LoganthP/VoidSentinal-Honeypot

# 🌟 主要特性 ## 🎯 蜜罐陷阱 - 📂 **Fake S3 Bucket** — 模拟 AWS S3 操作 (`GET`, `PUT`, `DELETE`) - 🔑 **Fake AWS Credentials** — 诱骗凭证窃取者 - 🔐 **Fake Admin Login Portal** — 捕获暴力破解尝试 - 🗄️ **Fake Database Config Leak** — 暴露诱饵机密 ## 🤖 AI 驱动的威胁画像 - ⚡ **5 提供商 AI 瀑布引擎** - 🧠 **Groq → Gemini → OpenRouter → Rule-Based** - 📉 **对数威胁评分** - 💾 **SQLite 缓存画像** - 🚨 **5 层威胁分级** ## 🌍 实时威胁仪表板 - 🗺️ 带有曲线攻击流线的全球威胁地图 - 📍 地理定位的攻击者标记 - 📊 实时事件流 - 📜 滑动式实时事件日志抽屉 - 🧠 动画 AI 画像卡片 - 📈 遥测 + 分析模块 ## ⚔️ 攻击模拟器 - 🌎 来自 15+ 个国家的 25 个模拟攻击者 - 🕹️ 4 种模拟速度 - ⏱️ 自动终止控制 - 🎛️ 动态速度调整 # 🏗️ 系统架构 ``` flowchart TD A[🌐 External Attackers / Bots] --> B[🪤 Honeypot Trap Layer] subgraph TrapLayer [Honeypot Services] B1[Fake S3 Bucket] B2[Fake AWS Credentials] B3[Fake Admin Login] B4[Fake DB Config Leak] end B --> B1 B --> B2 B --> B3 B --> B4 B1 --> C[📥 Event Capture Engine] B2 --> C B3 --> C B4 --> C C --> D[🌍 IP Geolocation Service] D --> E[🗄️ SQLite Database] E --> F[🤖 AI Profiling Engine] subgraph AIEngine [Threat Intelligence Waterfall] F1[Groq] F2[Gemini] F3[OpenRouter] F4[Rule-Based Engine] end F --> F1 F --> F2 F --> F3 F --> F4 F --> G[📊 Threat Score Generation] G --> H[⚡ React Dashboard] subgraph Dashboard [Visualization Layer] H1[Global Threat Map] H2[Live Event Feed] H3[AI Profile Cards] H4[Telemetry] H5[Analytics Charts] end H --> H1 H --> H2 H --> H3 H --> H4 H --> H5 I[🎮 Attack Simulator] --> B ``` # 🛠️ 技术栈 | Layer | Technology | |-------|------------| | **Backend** | Python, Flask, SQLite | | **Frontend** | React, Vite | | **AI Models** | Groq, Gemini, OpenRouter | | **Visualization** | Leaflet, Recharts | | **Geolocation** | ip-api.com | | **Alerts** | Slack Webhooks | # ⚡ 快速开始 ## 1️⃣ 后端设置 ``` cd backend pip install flask flask-cors python-dotenv requests groq google-generativeai openai pdfplumber pandas cp .env.example .env python db.py python app.py ``` ## 2️⃣ 前端设置 ``` cd frontend npm install npm run dev ``` # 🔐 环境变量 在 **backend/.env** 中配置 | Variable | Purpose | |---------|---------| | GROQ_API_KEY | Primary AI Model | | GEMINI_API_KEY | Fallback AI | | OPENROUTER_API_KEY | Last-Resort AI | | SLACK_WEBHOOK_URL | Alert Notifications | # 🧪 测试蜜罐 ``` curl -X POST http://localhost:5000/admin/login \ -H "Content-Type: application/json" \ -d '{"user":"admin","pass":"admin123"}' ``` ``` curl http://localhost:5000/aws/credentials ``` ``` curl http://localhost:5000/fake-s3/prod-backup/db-dump.sql ``` # 📡 API 端点 ## Honeypot API | Endpoint | Method | Description | |---------|-------|------------| | `/fake-s3//` | GET/PUT/DELETE | Fake S3 Access | | `/aws/credentials` | GET/POST | Fake AWS Keys | | `/admin/login` | GET/POST | Admin Login Trap | | `/config/database` | GET | Fake DB Leak | ## Simulator API | Endpoint | Method | |---------|-------| | `/api/simulator/start` | POST | | `/api/simulator/stop` | POST | | `/api/simulator/status` | GET | # 📂 项目结构 ``` Honeypot/ ├── backend/ │ ├── uploads/ │ ├── app.py │ ├── analyzer.py │ ├── capture.py │ ├── db.py │ ├── simulator.py │ ├── alerter.py │ └── honeypot.db │ ├── frontend/ │ ├── src/ │ │ ├── App.jsx │ │ ├── Dashboard.jsx │ │ ├── ThreatMap.jsx │ │ ├── ProfileCard.jsx │ │ ├── Telemetry.jsx │ │ └── ... │ │ │ ├── package.json │ └── vite.config.js │ └── README.md ``` # 🚀 未来增强 - [ ] Kubernetes Honeypot Support - [ ] Machine Learning Anomaly Detection - [ ] SIEM Integration - [ ] Multi-Tenant Architecture - [ ] Docker Deployment # 📜 License **Educational / Research Purposes Only** ⚠️ Do not deploy honeypots without authorization.

标签：AI分析, AMSI绕过, AWS仿真, BOF, CISA项目, Flask, HTTP/HTTPS抓包, PoC, Python, React, S3蜜罐, SQLite, Syscalls, 人工智能, 全球威胁地图, 可视化大屏, 威胁情报, 威胁检测, 安全运营, 密码管理, 开发者工具, 态势感知, 扫描框架, 攻击画像, 无后门, 暴力破解, 欺骗防御, 用户模式Hook绕过, 网络安全, 网络攻防, 自定义脚本, 蜜罐, 证书利用, 逆向工具, 隐私保护