gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,348 Commits 4 Branches 293 Tags 320 MiB
4a0ab9530f
Commit Graph

6 Commits

Author SHA1 Message Date
CyberMind-FR
6b7aa62a0e feat(mesh): ZKP authentication and blockchain sync 
- ZKP Mesh Authentication: Zero-Knowledge Proof identity for mesh nodes
  - New API endpoints: zkp-challenge, zkp-verify, zkp/graph
  - Shell functions: ml_zkp_init, ml_zkp_challenge, ml_zkp_verify
  - Enhanced join flow with optional ZKP proof requirement
  - Blockchain acknowledgment via peer_zkp_verified blocks
  - LuCI dashboard with ZKP status section and peer badges

- MirrorNet Ash Compatibility: Fixed BusyBox shell incompatibilities
  - Replaced process substitution with pipe-based patterns
  - Fixed mirror.sh, gossip.sh, health.sh, identity.sh

- Mesh Blockchain Sync: Fixed chain synchronization between nodes
  - Fixed /api/chain/since endpoint to return only new blocks
  - chain_add_block/chain_merge_block use awk for safe JSON insertion
  - Handles varying JSON formatting (whitespace, newlines)
  - Tested bidirectional sync: Master <-> Clone at height 70

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-24 16:45:42 +01:00
CyberMind-FR
d5f2a0a319 feat(theme): Integrate kiss-theme.js into luci-theme-secubox 
- Move kiss-theme.js from luci-app-secubox-portal to theme package
- Bump theme version to 0.4.8
- Prevents file conflict between packages

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-23 17:40:12 +01:00
CyberMind-FR
e58f479cd4 feat(waf): Update WAF scenarios with 2024-2025 CVEs and OWASP threats 
Add detection patterns for latest actively exploited vulnerabilities:
- CVE-2025-55182 (React2Shell, CVSS 10.0)
- CVE-2025-8110 (Gogs RCE), CVE-2025-53770 (SharePoint)
- CVE-2025-52691 (SmarterMail), CVE-2025-40551 (SolarWinds)
- CVE-2024-47575 (FortiManager), CVE-2024-21887 (Ivanti)
- CVE-2024-3400, CVE-2024-0012, CVE-2024-9474 (PAN-OS)

New attack categories based on OWASP Top 10 2025:
- HTTP Request Smuggling (TE.CL/CL.TE conflicts)
- AI/LLM Prompt Injection (ChatML, instruction markers)
- WAF Bypass techniques (Unicode normalization, double encoding)
- Supply Chain attacks (CI/CD poisoning, dependency confusion)
- Extended SSTI (Jinja2, Freemarker, Velocity, Thymeleaf)
- API Abuse (BOLA/IDOR, mass assignment)

CrowdSec scenarios split into 11 separate files for reliability.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-12 05:02:57 +01:00
CyberMind-FR
b516609bcc docs(master-link): Add README for both master-link packages 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-03 07:16:22 +01:00
CyberMind-FR
13960d39c3 fix(master-link): Rename RPCD to luci.master_link and flatten JSON output 
Hyphens in RPCD filenames break ubus CLI argument parsing. Rename
luci.master-link to luci.master_link and update all references in
the JS view, ACL, and Makefile. Also pipe RPCD method output through
tr -d '\n\t' so ubus receives single-line JSON it can parse.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-03 06:40:41 +01:00
CyberMind-FR
62c0850829 feat(master-link): Add secure mesh onboarding packages 
Implement secubox-master-link (backend) and luci-app-master-link (LuCI
frontend) for secure node onboarding into the SecuBox mesh via
HMAC-SHA256 join tokens, blockchain-backed peer trust, and gigogne
(nested) hierarchy with depth limiting.

Backend provides: token management, join/approve/reject protocol, IPK
bundle serving, CGI API endpoints, and a dark-themed landing page for
new nodes. Frontend provides a 3-tab LuCI view (overview, join requests,
mesh tree) with RPCD integration.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-03 06:15:47 +01:00