.PHONY: build run stop logs test clean dev sandbox-up sandbox-down sandbox-logs \ test-bruteforce test-scanner test-valid test-whitelist bans stats # ============================================ # Main Development Targets # ============================================ # Build the custom Caddy image build: docker compose build --no-cache # Run the stack run: docker compose up -d # Stop the stack stop: docker compose down # View logs logs: docker compose logs -f # Development mode - rebuild and run dev: build run logs # Clean up clean: docker compose down -v docker rmi caddy-sip-guardian-caddy 2>/dev/null || true # ============================================ # Sandbox Testing Environment # ============================================ # Start the full testing sandbox (FreePBX + Caddy + test tools) sandbox-up: @echo "Starting SIP Guardian testing sandbox..." cd sandbox && docker compose up -d @echo "" @echo "Sandbox is starting. FreePBX takes a few minutes to initialize." @echo "Services:" @echo " - Caddy (SIP Guardian): localhost:5060 (UDP/TCP), localhost:5061 (TLS)" @echo " - Admin API: http://localhost:2020/api/sip-guardian/" @echo " - FreePBX Web: http://localhost:80 (once ready)" @echo "" @echo "Run 'make sandbox-logs' to monitor startup" # Stop sandbox sandbox-down: cd sandbox && docker compose down # Stop sandbox and remove volumes sandbox-clean: cd sandbox && docker compose down -v # View sandbox logs sandbox-logs: cd sandbox && docker compose logs -f # View only Caddy logs caddy-logs: cd sandbox && docker compose logs -f caddy # Start testing containers sandbox-test-containers: cd sandbox && docker compose --profile testing up -d # ============================================ # Attack Simulation Tests # ============================================ # Test brute force attack (should trigger ban) test-bruteforce: @echo "Starting brute force simulation..." cd sandbox && docker compose --profile testing up -d bruteforcer cd sandbox && docker compose exec bruteforcer python /scripts/bruteforce.py caddy -e 100-105 -c 5 -d 0.2 @echo "" @echo "Check ban list:" @curl -s http://localhost:2020/api/sip-guardian/bans | jq . # Test scanner detection (sipvicious patterns) test-scanner: @echo "Starting scanner simulation..." cd sandbox && docker compose --profile testing up -d attacker cd sandbox && docker compose exec attacker bash -c "pip install -q sipvicious && sipvicious_svwar -e100-110 caddy" @echo "" @echo "Check ban list:" @curl -s http://localhost:2020/api/sip-guardian/bans | jq . # Test valid registration (should NOT be blocked) test-valid: @echo "Testing valid registration..." cd sandbox && docker compose --profile testing up -d client cd sandbox && docker compose exec client python3 /scripts/valid_register.py caddy -e 100 -s password123 -r 3 @echo "" @echo "Stats (should show no bans for legitimate client):" @curl -s http://localhost:2020/api/sip-guardian/stats | jq . # Test whitelist functionality test-whitelist: @echo "Testing whitelist bypass..." @echo "Whitelisted client (172.28.0.50) sending many requests:" cd sandbox && docker compose --profile testing up -d client cd sandbox && docker compose exec client sh -c 'for i in $$(seq 1 20); do echo -e "REGISTER sip:caddy SIP/2.0\r\n\r\n" | nc -u -w1 caddy 5060; done' @echo "" @echo "Ban list (should NOT contain 172.28.0.50):" @curl -s http://localhost:2020/api/sip-guardian/bans | jq . # Send raw SIP OPTIONS (quick test) test-sip-options: @echo "Sending SIP OPTIONS request..." @echo -e "OPTIONS sip:test@localhost SIP/2.0\r\nVia: SIP/2.0/UDP 127.0.0.1:5060;branch=z9hG4bK-test\r\nFrom: ;tag=123\r\nTo: \r\nCall-ID: test-call@localhost\r\nCSeq: 1 OPTIONS\r\nMax-Forwards: 70\r\nContent-Length: 0\r\n\r\n" | nc -u -w2 localhost 5060 # ============================================ # Admin API Operations # ============================================ # Check ban list via admin API bans: @curl -s http://localhost:2020/api/sip-guardian/bans | jq . # View stats stats: @curl -s http://localhost:2020/api/sip-guardian/stats | jq . # Add test ban test-ban: @curl -X POST http://localhost:2020/api/sip-guardian/ban/192.168.1.100 \ -H "Content-Type: application/json" \ -d '{"reason": "test_ban"}' | jq . # Remove test ban test-unban: @curl -X POST http://localhost:2020/api/sip-guardian/unban/192.168.1.100 | jq . # Health check health: @curl -s http://localhost:2020/health # ============================================ # Debugging # ============================================ # Start tcpdump container to capture SIP traffic tcpdump: cd sandbox && docker compose --profile debug up -d tcpdump cd sandbox && docker compose logs -f tcpdump # Shell into Caddy container caddy-shell: cd sandbox && docker compose exec caddy sh # Shell into FreePBX container freepbx-shell: cd sandbox && docker compose exec freepbx bash # View Caddy config caddy-config: @curl -s http://localhost:2019/config/ | jq . # ============================================ # Help # ============================================ help: @echo "Caddy SIP Guardian - Development Makefile" @echo "" @echo "Main targets:" @echo " build - Build Docker image" @echo " dev - Build, run, and tail logs" @echo " clean - Stop and remove volumes" @echo "" @echo "Sandbox targets:" @echo " sandbox-up - Start full testing sandbox (FreePBX + Caddy)" @echo " sandbox-down - Stop sandbox" @echo " sandbox-logs - View sandbox logs" @echo "" @echo "Test targets:" @echo " test-bruteforce - Simulate brute force attack (should ban)" @echo " test-scanner - Simulate sipvicious scanner (should ban)" @echo " test-valid - Test legitimate registration (should pass)" @echo " test-whitelist - Test whitelist bypass" @echo "" @echo "Admin targets:" @echo " bans - List banned IPs" @echo " stats - View statistics" @echo " test-ban - Add test ban" @echo " test-unban - Remove test ban"