bojemoi/blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e599d026af092640707698b61d826db5029053e8
blog/content/posts/commits/2026-04-04-commit-fb7c5ff.md
Betty 3240126da9
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
Details
post: commit fb7c5ff in bojemoi
2026-04-04 00:23:55 +02:00

2.5 KiB
Raw Blame History

title, date, draft, tags, categories, summary, author
title date draft tags categories summary author
[bojemoi] feat: Ollama AI template gen, C2 proxy_proto, ZAP throttle, vulnx removal 2026-04-04T00:23:54+02:00 false
commit
bojemoi
main
Git Activity
Commit fb7c5ff par Betty dans bojemoi Betty

Commit fb7c5ff
Repository bojemoi
Branch main
Author Betty
Hash fb7c5ffb383f76bef73929f3d716a83cbf252e23

Description

Ollama × Nuclei AI (option 1):

  • nuclei_ai.py: NucleiAI class with suggest_tags(), analyze_findings(), generate_templates() (up to 2 custom YAML templates per scan context)
  • main.py: scan_details field in ScanRequest, AI template pre-scan pass, merge results, pyyaml added to pip install
  • thearm_nuclei: enrich_tags() via Ollama, submit_scan() passes scan_details
  • 51-service-ollama.yml: placement via node.labels.nvidia.vgpu instead of hostname

C2 redirector Proxy Protocol (real client IPs in redirector_hits):

  • nginx.conf: listen 443 ssl proxy_protocol, log $proxy_protocol_addr
  • provision-redirector.sh: --port 443:443/tcp:proxy_proto
  • thearm_logpull: FLY_API_TOKEN env var (fix broken --access-token flag), level_re parser (fix rfind(']') bug finding wrong bracket)

ZAP/Faraday CPU fix (periodic 100% CPU on meta-69):

  • zap_scanner.py: time.sleep(0.15) throttle between Faraday POSTs
  • ZAP_CONCURRENCY 3→1, resource limits on zaproxy (2CPU/4G), zap-scanner (0.5CPU/256M), faraday (1.5CPU/2G)

Housekeeping:

  • startover.sh: force-restart nuclei-api after borodino deploy
  • Remove vulnx service (orphaned, superseded by nuclei)

Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com

Files Changed

M	borodino/redirector/nginx.conf
M	borodino/thearm_logpull
M	borodino/thearm_nuclei
M	oblast-1/zap_scanner.py
M	samsonov/nuclei_api/main.py
A	samsonov/nuclei_api/nuclei_ai.py
M	scripts/provision-redirector.sh
M	scripts/startover.sh
M	stack/40-service-borodino.yml
M	stack/51-service-ollama.yml

Diff Summary

 borodino/redirector/nginx.conf   |  12 +-
 borodino/thearm_logpull          |  24 ++--
 borodino/thearm_nuclei           |  82 ++++++++++-
 oblast-1/zap_scanner.py          |   1 +
 samsonov/nuclei_api/main.py      |  52 ++++++-
 samsonov/nuclei_api/nuclei_ai.py | 298 +++++++++++++++++++++++++++++++++++++++
 scripts/provision-redirector.sh  |   2 +-
 scripts/startover.sh             |   6 +
 stack/40-service-borodino.yml    |  79 ++++-------
 stack/51-service-ollama.yml      |   4 +-
 10 files changed, 482 insertions(+), 78 deletions(-)
Reference in New Issue View Git Blame Copy Permalink