Skip to content

Add a global flag to customize the User-Agent #152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
onSec-fr wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add a global flag to customize the User-Agent #152

onSec-fr wants to merge 3 commits into from
+16 −2

Conversation

@onSec-fr
Copy link

@onSec-fr onSec-fr commented Oct 7, 2025
edited by coderabbitai bot
Loading

Motivation

Previously, the User-Agent used by AzureHound was hardcoded and could only be changed by recompiling the binary.
This PR introduces a simple way to set a custom User-Agent at runtime using the --user-agent (-U) flag, making it easier for evasion or for debugging/identification purposes.

Main changes

  • Added a global --user-agent (-U) flag in the CLI configuration (config.go).
  • All HTTP requests now use the custom User-Agent if the flag is set; otherwise, they fall back to the default (constants-based) value.

Results

Capture d'écran 2025-10-07 105641

Summary by CodeRabbit

  • New Features
    • Added support for a custom User-Agent header applied to all HTTP requests.
    • Configure via the new "user-agent" setting or the -U command-line flag; the value is persisted across runs.
    • If not specified, the existing default User-Agent remains in effect.

✏️ Tip: You can customize this high-level summary in your review settings.

@onSec-fr
Add custom user agent option
f7bf368 
Allow specifying a custom user agent via the global flag --user-agent (-U).
If no value is provided, the application falls back to the default user agent.
@coderabbitai
Copy link

coderabbitai bot commented Oct 7, 2025
edited
Loading

Walkthrough

Adds a global user-agent config option and updates HTTP request creation to use config.UserAgent.Value() when non-empty, otherwise falling back to the existing constants.UserAgent(). No other request construction behavior changed.

Changes

Cohort / File(s) Summary
Config: Add UserAgent option
config/config.go		 Adds exported UserAgent config entry (name "user-agent", shorthand "U", usage "Custom User-Agent header", persistent true, default ""). Appends UserAgent to GlobalConfig.
HTTP client: Respect configurable User-Agent
client/rest/http.go		 NewRequest now sets User-Agent header from config.UserAgent.Value() if non-empty; otherwise uses constants.UserAgent(). Other query/body/Content-Type/Accept logic unchanged.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Caller
  participant REST as REST Client
  participant Cfg as Config
  participant HTTP as http.Request

  Caller->>REST: NewRequest(method, url, body)
  REST->>Cfg: UserAgent.Value()
  alt Non-empty UserAgent
    REST->>HTTP: Set header "User-Agent" = Cfg value
  else Empty UserAgent
    REST->>HTTP: Set header "User-Agent" = constants.UserAgent()
  end
  REST->>HTTP: Set query/body/Content-Type/Accept (unchanged)
  REST-->>Caller: *http.Request
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I twitch my whiskers at headers that glide,
A custom name now hops in stride.
If fields are empty, worry not—
The fallback keeps our headers hot.
Thump-thump, the request takes flight. 🐇✨

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: adding a global flag to customize the User-Agent header, which is exactly what the PR implements across config.go and http.go.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link

github-actions bot commented Oct 7, 2025
edited
Loading

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

@onSec-fr
Copy link
Author

onSec-fr commented Oct 7, 2025

I have read the CLA Document and I hereby sign the CLA

coderabbitai[bot]
coderabbitai bot reviewed Oct 7, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
client/rest/http.go (1)

131-137: LGTM! Consider adding input validation for User-Agent strings.

The type assertion and fallback logic are implemented correctly. The code safely checks if the config value is a non-empty string before using it, falling back to the default User-Agent otherwise.

However, consider adding basic validation to ensure the User-Agent string doesn't contain characters that could cause issues with HTTP headers (e.g., newlines, control characters). While http.Header.Set doesn't return errors, malformed headers could potentially cause unexpected behavior with certain servers or proxies.

Example validation:

// set azurehound as user-agent, use custom if set in config
ua := config.UserAgent.Value()
if s, ok := ua.(string); ok && s != "" {
	// Basic validation: reject if contains control characters
	if strings.ContainsAny(s, "\r\n\x00") {
		return nil, fmt.Errorf("invalid User-Agent: contains control characters")
	}
	req.Header.Set("User-Agent", s)
} else {
	req.Header.Set("User-Agent", constants.UserAgent())
}
config/config.go (1)

358-364: LGTM! Consider enhancing the usage documentation.

The config definition follows the established pattern and correctly sets all required fields. The empty default ensures the fallback behavior works as intended.

The usage text could be more descriptive to help users understand when and why they might want to customize the User-Agent (e.g., for evasion, debugging, or organizational identification purposes).

Example enhanced usage:

 UserAgent = Config{
 	Name:       "user-agent",
 	Shorthand:  "U",
-	Usage:      "Custom User-Agent header",
+	Usage:      "Custom User-Agent header for HTTP requests (useful for evasion, debugging, or identification)",
 	Persistent: true,
 	Default:    "",
 }
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6745e7b and f7bf368.

📒 Files selected for processing (2)
  • client/rest/http.go (1 hunks)
  • config/config.go (2 hunks)
🧰 Additional context used
🧬 Code graph analysis (2)
client/rest/http.go (1)
config/config.go (1)
  • UserAgent (358-364)
config/config.go (1)
config/internal/config.go (1)
  • Config (32-41)
🔇 Additional comments (2)
config/config.go (2)

375-375: LGTM!

The UserAgent config is correctly added to the GlobalConfig slice, making it available as a persistent global flag across all commands.

358-364: Shorthand “U” is unique – no other occurrences found in config definitions or command flags.

@onSec-fr
Copy link
Author

onSec-fr commented Oct 7, 2025
edited
Loading

I had the same need as #135

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@rvazarkar rvazarkar rvazarkar approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@onSec-fr @rvazarkar