sami-tor/IntelForge-beta

GitHub: sami-tor/IntelForge-beta

一款整合多源数据采集、全文与向量搜索及 30+ 威胁情报模块的网络安全 OSINT 平台,帮助分析师实现威胁情报的自动化采集、关联分析和报告生成。

Stars: 1 | Forks: 0

# IntelForge-beta [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE) [![Next.js](https://img.shields.io/badge/Next.js-16-black)](https://nextjs.org/) [![TypeScript](https://img.shields.io/badge/TypeScript-5-blue)](https://www.typescriptlang.org/) **Repository:** `IntelForge-beta` (公测版) **文档:** [`docs/`](docs/) · [安装指南](docs/SETUP.md) · [API 参考](docs/API-REFERENCE.md) · [架构](docs/CODEBASE-DEEP-STRUCTURE.md) ## 项目结构 ``` intelforge/ │ ├── src/ # All application source code │ ├── app/ # Next.js 16 App Router — pages & API routes │ │ ├── intelligence/ # 30+ threat intelligence modules │ │ ├── admin/ # Multi-tenant admin panel │ │ ├── api/ # REST API endpoints (auth, intel, admin, search) │ │ ├── dashboard/ # User dashboard │ │ ├── cases/ # Case/investigation management │ │ ├── reports/ # Report generation │ │ ├── search/ # Global search UI │ │ └── (auth pages) # Login, Register, Password reset │ ├── components/ # React component library │ │ ├── intelligence/ # Threat score gauge, forecast charts, geo-heatmap │ │ ├── search/ # Advanced search modals, archive viewer │ │ └── ui/ # Reusable UI primitives (shadcn/ui) │ ├── lib/ # Core backend logic │ │ ├── intel/ # Intelligence modules │ │ │ ├── automation/ # Action queue, correlator, briefing generator, threat score │ │ │ ├── connectors/ # WHOIS, DNS lookup connectors │ │ │ └── fetchers/ # CVE, ransomware, malware, phishing, darknet fetchers │ │ ├── integrations/ # MISP, SIEM formatter, webhook dispatcher │ │ ├── db.ts # PostgreSQL connection pool │ │ ├── auth.ts # JWT authentication (access + refresh tokens) │ │ ├── security.ts # Security middleware & audit logging │ │ └── validation.ts # Zod-based request validation schemas │ ├── hooks/ # Custom React hooks (useIsMobile, useToast) │ ├── styles/ # Global CSS styles │ ├── public/ # Static assets │ ├── tests/ # Node.js test suite (12 suites, 84 test cases) │ ├── proxy.ts # Next.js 16 proxy (middleware) — auth, rate limiting, security headers │ ├── next.config.mjs # Next.js configuration │ ├── tailwind.config.ts # Tailwind CSS configuration │ ├── tsconfig.json # TypeScript configuration │ ├── components.json # shadcn/ui component registry │ ├── postcss.config.mjs # PostCSS configuration │ └── AGENTS.md # Project conventions & learned preferences │ ├── scrapers/ # All scraping & data collection services │ ├── services/ # Python scraping services │ │ ├── face_scraper/ # Face detection, embedding, deduplication pipeline │ │ ├── image_indexer/ # Image embedding and Milvus indexing pipeline │ │ ├── threads_scraper/ # Threads/social media scraping utilities │ │ └── forum_monitor/ # Dark web forum monitoring service │ ├── visual-search/ # FastAPI visual/face search microservice │ │ └── service/app.py # Face search, visual search API endpoints │ ├── threadcoreface/ # Standalone face identification utility tool │ └── telegram-scraper/ # Standalone Telegram data scraper │ ├── indexer/ # All indexing & search services │ ├── cmd/ # Go microservices │ │ ├── search-api/ # REST search API (Quickwit/OpenSearch backend) │ │ └── indexer/ # Background indexing service │ ├── internal/ # Go internal packages (logger, search, security, etc.) │ ├── quickwit-config/ # Quickwit full-text search index schemas │ ├── indexer.py # Python standalone indexer │ └── auto-indexer.py # Python auto-indexing pipeline │ ├── data/ # All data — scraped intel, samples, cache │ ├── intel/ # Aggregated threat intelligence data │ │ └── dns_ip_cert/ # DNS, IP, certificate intelligence │ ├── scraped/ # Scraped data from various sources │ │ ├── forums/ # Dark web forum scrapes │ │ ├── github/ # GitHub secret scanning results │ │ ├── paste_sites/ # Paste site monitoring │ │ ├── reddit/ # Reddit OSINT │ │ ├── telegram/ # Telegram channel scrapes │ │ └── twitter/ # Twitter/X OSINT │ ├── leaks/ # Breach/leak data │ ├── stealer_logs/ # Stealer log data │ ├── ulp/ # User-level persistence data │ ├── database/ # SQLite/archive database files │ └── image/ # Sample/test images for visual search │ ├── userfiles/ # User-uploaded & generated files │ ├── uploads/ # User file uploads (CSV, JSON, etc.) │ ├── exports/ # Exported data, IOC dumps │ ├── reports/ # Generated PDF/HTML reports │ └── profiles/ # User profile images, avatars │ ├── scripts/ # Database migrations, seed data, utilities ├── docs/ # Setup, API reference, architecture docs ├── diagram/ # PlantUML architecture diagrams └── docker-compose.quickwit.yml # Quickwit search cluster Docker compose ``` ## 技术栈 | 层级 | 技术 | |---|---| | 前端 | Next.js 16 (App Router), React 19, TypeScript, Tailwind CSS 4 | | API | Next.js API Routes (REST), Go (search-api) | | 数据库 | PostgreSQL 16 (情报缓存表) | | 搜索 | Quickwit (全文), Milvus (向量/视觉) | | 认证 | JWT (access + refresh), 2FA (speakeasy), 响应签名 | | 视觉搜索 | FastAPI (Python), 人脸 embedding 模型 | | 爬虫 | Python (Threads, Telegram, 论坛, GitHub 凭据) | | 图表 | Recharts, 自定义威胁评分仪表盘 | ## 快速开始 查看完整指南:**[docs/SETUP.md](docs/SETUP.md)** ``` # 1. 安装依赖 npm install --legacy-peer-deps # 2. 复制环境模板(切勿提交 .env.local) cp .env.example .env.local # 3. 生成密钥并在 .env.local 中配置 DATABASE_URL npm run env:secrets # 4. 应用数据库迁移 npm run db:migrate # 5. 启动开发服务器 npm run dev ``` 打开 [http://localhost:3000](http://localhost:3000) ``` # Production build npm run build && npm start # 运行测试套件 npm run defence:test ``` ## 核心情报模块 (30+) | 模块 | 描述 | |---|---| | **指挥中心** | 实时全球威胁评分,自动关联的集群 | | **行动队列** | 自动生成、已确定优先级的分析师任务 | | **高管简报** | 每日 AI 生成的威胁报告 | | **CVE 情报** | EPSS 评分、KEV 标记、CVSS 严重程度 | | **勒索软件追踪器** | 活跃组织、受害者披露、行业分析 | | **IOC 查询** | IP、域名、哈希、URL 信誉检查 | | **暗网监控** | 勒索软件博客与论坛监控 | | **钓鱼情报** | OpenPhish 与 PhishTank 品牌冒充追踪 | | **供应链情报** | OSV.dev 依赖项漏洞数据 | | **GitHub 凭据** | 暴露的 API key 与凭据扫描 | | **漏洞优先级排序** | 综合风险评分 (CVSS + EPSS + KEV) | | **检测覆盖率** | 映射到 Sigma/YARA 规则的 MITRE ATT&CK | | **关系图谱** | 交互式的 actor–malware–CVE 图谱 | | **AI 分析师工作区** | 针对所有情报的自然语言 CTI 查询 | | **攻击面** | 证书透明度、域名误植、凭据、钓鱼 | ## 数据库表 (情报缓存) `intel_news_cache` · `intel_cve_cache` · `intel_ransomware_groups` · `intel_ransomware_victims` · `intel_malware_cache` · `intel_mitre_groups` · `intel_mitre_techniques` · `intel_phishing_cache` · `intel_darknet_posts` · `intel_yara_rules` · `intel_feed_sync_log` ## 管理员访问 运行迁移 (`npm run db:migrate`) 后,将植入一个默认管理员账号。 首次登录后,请**立即更改默认密码**。 - 管理面板:`/admin-portal` 或 `/admin` - 设置详情:[docs/SETUP.md#admin-account](docs/SETUP.md#admin-account) ## 文档索引 | 文档 | 描述 | |----------|-------------| | [docs/SETUP.md](docs/SETUP.md) | 安装、Docker、环境变量、首次运行 | | [docs/API-REFERENCE.md](docs/API-REFERENCE.md) | 所有 REST API (137 个路由) | | [docs/CODEBASE-DEEP-STRUCTURE.md](docs/CODEBASE-DEEP-STRUCTURE.md) | 完整架构深度剖析 | | [docs/GITHUB-PUBLISH-PLAN.md](docs/GITHUB-PUBLISH-PLAN.md) | 本仓库是如何为 GitHub 准备的 | ## 许可证 MIT 许可证 — 见 [LICENSE](LICENSE)。仅限用于授权的安全研究和教育用途。
标签:ESC4, OSINT, PostgreSQL, 威胁情报, 安全分析平台, 开发者工具, 日志审计, 测试用例, 自动化攻击, 请求拦截, 逆向工具