Add a global flag to customize the User-Agent

[onSec-fr]

Motivation

Previously, the User-Agent used by AzureHound was hardcoded and could only be changed by recompiling the binary.
This PR introduces a simple way to set a custom User-Agent at runtime using the --user-agent (-U) flag, making it easier for evasion or for debugging/identification purposes.

Main changes

• Added a global --user-agent (-U) flag in the CLI configuration (config.go).
• All HTTP requests now use the custom User-Agent if the flag is set; otherwise, they fall back to the default (constants-based) value.

Results

Summary by CodeRabbit

• New Features
  • Added support for a custom User-Agent header on all HTTP requests.
  • Configure via the new “user-agent” setting or the -U command-line flag; the value is persisted.
  • If not specified, the default User-Agent continues to be used.

[coderabbitai]

Walkthrough

Adds a configurable User-Agent option to global config and updates HTTP request creation to use it when set, otherwise falling back to the existing default. No other request construction behavior is changed.

Changes

Cohort / File(s)	Summary
Config: Add UserAgent option config/config.go	Adds exported UserAgent config entry (name "user-agent", shorthand "U", usage "Custom User-Agent header", persistent true, default ""). Appends UserAgent to GlobalConfig.
HTTP client: Respect configurable User-Agent client/rest/http.go	In NewRequest, sets User-Agent header from config.UserAgent.Value() if non-empty; otherwise uses constants.UserAgent(). Other query/body/headers unchanged.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Caller
  participant REST as REST Client
  participant Cfg as Config
  participant HTTP as http.Request

  Caller->>REST: NewRequest(method, url, body)
  REST->>Cfg: UserAgent.Value()
  alt Non-empty UserAgent
    REST->>HTTP: Set header "User-Agent" = Cfg value
  else Empty UserAgent
    REST->>HTTP: Set header "User-Agent" = constants.UserAgent()
  end
  REST->>HTTP: Set query/body/Content-Type/Accept (unchanged)
  REST-->>Caller: *http.Request

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I twitch my whiskers at headers that glide,
A custom name now hops in stride.
If fields are empty, no need to fret—
The fallback’s ready, safe and set.
Thump-thump goes CI, green and bright,
User-Agent tuned, we leap to light. 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title accurately summarizes the primary change of adding a global CLI flag for customizing the User-Agent header, directly reflecting the PR’s objectives. It is concise, specific, and clearly tied to the implemented modifications without including extraneous details. A teammate reviewing the commit history would immediately understand that the change introduces a runtime option for setting a custom User-Agent. This phrasing avoids vague terms and focuses on the key enhancement.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

[onSec-fr]

I have read the CLA Document and I hereby sign the CLA

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

client/rest/http.go (1)

131-137: LGTM! Consider adding input validation for User-Agent strings.

The type assertion and fallback logic are implemented correctly. The code safely checks if the config value is a non-empty string before using it, falling back to the default User-Agent otherwise.

However, consider adding basic validation to ensure the User-Agent string doesn't contain characters that could cause issues with HTTP headers (e.g., newlines, control characters). While http.Header.Set doesn't return errors, malformed headers could potentially cause unexpected behavior with certain servers or proxies.

Example validation:

// set azurehound as user-agent, use custom if set in config
ua := config.UserAgent.Value()
if s, ok := ua.(string); ok && s != "" {
	// Basic validation: reject if contains control characters
	if strings.ContainsAny(s, "\r\n\x00") {
		return nil, fmt.Errorf("invalid User-Agent: contains control characters")
	}
	req.Header.Set("User-Agent", s)
} else {
	req.Header.Set("User-Agent", constants.UserAgent())
}

config/config.go (1)

358-364: LGTM! Consider enhancing the usage documentation.

The config definition follows the established pattern and correctly sets all required fields. The empty default ensures the fallback behavior works as intended.

The usage text could be more descriptive to help users understand when and why they might want to customize the User-Agent (e.g., for evasion, debugging, or organizational identification purposes).

Example enhanced usage:

 UserAgent = Config{
 	Name:       "user-agent",
 	Shorthand:  "U",
-	Usage:      "Custom User-Agent header",
+	Usage:      "Custom User-Agent header for HTTP requests (useful for evasion, debugging, or identification)",
 	Persistent: true,
 	Default:    "",
 }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6745e7b and f7bf368.

📒 Files selected for processing (2)

• client/rest/http.go (1 hunks)
• config/config.go (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

client/rest/http.go (1)

config/config.go (1)

• UserAgent (358-364)

config/config.go (1)

config/internal/config.go (1)

• Config (32-41)

🔇 Additional comments (2)

config/config.go (2)

375-375: LGTM!

The UserAgent config is correctly added to the GlobalConfig slice, making it available as a persistent global flag across all commands.

---

358-364: Shorthand “U” is unique – no other occurrences found in config definitions or command flags.

[onSec-fr]

I had the same need as #135