hyson810/fortress

GitHub: hyson810/fortress

Fortress V6 是一个多引擎融合的网络防御与威胁评分系统,利用 eBPF/XDP、七层检测管线和无锁评分实现高性能实时威胁感知与自动响应。

Stars: 1 | Forks: 0

# 🏰 Fortress V6 · Cyclops ### *多引擎融合的网络防御与威胁评分系统* ### *多引擎融合的网络防御与威胁评分系统* [![Go](https://img.shields.io/badge/Go-1.22+-00ADD8?logo=go&logoColor=white)]() [![Rust](https://img.shields.io/badge/Rust-1.78+-DEA584?logo=rust&logoColor=white)]() [![License](https://img.shields.io/badge/License-Apache%202.0-green)]() [![CI](https://img.shields.io/github/actions/workflow/status/hyson810/fortress/.github/workflows/ci.yml?label=CI&logo=github)]() [![Stars](https://img.shields.io/github/stars/hyson810/fortress?style=social)]() [![eBPF](https://img.shields.io/badge/eBPF-XDP-blueviolet)]() [![SWIM](https://img.shields.io/badge/SWIM-P2P-orange)]()
``` ╔══════════════════════════════════════════════════════╗ ║ 7-Layer Detection Pipeline ║ ║ L1 Packet L2 Flow L3 Behavior L4 DNS Tunnel ║ ║ L5 HTTP+BF L6 ML L7 Fingerprint ║ ║ → 64-Core Lock-Free Scorer ║ ║ → SWIM Gossip Mesh (P2P) ║ ║ → Adaptive Honeypot (SSH/HTTP/MySQL) ║ ║ → Countermeasure Chain (Raft Consensus) ║ ╚══════════════════════════════════════════════════════╝ ```
[功能](#-features) • [快速开始](#-quick-start) • [架构](#-architecture) • [演示](#-demo) • [结构](#-project-structure) • [安全](#-security-notice) • [贡献](#-contributing)
## ✨ 功能 | 类别 | 英文 | 中文 | |----------|---------|------| | 🔍 **检测** | 7层管线:数据包 → 流量 → 行为 → DNS → HTTP+暴力破解 → ML → 指纹 | 7层串行检测管线:包检测→流量分析→行为基线→DNS隧道→HTTP+暴力破解→ML→指纹识别 | | ⚡ **评分** | 64核无锁评分器,3200万+评分/秒,零分配 | 64核锁自由评分器,3200万次/秒,零内存分配 | | 🍯 **蜜罐** | 带动态指纹的SSH/HTTP/MySQL自适应蜜罐 | SSH/HTTP/MySQL自适应蜜罐,动态指纹 | | 🕸️ **集群** | SWIM gossip协议网格,去中心化P2P威胁情报 | SWIM流行协议去中心化网格,P2P威胁情报共享 | | 🛡️ **响应** | Raft共识 → 封禁 → 广播 → 免疫传播 | Raft共识→封禁→广播→免疫传播反制链 | | 🐝 **eBPF** | 内核级XDP数据包处理 | 内核级XDP/eBPF包处理 | | 🤖 **AI** | 用于AI/Copilot集成的REST API + MCP服务器 | REST API + MCP服务器,AI/Copilot集成 | | ⚔️ **C2** | Dagger框架:Rust植入体,多协议监听器,横向移动 | Dagger框架:Rust植入体,多协议监听器,横向移动 | | 🕵️ **检测** | 通过MAC追踪+延迟分析进行ARP欺骗检测 | ARP欺骗检测,MAC追踪+延迟分析 | ## 🚀 快速开始 ``` # 克隆与 build git clone https://github.com/hyson810/fortress.git cd fortress go build -o fortress-linux ./cmd/fortress # Scan mode ./fortress-linux -mode scan -target example.com # Defense mode — 完整 pipeline + honeypot + countermeasures ./fortress-linux -mode defend # API — 健康与威胁 curl http://localhost:9090/health curl http://localhost:9090/threats ``` ### Docker ``` docker build -t fortress:latest . docker run --rm -it --cap-add=NET_ADMIN --cap-add=SYS_ADMIN \ -v $(pwd)/fortress.yaml:/etc/fortress/fortress.yaml fortress:latest ``` ## 🏗 架构 ``` ┌──────────────────────────────────────────────┐ │ 7-Layer Detection Pipeline │ │ │ │ L1 Packet Inspector (eBPF/XDP) │ │ ↓ │ │ L2 Flow Analyzer (5-tuple + stats) │ │ ↓ │ │ L3 Behavior Analyzer (baseline profiling) │ │ ↓ │ │ L4 DNS Tunnel Detector (entropy + volume) │ │ ↓ │ │ L5 HTTP Inspector + Brute Force │ │ ↓ │ │ L6 Hybrid Anomaly Detector (ML) │ │ ↓ │ │ L7 Fingerprint Engine (JA3/SHA256/HASSH) │ │ ↓ │ │ ┌──────────────────────────────────┐ │ │ │ 64-Core Lock-Free Scorer │ │ │ │ 32M scores/sec · 0 alloc │ │ │ └──────────────────────────────────┘ │ └──────────────────┬───────────────────────────┘ │ ┌──────────────────┴───────────────────────────┐ │ Response Decision Engine │ ├──────────────┬──────────────┬───────────────┤ │ Firewall │ Honeypot │ Counter- │ │ Rules │ (SSH/HTTP/ │ measure Chain │ │ │ MySQL) │ (Raft) │ ├──────────────┴──────────────┴───────────────┤ │ SWIM Gossip Mesh (P2P) │ └─────────────────────────────────────────────┘ ``` ### 项目结构 ``` ├── cmd/fortress/ # Main entrypoint ├── internal/ # Core engine │ ├── brain/ # ML models, prediction, countermeasures │ ├── config/ # Configuration management │ ├── deception/ # Honeypot services (SSH/HTTP/MySQL) │ ├── defense/ # Firewall, ARP detection │ ├── engine/ # Detection pipeline (7 layers) │ ├── engines/ # eBPF/XDP packet processing │ ├── fusion/ # Kali tool integration (nmap, nuclei, hydra, msf, etc.) │ ├── host/ # System inventory │ ├── mcp/ # MCP protocol server (AI/Copilot integration) │ └── swarm/ # P2P gossip, consensus, cryptography, immunity ├── dagger/ # C2 framework (Rust implants, teamserver, builder) ├── shield/ # Additional defense layers ├── kernel/ # Kernel modules ├── configs/ # Example configurations ├── fuzz/ # Fuzzing harnesses └── ci/ # CI/CD pipelines ``` ## 📸 演示 在此期间,请亲自尝试一下: ``` # Terminal 1:以 defense mode 启动 Fortress sudo ./fortress-linux -mode defend # Terminal 2:运行 port scan(模拟攻击者) nmap -sS -p 1-1000 localhost # Terminal 2:检查 Fortress 检测到了什么 curl http://localhost:9090/threats | jq ``` ## ⚙️ 配置 完整参考请查阅 [fortress.yaml](fortress.yaml)。 ``` engine: xdp_mode: "generic" # native|generic|offload max_pps: 1000000 cpu_pin: [2, 3] brain: ml_model: "" auto_counterstrike: false counterstrike_threshold: 85.0 whitelist: - "127.0.0.1" - "10.0.0.0/8" ``` ## 🔒 安全声明 ## 📄 许可证 基于 **Apache License 2.0** 授权。详见 [LICENSE](LICENSE)。
**使用 Go、Rust、eBPF 和 ☕ 构建** [![GitHub](https://img.shields.io/badge/GitHub-hyson810%2Ffortress-181717?logo=github)](https://github.com/hyson810/fortress) [![讨论](https://img.shields.io/badge/GitHub-Discussions-2375E0)](https://github.com/hyson810/fortress/discussions) [![问题](https://img.shields.io/badge/GitHub-Issues-262626)](https://github.com/hyson810/fortress/issues) [![发布](https://img.shields.io/badge/Release-v6.0.0-blue)](https://github.com/hyson810/fortress/releases/tag/v6.0.0) ⭐ **如果觉得有用,请给本仓库点个 Star!** ⭐
标签:C2框架, EVTX分析, Go, IP 地址批量处理, Ruby工具, Rust, 可视化界面, 威胁评分, 安全学习资源, 日志审计, 网络安全, 网络流量审计, 网络测绘, 蜜罐, 证书利用, 请求拦截, 隐私保护