From e459266e9c450595f7a09a61a04f7be7f7ee4094 Mon Sep 17 00:00:00 2001 From: mblanke Date: Mon, 29 Dec 2025 10:16:17 -0500 Subject: [PATCH] Persist dashboard projects data and tighten nmap host filter --- docker-compose.yml | 2 ++ services/kali-executor/app/main.py | 11 +++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 7f3a1f5..89956cf 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,6 +11,8 @@ services: - HACKGPT_API_URL=http://strikepackage-hackgpt-api:8001 - LLM_ROUTER_URL=http://strikepackage-llm-router:8000 - KALI_EXECUTOR_URL=http://strikepackage-kali-executor:8002 + volumes: + - ./data/dashboard:/app/data depends_on: - hackgpt-api - llm-router diff --git a/services/kali-executor/app/main.py b/services/kali-executor/app/main.py index 1024353..8c00656 100644 --- a/services/kali-executor/app/main.py +++ b/services/kali-executor/app/main.py @@ -294,11 +294,10 @@ def parse_nmap_xml(xml_output: str) -> List[Dict[str, Any]]: if not host["os_type"] and host["ports"]: host["os_type"] = infer_os_from_ports(host["ports"]) - # Only include hosts that have either: - # 1. At least one open port (proves real service) - # 2. A valid MAC address (proves real local device) - # This filters out false positives from router proxy ARP - if host["ip"] and (host["ports"] or host["mac"]): + # Only include hosts with at least one OPEN port + # This prevents false positives from proxy ARP responses + # where routers respond for all IPs even if device is offline + if host["ip"] and host["ports"]: hosts.append(host) except ET.ParseError as e: @@ -311,7 +310,7 @@ def parse_nmap_text(output: str) -> List[Dict[str, Any]]: """Parse nmap text output as fallback. Only returns hosts that have at least one OPEN port. - Hosts that respond to ping/ARP but have no open ports are filtered out. + Filters out false positives from router proxy ARP (where all IPs appear "up"). """ hosts = [] current_host = None