anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(net): stealth-egress httpx client factory

Browse Source 
Outbound calls to 3rd-party services (threat-intel providers, future TI
lookups) MUST NOT advertise 'DECNET' in their user-agent — operators
running honeypots want their reconnaissance dependencies to look like
generic infra. New decnet.net.http.stealth_client() returns a fresh
httpx.AsyncClient with a curl-shaped UA (pinned to a single constant so
future siblings — browser-shaped, Go-shaped — sit next to it cleanly).

Internal egress (webhook → operator's own SIEM, swarm worker → master)
keeps its DECNET-tagged UA; the docstring is explicit about not routing
those through this client.
This commit is contained in:
anti
2026-04-26 04:59:34 -04:00
parent 023bc1993d
commit 58ca9075db
3 changed files with 131 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
decnet/net/__init__.py Normal file
View File

@@ -0,0 +1,7 @@
"""Shared network helpers.
Currently houses :mod:`decnet.net.http` — the canonical stealth-egress
``httpx.AsyncClient`` factory for outbound calls to 3rd-party services
that should NOT see "DECNET" in their access logs (threat-intel
providers, future TI lookups, etc.).
"""