Merge pull request #66 from sudosammy/dev

fix alowlist bug and user-agent bug

.circleci/config.yml

@@ -5,7 +5,7 @@ jobs:
   build:
     working_directory: ~/repo
     docker:
-      - image: cimg/go:1.18-node
+      - image: cimg/go:1.20-node
     parallelism: 3
     steps:
       - checkout

README.md

@@ -18,7 +18,7 @@ Defenders also use canaries as tripwires that can alert them of an attacker with
 
 1. Download the [applicable 64-bit knary binary](https://github.com/sudosammy/knary/releases) __OR__ build knary from source:
 
-__Prerequisite:__ You need Go >=1.18 to build knary.
+__Prerequisite:__ You need Go >=1.20 to build knary.
 ```
 go install github.com/sudosammy/knary/v3@latest
 ```
@@ -69,7 +69,7 @@ If this were a denylist, it would stop knary from alerting on `www.knary.tld` bu
 
 If this were an allowlist, knary would alert on exact matches (`sam.knary.tld`) and subdomain matches (`website1.sam.knary.tld`). Use `ALLOWLIST_STRICT=true` to prevent this fuzzy matching and only alert on hits to `sam.knary.tld`.
 
-You can use both a deny and allowlist simultaneously. **Note:** wildcards in these files are not supported. An entry of `*.knary.tld` will match that string exactly.
+You can use both a deny and allowlist simultaneously, note the denylist always has the higher order of precedence. For example, a request to a subdomain that matches the allowlist, would still be denied if the User-Agent matches something in the denylist. **Note:** wildcards in these files are not supported. An entry of `*.knary.tld` will match that string exactly.
 
 2. The `DNS_SUBDOMAIN` configuration allows you to specify a subdomain that knary must fuzzy match (i.e. `*.DNS_SUBDOMAIN.knary.tld`) before alerting on DNS hits. This configuration does not affect HTTP(S) requests and remains primarily to mimic legacy knary v2 functionality. **Consider using a deny/allowlist instead.**
 

VERSION

@@ -1 +1 @@
-3.4.6
+3.4.7

go.mod

@@ -4,22 +4,22 @@ go 1.18
 
 require (
 	github.com/blang/semver/v4 v4.0.0
-	github.com/fatih/color v1.15.0
-	github.com/go-acme/lego/v4 v4.12.1
+	github.com/fatih/color v1.16.0
+	github.com/go-acme/lego/v4 v4.14.2
 	github.com/joho/godotenv v1.5.1
-	github.com/miekg/dns v1.1.54
+	github.com/miekg/dns v1.1.57
 	github.com/radovskyb/watcher v1.0.7
-	golang.org/x/net v0.10.0
+	golang.org/x/net v0.18.0
 )
 
 require (
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
-	golang.org/x/crypto v0.9.0 // indirect
-	golang.org/x/mod v0.10.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
-	golang.org/x/tools v0.9.3 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	golang.org/x/crypto v0.15.0 // indirect
+	golang.org/x/mod v0.14.0 // indirect
+	golang.org/x/sys v0.14.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/tools v0.15.0 // indirect
 )

go.sum

@@ -4,51 +4,51 @@ github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqy
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
-github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
-github.com/go-acme/lego/v4 v4.12.1 h1:Cy3FS7wADLNBqCLpz2wdfdNrThW9rZy8RCAfnUrL2uE=
-github.com/go-acme/lego/v4 v4.12.1/go.mod h1:UZoOlhVmUYP/N0z4tEbfUjoCNHRZNObzqWZtT76DIsc=
-github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
-github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
+github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
+github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
+github.com/go-acme/lego/v4 v4.14.2 h1:/D/jqRgLi8Cbk33sLGtu2pX2jEg3bGJWHyV8kFuUHGM=
+github.com/go-acme/lego/v4 v4.14.2/go.mod h1:kBXxbeTg0x9AgaOYjPSwIeJy3Y33zTz+tMD16O4MO6c=
+github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=
+github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
-github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/miekg/dns v1.1.54 h1:5jon9mWcb0sFJGpnI99tOMhCPyJ+RPVz5b63MQG0VWI=
-github.com/miekg/dns v1.1.54/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM=
+github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/radovskyb/watcher v1.0.7 h1:AYePLih6dpmS32vlHfhCeli8127LzkIgwJGcwwe8tUE=
 github.com/radovskyb/watcher v1.0.7/go.mod h1:78okwvY5wPdzcb1UYnip1pvrZNIVEIh/Cm+ZuvsUYIg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
-golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
-golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
-golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA=
+golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
+golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
+golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
+golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg=
+golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
+golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM=
-golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8=
+golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

libknary/dns.go

@@ -89,7 +89,11 @@ func goSendMsg(ipaddr, reverse, name, record string) bool {
 		Printy("Got "+record+" question for: "+name, 3)
 	}
 
-	if !inAllowlist(name, ipaddr) || inBlacklist(name, ipaddr) {
+	if inBlacklist(name, ipaddr) {
+		return false // we check denylist first for consistent 'order of precedence' with the HTTP allow/denylist checking
+	}
+
+	if !inAllowlist(name, ipaddr) {
 		return false
 	}
 

libknary/dns_test.go

@@ -7,8 +7,8 @@ import (
 	"time"
 )
 
-//code for 3 functions below here is taken and modified from
-//here: https://github.com/miekg/dns/blob/67373879ce327b5fd112d9301d0a4d62bad6b904/server_test.go
+// code for 3 functions below here is taken and modified from
+// here: https://github.com/miekg/dns/blob/67373879ce327b5fd112d9301d0a4d62bad6b904/server_test.go
 func GokuServer(w dns.ResponseWriter, req *dns.Msg) {
 	m := new(dns.Msg)
 	m.SetReply(req)

libknary/http.go

@@ -156,6 +156,12 @@ func Accept443(ln net.Listener, wg *sync.WaitGroup, restart <-chan bool) {
 	}
 }
 
+func httpRespond(conn net.Conn) bool {
+	conn.Write([]byte(" ")) // necessary as a 0 byte response triggers some clients to resend the request
+	conn.Close()            // v. important lol
+	return true
+}
+
 func handleRequest(conn net.Conn) bool {
 	// set timeout for reading responses
 	_ = conn.SetDeadline(time.Now().Add(time.Second * time.Duration(2))) // 2 seconds
@@ -243,43 +249,49 @@ func handleRequest(conn net.Conn) bool {
 				}
 			}
 
-			// take off the header name for the user agent
-			userAgent = strings.TrimPrefix(strings.ToLower(userAgent), "user-agent:")
-			hostDomain := strings.TrimPrefix(strings.ToLower(host), "host:") // trim off the "Host:" section of header
+			// take off the headers for the allow/denylist search
+			searchUserAgent := strings.TrimPrefix(strings.ToLower(userAgent), "user-agent:")
+			searchDomain := strings.TrimPrefix(strings.ToLower(host), "host:") // trim off the "Host:" section of header
 
-			if inAllowlist(hostDomain, conn.RemoteAddr().String(), fwd) && !inBlacklist(hostDomain, conn.RemoteAddr().String(), fwd) && inAllowlist(userAgent) && !inBlacklist(userAgent) {
-				var msg string
-				var fromIP string
+			// these conditionals were bugged in <=3.4.6 whereby subdomains/ips in the allowlist weren't allowed unless the user-agent was ALSO in the allowlist
+			// it should be easier to grok now
+			if inBlacklist(searchUserAgent, searchDomain, conn.RemoteAddr().String(), fwd) { // inBlacklist returns false on empty/unused denylists
+				return httpRespond(conn)
+			}
+
+			if !inAllowlist(searchUserAgent, searchDomain, conn.RemoteAddr().String(), fwd) { // inAllowlist returns true on empty/unused allowlists
+				return httpRespond(conn)
+			}
+
+			var msg string
+			var fromIP string
+
+			if fwd != "" {
+				fromIP = fwd // use this when burp collab mode is active
+			} else {
+				fromIP = conn.RemoteAddr().String()
+			}
 
-				if fwd != "" {
-					fromIP = fwd // use this when burp collab mode is active
+			if cookie != "" {
+				if os.Getenv("FULL_HTTP_REQUEST") != "" {
+					msg = fmt.Sprintf("%s\n```Query: %s\n%s\n%s\nFrom: %s\n\n---------- FULL REQUEST ----------\n%s\n----------------------------------", host, query, userAgent, cookie, fromIP, response)
 				} else {
-					fromIP = conn.RemoteAddr().String()
+					msg = fmt.Sprintf("%s\n```Query: %s\n%s\n%s\nFrom: %s", host, query, userAgent, cookie, fromIP)
 				}
-
-				if cookie != "" {
-					if os.Getenv("FULL_HTTP_REQUEST") != "" {
-						msg = fmt.Sprintf("%s\n```Query: %s\n%s\n%s\nFrom: %s\n\n---------- FULL REQUEST ----------\n%s\n----------------------------------", host, query, userAgent, cookie, fromIP, response)
-					} else {
-						msg = fmt.Sprintf("%s\n```Query: %s\n%s\n%s\nFrom: %s", host, query, userAgent, cookie, fromIP)
-					}
+			} else {
+				if os.Getenv("FULL_HTTP_REQUEST") != "" {
+					msg = fmt.Sprintf("%s\n```Query: %s\n%s\nFrom: %s\n\n---------- FULL REQUEST ----------\n%s\n----------------------------------", host, query, userAgent, fromIP, response)
 				} else {
-					if os.Getenv("FULL_HTTP_REQUEST") != "" {
-						msg = fmt.Sprintf("%s\n```Query: %s\n%s\nFrom: %s\n\n---------- FULL REQUEST ----------\n%s\n----------------------------------", host, query, userAgent, fromIP, response)
-					} else {
-						msg = fmt.Sprintf("%s\n```Query: %s\n%s\nFrom: %s", host, query, userAgent, fromIP)
-					}
+					msg = fmt.Sprintf("%s\n```Query: %s\n%s\nFrom: %s", host, query, userAgent, fromIP)
 				}
+			}
 
-				go sendMsg(msg + "```")
-				if os.Getenv("DEBUG") == "true" {
-					logger("INFO", fromIP+" - "+host)
-				}
+			go sendMsg(msg + "```")
+			if os.Getenv("DEBUG") == "true" {
+				logger("INFO", fromIP+" - "+host)
 			}
 		}
 	}
 
-	conn.Write([]byte(" ")) // necessary as a 0 byte response triggers some clients to resend the request
-	conn.Close()            // v. important lol
-	return true
+	return httpRespond(conn)
 }

libknary/lego/cert_storage.go

@@ -21,13 +21,14 @@ import (
 )
 
 // GetCertPath():
-//     /knary/certs/
-//                └── root certificates directory
+//
+//	/knary/certs/
+//	           └── root certificates directory
 //
 // archive file path:
-//     /knary/certs/archives/
-//                    └── archived certificates directory
 //
+//	/knary/certs/archives/
+//	               └── archived certificates directory
 func GetCertPath() string {
 	var certFolderName string
 	var certPath string

libknary/notificationctrl.go

@@ -34,20 +34,18 @@ func (a *blacklist) updateD(term string) bool {
 	if term == "" {
 		return false // would happen if there's no X-Forwarded-For header
 	}
-	item := standerdiseListItem(term)
 	a.mutex.Lock()
-	a.deny[item] = time.Now()
+	a.deny[term] = time.Now()
 	a.mutex.Unlock()
 	return true
 }
 
 // search for a denied domain/IP
 func (a *blacklist) searchD(term string) bool {
-	item := standerdiseListItem(term)
 	a.mutex.Lock()
 	defer a.mutex.Unlock()
 
-	if _, ok := a.deny[item]; ok {
+	if _, ok := a.deny[term]; ok {
 		return true // found!
 	}
 	return false
@@ -116,7 +114,7 @@ func LoadBlacklist() (bool, error) {
 
 	for scanner.Scan() { // foreach denied item
 		if scanner.Text() != "" {
-			denied.updateD(scanner.Text())
+			denied.updateD(standerdiseListItem(scanner.Text()))
 			denyCount++
 		}
 	}
@@ -138,6 +136,7 @@ func inAllowlist(needles ...string) bool {
 				// strict matching. don't match subdomains
 				if needle == allowed[i].allow {
 					if os.Getenv("DEBUG") == "true" {
+						logger("INFO", "Found "+needle+" in allowlist (strict mode)")
 						Printy(needle+" matches allowlist", 3)
 					}
 					return true
@@ -146,6 +145,7 @@ func inAllowlist(needles ...string) bool {
 				// allow fuzzy matching
 				if strings.HasSuffix(needle, allowed[i].allow) {
 					if os.Getenv("DEBUG") == "true" {
+						logger("INFO", "Found "+needle+" in allowlist")
 						Printy(needle+" matches allowlist", 3)
 					}
 					return true
@@ -158,6 +158,7 @@ func inAllowlist(needles ...string) bool {
 
 func inBlacklist(needles ...string) bool {
 	for _, needle := range needles {
+		needle := standerdiseListItem(needle)
 		if denied.searchD(needle) {
 			denied.updateD(needle) // found!
 

libknary/util.go

@@ -244,7 +244,7 @@ func HeartBeat(version string, firstrun bool) (bool, error) {
 
 	// print allowed items (if any)
 	if allowCount > 0 {
-		beatMsg += strconv.Itoa(allowCount) + " allowed subdomains / IPs: \n"
+		beatMsg += strconv.Itoa(allowCount) + " allowed subdomains, User-Agents, IPs: \n"
 		if os.Getenv("ALLOWLIST_STRICT") == "true" {
 			beatMsg += "(Operating in strict mode) \n"
 		}
@@ -257,7 +257,7 @@ func HeartBeat(version string, firstrun bool) (bool, error) {
 
 	// print denied items (if any)
 	if denyCount > 0 {
-		beatMsg += strconv.Itoa(denyCount) + " denied subdomains / User-Agents / IPs: \n"
+		beatMsg += strconv.Itoa(denyCount) + " denied subdomains, User-Agents, IPs: \n"
 		beatMsg += "------------------------\n"
 		for subdomain := range denied.deny {
 			beatMsg += subdomain + "\n"

main.go

@@ -15,7 +15,7 @@ import (
 )
 
 const (
-	VERSION       = "3.4.6"
+	VERSION       = "3.4.7"
 	GITHUB        = "https://github.com/sudosammy/knary"
 	GITHUBVERSION = "https://raw.githubusercontent.com/sudosammy/knary/master/VERSION"
 )