79c2a4d4bf
Replace monolithic CLI and web server with route-based Flask API. New routes: api_commands, api_build, api_can, api_monitor, api_ota, api_tunnel. Add honeypot security dashboard with real-time SSE, MITRE ATT&CK mapping, kill chain analysis. New TUI with commander/help modules. Add session management, tunnel proxy core, CAN bus data store. Docker support.
86 lines
2.2 KiB
Plaintext
86 lines
2.2 KiB
Plaintext
# ============================================================
|
|
# C3PO - ESPILON C2 Server Configuration
|
|
# ============================================================
|
|
# Copy this file to .env and change the values below:
|
|
# cp .env.example .env
|
|
#
|
|
# IMPORTANT: Change ALL default passwords and tokens before
|
|
# any deployment outside a local lab.
|
|
# ============================================================
|
|
|
|
# ===================
|
|
# C2 Server
|
|
# ===================
|
|
C2_HOST=0.0.0.0
|
|
C2_PORT=2626
|
|
|
|
# ===================
|
|
# Camera UDP Receiver
|
|
# ===================
|
|
UDP_HOST=0.0.0.0
|
|
UDP_PORT=5000
|
|
UDP_BUFFER_SIZE=65535
|
|
|
|
# ===================
|
|
# Web Dashboard (Flask)
|
|
# ===================
|
|
WEB_HOST=0.0.0.0
|
|
WEB_PORT=8000
|
|
|
|
# ===================
|
|
# Security — CHANGE THESE VALUES
|
|
# ===================
|
|
# Token for authenticating camera frames (must match ESP firmware CONFIG_CAMERA_UDP_TOKEN)
|
|
CAMERA_SECRET_TOKEN=Sup3rS3cretT0k3n
|
|
|
|
# Flask session secret (CHANGE in production!)
|
|
FLASK_SECRET_KEY=change_this_for_prod
|
|
|
|
# Web interface credentials (CHANGE in production!)
|
|
WEB_USERNAME=admin
|
|
WEB_PASSWORD=admin
|
|
|
|
# MLAT API bearer token
|
|
MULTILAT_AUTH_TOKEN=multilat_secret_token
|
|
|
|
# ===================
|
|
# CORS — Allowed origins (comma-separated)
|
|
# ===================
|
|
# Leave empty to allow all origins (dev only!)
|
|
CORS_ALLOWED_ORIGINS=http://localhost:8000,http://127.0.0.1:8000
|
|
|
|
# ===================
|
|
# Rate Limiting
|
|
# ===================
|
|
# Global rate limit for all endpoints (per IP)
|
|
RATE_LIMIT_DEFAULT=200 per minute
|
|
# Login endpoint rate limit (brute-force protection)
|
|
RATE_LIMIT_LOGIN=5 per minute
|
|
|
|
# ===================
|
|
# Storage
|
|
# ===================
|
|
IMAGE_DIR=static/streams
|
|
|
|
# ===================
|
|
# Video Recording
|
|
# ===================
|
|
VIDEO_ENABLED=true
|
|
VIDEO_PATH=static/streams/record.avi
|
|
VIDEO_FPS=10
|
|
VIDEO_CODEC=MJPG
|
|
|
|
# ===================
|
|
# Tunnel / SOCKS5 Proxy
|
|
# ===================
|
|
# SOCKS5 listen address (local proxy for proxychains/tools)
|
|
TUNNEL_SOCKS_HOST=127.0.0.1
|
|
TUNNEL_SOCKS_PORT=1080
|
|
# Port where ESP32 bots connect back for tunnel framing
|
|
TUNNEL_LISTEN_PORT=2627
|
|
|
|
# ===================
|
|
# Honeypot Dashboard (optional)
|
|
# ===================
|
|
# HP_DASHBOARD_PATH=/path/to/espilon-honey-pot/tools
|