multi-redirector infrastructure + split borodino images (Betty)
### Diff Summary
```
borodino/Dockerfile.borodino | 62 +---
borodino/Dockerfile.borodino-msf | 58 ++++
borodino/start_msf_server.sh | 51 +++
borodino/start_uzi.sh | 68 ++--
borodino/thearm_uzi | 84 ++++-
cloud-init/redirector-template.yaml | 317 ++++++++++++++++++
discovery/Dockerfile | 35 --
discovery/breachforum_discovery_api.py | 259 ---------------
discovery/breachforum_onion_discovery.py | 529 -------------------------------
discovery/entrypoint.sh | 33 --
redirector/Dockerfile | 33 ++
redirector/c2-proxy.conf | 39 +++
redirector/nginx.conf | 43 +++
scripts/Dockerfile.discovery | 34 --
scripts/breachforum_discovery_api.py | 259 ---------------
scripts/breachforum_onion_discovery.py | 421 ------------------------
scripts/c2-manage.sh | 415 ++++++++++++++++++++++++
scripts/c2-vpn-init-pki.sh | 255 +++++++++++++++
scripts/docker-compose.discovery.yml | 99 ------
scripts/provision-redirector.sh | 91 ++++++
stack/40-service-borodino.yml | 76 ++++-
stack/66-service-discovery.yml | 73 -----
volumes/c2-vpn/.gitignore | 6 +
volumes/c2-vpn/README.md | 46 +++
24 files changed, 1559 insertions(+), 1827 deletions(-)
```

42
content/posts/pushes/2026-03-31-push-bojemoi-main-b5b5641.md Normal file
View File

@@ -0,0 +1,42 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-03-31T20:36:25+02:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **b5b5641** feat(nuclei): Redis queue pipeline + dedicated Faraday workspaces + Redis Commander (Betty)
### Diff Summary
```
borodino/Dockerfile.borodino | 6 +-
borodino/redirector/Dockerfile | 18 +
borodino/redirector/entrypoint.sh | 77 ++++
borodino/redirector/nginx.conf | 63 ++++
borodino/thearm_bm12 | 23 +-
borodino/thearm_logpull | 212 +++++++++++
borodino/thearm_nuclei | 410 +++++++++++++++++++++
samsonov/nuclei_api/main.py | 116 +++++-
.../pentest_orchestrator/plugins/plugin_burp.py | 326 ----------------
.../pentest_orchestrator/plugins/plugin_nuclei.py | 28 ++
scripts/gameover.sh | 18 -
scripts/stack_burp.export | 57 ---
stack/40-service-borodino.yml | 139 ++++++-
13 files changed, 1082 insertions(+), 411 deletions(-)
```

42
content/posts/pushes/2026-04-03-push-bojemoi-main-f6b4ac5.md Normal file
View File

@@ -0,0 +1,42 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-04-03T16:11:02+02:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **f6b4ac5** feat: Ollama/Mistral local inference + remove Burp Suite + C2 listener auto-start (Betty)
### Diff Summary
```
.claude/commands/pentest.md | 2 +-
borodino/start_msf_server.sh | 25 +++++++-
borodino/thearm_ak47 | 7 +-
oblast-1/zap_scanner.py | 81 +++++++++++++++++++-----
samsonov/pentest_orchestrator/config/config.json | 7 +-
samsonov/pentest_orchestrator/main.py | 4 +-
scripts/provision-redirector.sh | 27 +++++++-
scripts/test_wget.sh | 2 -
stack/01-service-hl.yml | 5 +-
stack/45-service-ml-threat-intel.yml | 5 +-
stack/51-service-ollama.yml | 51 +++++++++++++++
stack/READ.me | 2 +-
wiki/Pentest-Orchestrator.md | 1 -
13 files changed, 179 insertions(+), 40 deletions(-)
```

43
content/posts/pushes/2026-04-05-push-bojemoi-main-002f809.md Normal file
View File

@@ -0,0 +1,43 @@
---
title: "[bojemoi] Push 2 commit(s) to main"
date: 2026-04-05T00:12:44+02:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 2 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 2 |
| **Pushed by** | Betty |
### Commits
- **002f809** feat: uzi_scan_log + zap severity breakdown + nuclei [][]fix + eve-cleaner merge (Betty)
- **fb7c5ff** feat: Ollama AI template gen, C2 proxy_proto, ZAP throttle, vulnx removal (Betty)
### Diff Summary
```
borodino/redirector/nginx.conf | 12 +-
borodino/thearm_logpull | 24 ++--
borodino/thearm_nuclei | 82 ++++++++++-
borodino/thearm_uzi | 114 +++++++++++++--
oblast-1/zap_scanner.py | 118 +++++++++++++---
samsonov/nuclei_api/main.py | 111 +++++++++++++--
samsonov/nuclei_api/nuclei_ai.py | 298 +++++++++++++++++++++++++++++++++++++++
scripts/provision-redirector.sh | 2 +-
scripts/startover.sh | 6 +
stack/01-suricata-host.yml | 21 ++-
stack/40-service-borodino.yml | 84 +++++------
stack/48-service-dozor.yml | 33 -----
stack/51-service-ollama.yml | 6 +-
13 files changed, 763 insertions(+), 148 deletions(-)
```

37
content/posts/pushes/2026-04-05-push-bojemoi-main-24c1a17.md Normal file
View File

@@ -0,0 +1,37 @@
---
title: "[bojemoi] Push 2 commit(s) to main"
date: 2026-04-05T00:48:14+02:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 2 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 2 |
| **Pushed by** | Betty |
### Commits
- **24c1a17** feat(grafana): dashboards bind mount + scan-results dashboard + config swap fix (Betty)
- **454674c** feat(redirector): Loki log drain via VPN (Betty)
### Diff Summary
```
borodino/redirector/Dockerfile | 2 +
borodino/redirector/entrypoint.sh | 13 +-
borodino/redirector/loki-shipper.py | 73 ++
stack/01-service-hl.yml | 26 +-
.../grafana/dashboards/pentest/scan-results.json | 202 +++++
.../grafana/provisioning/dashboards/dashboards.yml | 838 +--------------------
.../provisioning/datasources/datasources.yml | 18 +
7 files changed, 339 insertions(+), 833 deletions(-)
```

67
content/posts/pushes/2026-04-09-push-bojemoi-main-0699664.md Normal file
View File

@@ -0,0 +1,67 @@
---
title: "[bojemoi] Push 2 commit(s) to main"
date: 2026-04-09T21:55:44+02:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 2 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 2 |
| **Pushed by** | Betty |
### Commits
- **0699664** feat: multi-service updates — nuclei API, nym-proxy, grafana reorg, prometheus rules (Betty)
- **10af16e** feat(redirector): OPSEC hardening — Let's Encrypt + header suppression + MSF keepalive (Betty)
### Diff Summary
```
.claude/commands/opsec-check.md | 242 +++++
.claude/commands/topology.md | 150 +++
borodino/osint_lookup.py | 23 +-
borodino/redirector/Dockerfile | 14 +-
borodino/redirector/entrypoint.sh | 54 +-
borodino/redirector/nginx.conf | 21 +-
borodino/start_msf_server.sh | 37 +-
borodino/thearm_ak47 | 3 +-
borodino/thearm_bm12 | 19 +-
borodino/thearm_logpull | 19 +-
borodino/thearm_nuclei | 19 +-
nym-proxy/Dockerfile | 19 +
nym-proxy/entrypoint.sh | 24 +
oblast-1/Dockerfile.oblast-1 | 10 +-
oblast-1/zap_scanner.py | 26 +-
samsonov/Dockerfile.nuclei | 1 +
samsonov/nuclei_api/Dockerfile | 24 +
samsonov/nuclei_api/entrypoint.sh | 28 +
samsonov/nuclei_api/main.py | 34 +-
samsonov/nuclei_api/requirements.txt | 6 +
scripts/cccp.sh | 474 +++++----
stack/02-service-maintenance.yml | 31 +
stack/41-service-nym.yml | 67 ++
tsushima/masscan_msf_script.py | 26 +-
volumes/alloy/config/config.alloy | 2 +-
.../dashboards/general/loki-stack-monitoring.json | 239 +++++
.../grafana/dashboards/general/nvidia-dcgm.json | 804 ++++++++++++++
.../dashboards/pentest/pentest-overview.json | 187 +++-
.../grafana/dashboards/pentest/scan-results.json | 1112 +++++++++++++++++---
.../dashboards/pentest/vuln-management.json | 766 ++++++++++++++
.../{ => security}/dashboard-security-minimal.json | 0
.../dashboards/{ => security}/sentinel.json | 0
.../grafana/dashboards/{ => security}/vigie.json | 0
.../grafana/provisioning/dashboards/dashboards.yml | 12 +-
volumes/prometheus/prometheus.yml | 17 +
volumes/prometheus/rules/alert_rules.yml | 15 +-
volumes/prometheus/rules/alerts.yml | 28 +-
37 files changed, 4064 insertions(+), 489 deletions(-)
```

50
content/posts/pushes/2026-04-09-push-bojemoi-main-0e0519a.md Normal file
View File

@@ -0,0 +1,50 @@
---
title: "[bojemoi] Push 2 commit(s) to main"
date: 2026-04-09T16:22:46+02:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 2 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 2 |
| **Pushed by** | Betty |
### Commits
- **0e0519a** feat(uzi): brute-force credentials Phase 0 sur 15 services (Betty)
- **440a412** feat: make project distributable — templatize stacks + install wizard (Betty)
### Diff Summary
```
.env.example | 224 +++++++++++++++++++
.gitignore | 2 +
README.md | 225 +++++++++++++++----
borodino/thearm_uzi | 303 ++++++++++++++++++++++++-
install.sh | 415 +++++++++++++++++++++++++++++++++++
scripts/create-secrets.sh | 212 ++++++++++++++++++
stack/01-service-hl.yml | 200 ++++++++---------
stack/01-suricata-host.yml | 18 +-
stack/40-service-borodino.yml | 241 ++++++++++++--------
stack/45-service-ml-threat-intel.yml | 8 +-
stack/46-service-razvedka.yml | 4 +-
stack/47-service-vigie.yml | 4 +-
stack/48-service-dozor.yml | 6 +-
stack/49-service-mcp.yml | 2 +-
stack/50-service-trivy.yml | 2 +-
stack/51-service-ollama.yml | 40 +++-
stack/55-service-sentinel.yml | 4 +-
stack/56-service-dvar.yml | 4 +-
stack/60-service-telegram.yml | 4 +-
stack/65-service-medved.yml | 2 +-
20 files changed, 1656 insertions(+), 264 deletions(-)
```

32
content/posts/pushes/2026-04-09-push-bojemoi-main-7eedf64.md Normal file
View File

@@ -0,0 +1,32 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-04-09T16:54:51+02:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **7eedf64** feat(uzi): SecLists wordlists + USERPASS_FILE support (Betty)
### Diff Summary
```
.gitignore | 1 +
borodino/thearm_uzi | 200 ++++++++++++++++++++++++------------------
stack/40-service-borodino.yml | 78 +++++++++-------
3 files changed, 160 insertions(+), 119 deletions(-)
```

54
content/posts/pushes/2026-04-15-push-bojemoi-main-4fa26f4.md Normal file
View File

@@ -0,0 +1,54 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-04-15T23:00:02+02:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **4fa26f4** feat(vuln-mgmt): migrate Faraday CE → DefectDojo (Betty)
### Diff Summary
```
faraday-triage/Dockerfile | 10 +
faraday-triage/requirements.txt | 3 +
faraday-triage/triage.py | 354 ++++++++++++++
mcp-server/server.py | 49 +-
mcp-server/tools/defectdojo.py | 190 ++++++++
mcp-server/tools/faraday.py | 126 -----
medved/honeypot/config.py | 16 +-
medved/honeypot/db.py | 29 +-
medved/honeypot/defectdojo_reporter.py | 234 +++++++++
medved/honeypot/faraday_reporter.py | 200 --------
medved/honeypot/main.py | 6 +-
medved/honeypot/metrics.py | 6 +-
oblast-1/zap_scanner.py | 212 ++++++---
samsonov/nuclei_api/main.py | 212 +++++----
.../pentest_orchestrator/plugins/plugin_faraday.py | 522 ---------------------
stack/40-service-borodino.yml | 99 +---
stack/49-service-mcp.yml | 7 +-
stack/65-service-medved.yml | 14 +-
stack/70-service-defectdojo.yml | 295 ++++++++++++
volumes/nginx/conf.d/default.conf | 6 +-
volumes/nginx/conf.d/sites/defectdojo.conf | 31 ++
volumes/nginx/conf.d/sites/faraday.conf | 65 ---
volumes/nginx/conf.d/upstreams/upstreams.conf | 6 +-
volumes/prometheus/rules/alert_rules.yml | 8 +-
volumes/prometheus/rules/alerts.yml | 52 +-
25 files changed, 1502 insertions(+), 1250 deletions(-)
```

33
content/posts/pushes/2026-04-16-push-bojemoi-main-907b0c3.md Normal file
View File

@@ -0,0 +1,33 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-04-16T10:08:37+02:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **907b0c3** fix(vuln-mgmt): wire uzi + zap → DefectDojo, fix dnsmasq (Betty)
### Diff Summary
```
borodino/thearm_uzi | 192 +++++++++++++++++++++------------
oblast-1/zap_scanner.py | 20 +++-
stack/70-service-defectdojo.yml | 3 -
volumes/dnsmask/dnsmask.d/01-base.conf | 5 +-
4 files changed, 142 insertions(+), 78 deletions(-)
```

30
content/posts/pushes/2026-04-16-push-bojemoi-main-93d5ceb.md Normal file
View File

@@ -0,0 +1,30 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-04-16T10:21:05+02:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **93d5ceb** feat(grafana): add DefectDojo section to vuln-management dashboard (Betty)
### Diff Summary
```
.../dashboards/pentest/vuln-management.json | 1197 +++++++++++++++++++-
1 file changed, 1196 insertions(+), 1 deletion(-)
```

115
content/posts/pushes/2026-04-24-push-bojemoi-main-4aba669.md Normal file
View File

@@ -0,0 +1,115 @@
---
title: "[bojemoi] Push 11 commit(s) to main"
date: 2026-04-24T22:34:13+02:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 11 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 11 |
| **Pushed by** | Betty |
### Commits
- **4aba669** feat(orchestrator): local cloud-init templates — remove Gitea runtime dependency (Betty)
- **eb9a1ee** feat(packaging): package-dist.sh + Makefile + install/env fixes (Betty)
- **1c2ee83** feat(postgres): init SQL — create all databases on first start (Betty)
- **047a7a8** docs: update ARCHITECTURE + README, add runbook (Betty)
- **4adce3e** feat: new components — c2-monitor, ptaas-init, postgres-ssl, RIPE import (Betty)
- **cf02179** chore(claude): update monitor command (Betty)
- **9e5b612** feat(grafana): update pentest + security dashboards (Betty)
- **081acdb** feat(monitoring): prometheus targets + alert rules + alloy config (Betty)
- **b9abb6d** feat(stacks): update base, borodino, nym, dozor, ollama (Betty)
- **13e2bf9** fix: borodino/nym/zap/nuclei — pending fixes (Betty)
- **4e1f103** chore: exclude postgres SSL certs + remove obsolete scripts (Betty)
### Diff Summary
```
.claude/commands/monitor.md | 48 +-
.env.example | 18 +-
.gitignore | 1 +
ARCHITECTURE.md | 323 +++++++
Makefile | 108 +++
README.md | 13 +-
borodino/Dockerfile.postgres-ssl | 6 +
borodino/start_msf_server.sh | 25 +-
borodino/thearm_uzi | 7 +-
c2-monitor/Dockerfile | 10 +
c2-monitor/monitor.py | 205 +++++
c2-monitor/requirements.txt | 4 +
docs/runbook/README.md | 12 +
docs/runbook/borodino-rebuild.md | 44 +
docs/runbook/docker-secrets.md | 54 ++
docs/runbook/node-access.md | 49 ++
docs/runbook/postgres-ssl.md | 52 ++
docs/runbook/protonmail-bridge.md | 69 ++
docs/runbook/stack-deploy.md | 72 ++
install.sh | 19 +-
nym-proxy/Dockerfile | 2 +-
oblast-1/Dockerfile.oblast-1 | 2 -
oblast-1/zap_scanner.py | 8 +-
provisioning/cloud-init/alpine/database.yaml | 62 ++
provisioning/cloud-init/alpine/minimal.yaml | 41 +
provisioning/cloud-init/alpine/webserver.yaml | 65 ++
provisioning/cloud-init/common/hardening.sh | 92 ++
provisioning/cloud-init/common/setup_docker.sh | 64 ++
provisioning/cloud-init/common/setup_monitoring.sh | 50 ++
provisioning/cloud-init/debian/default.yaml | 54 ++
provisioning/cloud-init/debian/webserver.yaml | 72 ++
provisioning/cloud-init/ubuntu/database.yaml | 73 ++
provisioning/cloud-init/ubuntu/default.yaml | 54 ++
provisioning/cloud-init/ubuntu/webserver.yaml | 72 ++
provisioning/orchestrator/app/config.py | 54 +-
provisioning/orchestrator/app/main.py | 191 +---
.../orchestrator/app/services/cloudinit_gen.py | 8 +-
.../app/services/local_template_client.py | 159 ++++
ptaas-init/Dockerfile | 12 +
ptaas-init/init.py | 241 +++++
ptaas-init/requirements.txt | 3 +
samsonov/nuclei_api/main.py | 7 +-
scripts/cccp-v2.sh | 195 -----
scripts/cccp.sh.1 | 138 ---
scripts/check_image_v1.py | 451 ----------
scripts/import_2_faraday.py | 118 ---
scripts/import_ripe_cidrs.py | 113 +++
scripts/mockba-v1.sh | 114 ---
scripts/orchestrator-zap-nuclei-faraday.sh | 154 ----
scripts/package-dist.sh | 305 +++++++
scripts/stack_armement.export | 113 ---
scripts/stack_base.export | 431 ---------
scripts/stack_faraday.export | 51 --
scripts/stack_masscan.export | 42 -
scripts/stack_owasp.export | 66 --
scripts/test_deploiement.sh | 10 -
scripts/test_reso.sh | 6 -
scripts/test_wget.sh | 48 -
stack/01-service-hl.yml | 156 +++-
stack/02-init-ptaas.yml | 64 ++
stack/40-service-borodino.yml | 66 ++
stack/41-service-nym.yml | 6 +-
stack/48-service-dozor.yml | 3 +
stack/51-service-ollama.yml | 3 +
volumes/alloy/config/config.alloy | 4 +-
.../grafana/dashboards/pentest/c2-sessions.json | 198 +++++
.../dashboards/pentest/pentest-overview.json | 256 +++++-
.../grafana/dashboards/pentest/scan-results.json | 966 +++++----------------
.../security/dashboard-security-minimal.json | 2 +-
volumes/grafana/dashboards/security/sentinel.json | 14 +-
volumes/grafana/dashboards/security/vigie.json | 12 +-
volumes/postgres/conf/pg_hba.conf | 22 +
volumes/postgres/init/01-create-databases.sql | 76 ++
volumes/postgres/postgres-entrypoint.sh | 14 +
volumes/prometheus/prometheus.yml | 5 +
volumes/prometheus/rules/alerts.yml | 21 +
76 files changed, 3813 insertions(+), 2955 deletions(-)
```

71
content/posts/pushes/2026-04-24-push-bojemoi-main-fad9bc3.md Normal file
View File

@@ -0,0 +1,71 @@
---
title: "[bojemoi] Push 1 commit(s) to main"
date: 2026-04-24T22:36:02+02:00
draft: false
tags: ["push", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
author: "Betty"
---
## Push to `bojemoi/main`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Commits** | 1 |
| **Pushed by** | Betty |
### Commits
- **fad9bc3** feat: merge DefectDojo into borodino stack, add alert-agent, discord, suricata-exporter (Betty)
### Diff Summary
```
ARCHITECTURE.md | 65 +++-
alert-agent/Dockerfile.alert-agent | 17 +
alert-agent/alert_agent/__init__.py | 0
alert-agent/alert_agent/__main__.py | 45 +++
alert-agent/alert_agent/actions.py | 146 +++++++
alert-agent/alert_agent/alerter.py | 58 +++
alert-agent/alert_agent/config.py | 58 +++
alert-agent/alert_agent/db.py | 107 ++++++
alert-agent/alert_agent/enricher.py | 105 ++++++
alert-agent/alert_agent/llm.py | 99 +++++
alert-agent/alert_agent/metrics.py | 25 ++
alert-agent/alert_agent/webhook.py | 125 ++++++
alert-agent/requirements.txt | 6 +
discord/ARCHITECTURE.md | 0
discord/cleanup.py | 47 +++
discord/populate.py | 420 +++++++++++++++++++++
discord/post_architecture.py | 88 +++++
discord/post_blueteam.py | 175 +++++++++
discord/post_infra_channels.py | 321 ++++++++++++++++
discord/post_intel_channels.py | 242 ++++++++++++
provisioning/orchestrator/app/services/database.py | 231 +++---------
razvedka/Dockerfile.razvedka | 3 +
razvedka/auth_helper.py | 10 +-
razvedka/razvedka/config.py | 4 +
scripts/gameover.sh | 142 +++++++
scripts/startover.sh | 40 +-
stack/01-suricata-host.yml | 98 +++--
stack/02-service-maintenance.yml | 2 +-
stack/40-service-borodino.yml | 371 +++++++++++++++++-
stack/41-service-nym.yml | 67 ----
stack/45-service-ml-threat-intel.yml | 5 +-
stack/46-service-razvedka.yml | 21 +-
stack/47-service-vigie.yml | 21 +-
stack/48-service-alert-agent.yml | 73 ++++
stack/60-service-telegram.yml | 9 +-
stack/70-service-defectdojo.yml | 292 --------------
suricata-exporter/Dockerfile | 10 +
vigie/Dockerfile.vigie | 3 +
vigie/vigie/config.py | 4 +
volumes/alertmanager/alertmanager.yml | 8 +
volumes/dnsmask/dnsmask.conf | 2 +
volumes/suricata/suricata.yaml | 1 +
42 files changed, 2951 insertions(+), 615 deletions(-)
```