Slug Management

⚠️ Authorized Use Only: This system is designed for authorized security testing and penetration testing. Always obtain proper written authorization before conducting any phishing simulation.

What are Slugs?

In Sauron, slugs are unique identifiers that create isolated phishing operations. Each slug generates a unique URL path that tracks victims and captures credentials separately.

Slug Format Examples

  • sales-q1 (4-16 characters)
  • test_2024 (alphanumeric with _ -)
  • a1b2c3d4-e5f6-7890-abcd-1234567890ab (UUID)

URL Structure

https://yourdomain.com/sales-q1
https://yourdomain.com/test_2024
https://yourdomain.com/uuid-slug

How Slugs Work

Request Flow

1

Slug Extraction

Sauron extracts the slug from the URL path, query parameter, or cookie

Path: /sales-q1 → slug="sales-q1"
Query: /?slug=test_2024 → slug="test_2024"
Cookie: o365_slug=uuid-slug → slug="uuid-slug"
2

Validation

Validates slug format and checks if it exists in the database

3

Context Injection

Adds slug to request context and sets cookie for subsequent requests

4

Data Tracking

All captured data (credentials, 2FA, cookies) is tagged with the slug

Slug Validation Rules

✅ Valid Formats

  • • 4-16 characters: test, sales-2024
  • • Alphanumeric with - and _: team_1
  • • UUID format: 123e4567-e89b-12d3-a456-426614174000

❌ Invalid Formats

  • • Too short: ab (less than 4 chars)
  • • Too long: verylongslugname123 (over 16 chars)
  • • Special chars: test@slug, slug%20
  • • Spaces: test slug

Creating and Managing Slugs

Database Management

Slugs are stored in the SQLite database in the user_links table, mapped to user IDs for multi-tenant support. 

# Access SQLite database directly
sqlite3 config.db

# View existing slugs
SELECT * FROM user_links;

# Add a new slug for user
INSERT INTO user_links (user_id, slug) VALUES ('user123', 'new-slug');

# Remove a slug
DELETE FROM user_links WHERE slug = 'old-slug';

WebSocket Dashboard Management

The WebSocket dashboard provides real-time slug management through the admin interface.

Access Dashboard

Connect to: wss://yourdomain.com/ws

Authenticate with your admin key

Create New Slug

Use the dashboard interface to generate new slugs

Automatically validates format and uniqueness

Monitor Activity

Real-time statistics for visits, logs, valid/invalid attempts

Slug Statistics and Monitoring

Tracked Metrics

📊 Visits

Total number of unique visitors to the slug URL

Incremented via: configdb.IncVisit(slug)

📝 Logs

Number of actions/events logged for this slug

Incremented via: configdb.IncLog(slug)

✅ Valid

Successful credential captures or valid interactions

Incremented via: configdb.IncValid(slug)

❌ Invalid

Failed attempts or invalid submissions

Incremented via: configdb.IncInvalid(slug)

Statistics API

Get Individual Slug Stats

GET /stats?slug=your-slug-here

Response:
{
  "visits": 150,
  "logs": 89,
  "valid": 23,
  "invalid": 12
}

WebSocket Real-time Stats

// Connect to WebSocket and receive real-time updates
{
  "type": "slug_stats",
  "slug": "sales-q1",
  "data": {
    "visits": 151,
    "logs": 90,
    "valid": 24,
    "invalid": 12
  }
}

Firestore Integration

Cloud Storage

Slug statistics are automatically synced to Google Firestore for persistent storage and multi-instance synchronization.

Benefits

  • • Persistent data across restarts
  • • Multi-instance synchronization
  • • Backup and recovery
  • • Historical data retention

Automatic Operations

  • • Increment operations sync to cloud
  • • Real-time updates across instances
  • • User-specific data isolation
  • • Secure admin key authentication

Best Practices

✅ Recommended

  • • Use descriptive slug names (e.g., "finance-q1", "hr-test")
  • • Keep slugs short but meaningful
  • • Use UUIDs for high-security operations
  • • Monitor slug statistics regularly
  • • Clean up unused slugs periodically
  • • Document slug purposes for team coordination
  • • Use consistent naming conventions

❌ Avoid

  • • Using predictable sequential names
  • • Reusing slugs across different operations
  • • Including sensitive information in slug names
  • • Creating too many unused slugs
  • • Using easily guessable patterns
  • • Ignoring validation errors
  • • Leaving old slugs active indefinitely

Advanced Slug Management

Slug Middleware Implementation

Understanding how the slug middleware works internally can help with troubleshooting and custom implementations.

Middleware Priority Order:

  1. 1. URL Path: /slug-name/rest/of/path
  2. 2. Query Parameter: ?slug=slug-name
  3. 3. Cookie: o365_slug=slug-name

Multi-tenant Considerations

Each slug is associated with a specific user ID, enabling multi-tenant deployments where different users can have isolated operations.

Note: User ID mapping is handled automatically by the system. Manual user management requires direct database access.