hyson810/fortress
GitHub: hyson810/fortress
Fortress V6 是一个多引擎融合的网络防御与威胁评分系统,利用 eBPF/XDP、七层检测管线和无锁评分实现高性能实时威胁感知与自动响应。
Stars: 1 | Forks: 0
# 🏰 Fortress V6 · Cyclops
### *多引擎融合的网络防御与威胁评分系统*
### *多引擎融合的网络防御与威胁评分系统*
[]()
[]()
[]()
[]()
[]()
[]()
[]()
``` ╔══════════════════════════════════════════════════════╗ ║ 7-Layer Detection Pipeline ║ ║ L1 Packet L2 Flow L3 Behavior L4 DNS Tunnel ║ ║ L5 HTTP+BF L6 ML L7 Fingerprint ║ ║ → 64-Core Lock-Free Scorer ║ ║ → SWIM Gossip Mesh (P2P) ║ ║ → Adaptive Honeypot (SSH/HTTP/MySQL) ║ ║ → Countermeasure Chain (Raft Consensus) ║ ╚══════════════════════════════════════════════════════╝ ```
[功能](#-features) • [快速开始](#-quick-start) • [架构](#-architecture) • [演示](#-demo) • [结构](#-project-structure) • [安全](#-security-notice) • [贡献](#-contributing)
## ✨ 功能
| 类别 | 英文 | 中文 |
|----------|---------|------|
| 🔍 **检测** | 7层管线:数据包 → 流量 → 行为 → DNS → HTTP+暴力破解 → ML → 指纹 | 7层串行检测管线:包检测→流量分析→行为基线→DNS隧道→HTTP+暴力破解→ML→指纹识别 |
| ⚡ **评分** | 64核无锁评分器,3200万+评分/秒,零分配 | 64核锁自由评分器,3200万次/秒,零内存分配 |
| 🍯 **蜜罐** | 带动态指纹的SSH/HTTP/MySQL自适应蜜罐 | SSH/HTTP/MySQL自适应蜜罐,动态指纹 |
| 🕸️ **集群** | SWIM gossip协议网格,去中心化P2P威胁情报 | SWIM流行协议去中心化网格,P2P威胁情报共享 |
| 🛡️ **响应** | Raft共识 → 封禁 → 广播 → 免疫传播 | Raft共识→封禁→广播→免疫传播反制链 |
| 🐝 **eBPF** | 内核级XDP数据包处理 | 内核级XDP/eBPF包处理 |
| 🤖 **AI** | 用于AI/Copilot集成的REST API + MCP服务器 | REST API + MCP服务器,AI/Copilot集成 |
| ⚔️ **C2** | Dagger框架:Rust植入体,多协议监听器,横向移动 | Dagger框架:Rust植入体,多协议监听器,横向移动 |
| 🕵️ **检测** | 通过MAC追踪+延迟分析进行ARP欺骗检测 | ARP欺骗检测,MAC追踪+延迟分析 |
## 🚀 快速开始
```
# 克隆与 build
git clone https://github.com/hyson810/fortress.git
cd fortress
go build -o fortress-linux ./cmd/fortress
# Scan mode
./fortress-linux -mode scan -target example.com
# Defense mode — 完整 pipeline + honeypot + countermeasures
./fortress-linux -mode defend
# API — 健康与威胁
curl http://localhost:9090/health
curl http://localhost:9090/threats
```
### Docker
```
docker build -t fortress:latest .
docker run --rm -it --cap-add=NET_ADMIN --cap-add=SYS_ADMIN \
-v $(pwd)/fortress.yaml:/etc/fortress/fortress.yaml fortress:latest
```
## 🏗 架构
```
┌──────────────────────────────────────────────┐
│ 7-Layer Detection Pipeline │
│ │
│ L1 Packet Inspector (eBPF/XDP) │
│ ↓ │
│ L2 Flow Analyzer (5-tuple + stats) │
│ ↓ │
│ L3 Behavior Analyzer (baseline profiling) │
│ ↓ │
│ L4 DNS Tunnel Detector (entropy + volume) │
│ ↓ │
│ L5 HTTP Inspector + Brute Force │
│ ↓ │
│ L6 Hybrid Anomaly Detector (ML) │
│ ↓ │
│ L7 Fingerprint Engine (JA3/SHA256/HASSH) │
│ ↓ │
│ ┌──────────────────────────────────┐ │
│ │ 64-Core Lock-Free Scorer │ │
│ │ 32M scores/sec · 0 alloc │ │
│ └──────────────────────────────────┘ │
└──────────────────┬───────────────────────────┘
│
┌──────────────────┴───────────────────────────┐
│ Response Decision Engine │
├──────────────┬──────────────┬───────────────┤
│ Firewall │ Honeypot │ Counter- │
│ Rules │ (SSH/HTTP/ │ measure Chain │
│ │ MySQL) │ (Raft) │
├──────────────┴──────────────┴───────────────┤
│ SWIM Gossip Mesh (P2P) │
└─────────────────────────────────────────────┘
```
### 项目结构
```
├── cmd/fortress/ # Main entrypoint
├── internal/ # Core engine
│ ├── brain/ # ML models, prediction, countermeasures
│ ├── config/ # Configuration management
│ ├── deception/ # Honeypot services (SSH/HTTP/MySQL)
│ ├── defense/ # Firewall, ARP detection
│ ├── engine/ # Detection pipeline (7 layers)
│ ├── engines/ # eBPF/XDP packet processing
│ ├── fusion/ # Kali tool integration (nmap, nuclei, hydra, msf, etc.)
│ ├── host/ # System inventory
│ ├── mcp/ # MCP protocol server (AI/Copilot integration)
│ └── swarm/ # P2P gossip, consensus, cryptography, immunity
├── dagger/ # C2 framework (Rust implants, teamserver, builder)
├── shield/ # Additional defense layers
├── kernel/ # Kernel modules
├── configs/ # Example configurations
├── fuzz/ # Fuzzing harnesses
└── ci/ # CI/CD pipelines
```
## 📸 演示
在此期间,请亲自尝试一下:
```
# Terminal 1:以 defense mode 启动 Fortress
sudo ./fortress-linux -mode defend
# Terminal 2:运行 port scan(模拟攻击者)
nmap -sS -p 1-1000 localhost
# Terminal 2:检查 Fortress 检测到了什么
curl http://localhost:9090/threats | jq
```
## ⚙️ 配置
完整参考请查阅 [fortress.yaml](fortress.yaml)。
```
engine:
xdp_mode: "generic" # native|generic|offload
max_pps: 1000000
cpu_pin: [2, 3]
brain:
ml_model: ""
auto_counterstrike: false
counterstrike_threshold: 85.0
whitelist:
- "127.0.0.1"
- "10.0.0.0/8"
```
## 🔒 安全声明
## 📄 许可证
基于 **Apache License 2.0** 授权。详见 [LICENSE](LICENSE)。
``` ╔══════════════════════════════════════════════════════╗ ║ 7-Layer Detection Pipeline ║ ║ L1 Packet L2 Flow L3 Behavior L4 DNS Tunnel ║ ║ L5 HTTP+BF L6 ML L7 Fingerprint ║ ║ → 64-Core Lock-Free Scorer ║ ║ → SWIM Gossip Mesh (P2P) ║ ║ → Adaptive Honeypot (SSH/HTTP/MySQL) ║ ║ → Countermeasure Chain (Raft Consensus) ║ ╚══════════════════════════════════════════════════════╝ ```
[功能](#-features) • [快速开始](#-quick-start) • [架构](#-architecture) • [演示](#-demo) • [结构](#-project-structure) • [安全](#-security-notice) • [贡献](#-contributing)
**使用 Go、Rust、eBPF 和 ☕ 构建**
[](https://github.com/hyson810/fortress)
[](https://github.com/hyson810/fortress/discussions)
[](https://github.com/hyson810/fortress/issues)
[](https://github.com/hyson810/fortress/releases/tag/v6.0.0)
⭐ **如果觉得有用,请给本仓库点个 Star!** ⭐
标签:C2框架, EVTX分析, Go, IP 地址批量处理, Ruby工具, Rust, 可视化界面, 威胁评分, 安全学习资源, 日志审计, 网络安全, 网络流量审计, 网络测绘, 蜜罐, 证书利用, 请求拦截, 隐私保护