Havoc#

InfraGuard parses Havoc’s listener YAML to extract HTTP patterns and headers for the Demon agent.

Config#

domains:
  support.example.com:
    upstream: "${HAVOC_UPSTREAM}"
    profile_path: "profiles/havoc-listener.yaml"
    profile_type: "havoc"

    drop_action:
      type: "redirect"
      target: "https://support.example.com/help"

See config/examples/c2-havoc.yaml.

Listener YAML Format#

InfraGuard reads the Havoc listener config YAML. Fields extracted:

  • Listener.Hosts / Listener.Uris — URI patterns
  • Listener.Headers — required headers
  • Demon.UserAgent — expected User-Agent
pipeline:
  filter_mode: "scoring"
  block_score_threshold: 0.65
  enable_profile_filter: true
  enable_sandbox_filter: true
  enable_enumeration_filter: true
Backward Sliver Nighthawk Forward