- BETA-RELEASE.md: Complete security testing guide
- Attack surface overview (HAProxy, WAF, LXC, P2P)
- High-value targets and secrets locations
- Known weak points (intentional disclosure)
- Bug bounty scope and reporting guidelines
- Test environment setup (VirtualBox, Docker)
- SECURITY.md: Updated with Hall of Fame and beta info
- README.md: Version bump to 1.0.0-beta
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move Web Interface section to top for visibility
- Always show Open Lyrion Web UI button with dynamic URL
- Display URL text next to button
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove KissTheme dependency, use direct RPC calls
- Dark theme colors (#12121a, #1a1a24, #00d4aa, #00a0ff)
- Update common.css with matching dark styles
- Simplified DOM rendering with inline styles
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove KissTheme dependency, use standard LuCI with inline styles
- Dark theme matching SecuBox palette (#12121a, #1a1a24, #00d4aa, #00a0ff)
- Simplified view with direct DOM rendering instead of form.Map
- Cards grid layout for status, WiFi interfaces, DHCP, config
- Inline Trust/Block action buttons with proper styling
- Responsive tables for clients and alerts
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change menu path from /admin/secubox/security/threat-analyst to
/admin/services/threat-analyst for proper placement
- Rewrite dashboard.css with dark theme colors matching SecuBox palette
(#12121a, #1a1a24, #0a0a12 backgrounds; #00d4aa, #00a0ff accents)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
WAF Dashboard:
- Use cached bans from cron (waf-stats-update) instead of slow cscli
- Fixes "Failed to load bans" timeout issue
DPI Dual-Stream:
- Add LAN Flow Analysis card showing active clients, destinations, protocols
- LAN passive flow analysis was working but not displayed
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update lastUpdate to 2026-03-16
- Update layer progress: core 98%, ai 95%, mirrornet 90%, certification 75%
- Mark milestones v0.18, v0.19, v1.0 as completed
- Add v1.1 Extended Mesh as in-progress
- Update stats: 190 packages, 243 vhosts, 174 WAF routes, 1850 commits
- Update feature status: AI security, AI memory, mesh network to production
- Update config-management to production with config-vault
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New secubox-app-smtp-relay package with centralized SMTP config
- Shared library with send_mail(), send_html_mail(), send_text_mail()
- CLI: smtp-relayctl with status/test/send/configure/admin commands
- RPCD: 5 methods for LuCI integration
- LuCI settings page with mode selection and test button
- Modes: external (SMTP server), local (auto-detect mailserver), direct
- Migrated reporter and bandwidth-manager to use shared library
- Backwards-compatible fallback to legacy per-app config
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added LAN passive flow analysis to HISTORY.md
- Updated WIP.md with completed DPI work
- Noted mitmproxy-out removal and detection fix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Changed pgrep to detect mitmproxy-in container only
- mitmproxy-out removed from deployment (not needed for WAF)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove unused application field concatenation causing "TCPnull" display
- Sort protocols by flow count instead of non-existent bytes field
- Simplify protocol card to show protocol name and flow count only
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
BusyBox sh doesn't support 'local' outside of functions.
Remove all 'local' keywords and fix orphaned variable declarations.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rewrite client/destination collection using awk instead of pipe/while
(BusyBox shell subshell limitations with variable scope)
- Use conntrack for flow counting per client
- Use pgrep -f for process detection (truncated process names)
- Compatible with nDPId instead of netifyd
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Real-time passive flow monitoring on br-lan for network analysis:
- dpi-lan-collector service watches netifyd flows in real-time
- Tracks active clients, external destinations, and protocols
- Per-client bandwidth and flow statistics
- Protocol/application detection via nDPI
- Zero latency impact - pure passive observation
LuCI integration:
- New "LAN Flows" dashboard view with real-time updates
- RPCD methods: get_lan_status, get_lan_clients, get_lan_destinations, get_lan_protocols
- Settings panel for LAN analysis configuration
CLI commands:
- dpi-dualctl lan - show summary
- dpi-dualctl clients - list active LAN clients
- dpi-dualctl destinations - external destinations
- dpi-dualctl protocols - detected protocols/apps
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add settings.js LuCI view for full UCI configuration
- Add widget.js embeddable component for other dashboards
- Add comprehensive README.md with architecture diagram
- Add luci-app-dpi-dual entry to SecuBox catalog
- Update menu.d to include Settings tab
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created backBuffer canvas (same size as visible)
- All tile drawing now uses bbCtx (backBuffer context)
- Single ctx.drawImage(backBuffer) blit at frame end
- Eliminates tearing and square artifacts from partial renders
- BackBuffer resized in sync with visible canvas
Technical: Classic double buffering pattern - compose entire
frame offscreen, then atomic copy to display buffer.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
FFT Histogram:
- Colorset-mapped frequency bars (bottom center)
- Each bar corresponds to a TAO_SPECTRUM color
- Colors pulse brighter based on FFT energy
BPM Detection:
- Lowered thresholds (0.03 kick, 0.08 flux)
- Adaptive threshold tracks average energy
- Faster detection (3 onsets vs 4)
- More responsive smoothing (alpha 0.4)
- 200ms debounce between beats
Performance:
- Canvas scale 2x (was 10x)
- Limited 3D tilt ±12°/±10°
- Optimized tiling margins
- Wrapper-based overflow clipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- UI fades in on mouse/touch/key activity
- UI fades out after 2.5s idle (smooth 0.4s transition)
- When visible: larger text, better contrast, glow effects
- Joystick/depth/pixel controls enhanced with backdrop blur
- Colorset buttons larger (28px) with shadow
- Status bar text with glow effect
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Standalone HTML art piece with:
- 16 colorsets (default, alchy, emojiz, punk, hollistique, tantrique, etc.)
- 3D CSS perspective joystick control (rotateX/rotateY)
- Color cycle toggle for spectrum animation
- Extended tiling for full 3D rotation coverage
- Depth slider, pixel ring, auto-rotate controls
Deployed at: https://wall.maegia.tv/
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- 2D joystick controls true CSS 3D perspective (rotateX/rotateY)
- Color cycle toggle: 🎨 button enables/disables spectrum animation
- Default colorset changed to RGB with cycling OFF
- Depth slider for zoom, pixel ring for cell size
- CSS perspective: 1200px for 3D depth effect
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- secubox-app-maltego: Transform Distribution Server in LXC
- Python-based transform execution engine
- REST API compatible with Maltego desktop client
- Custom transform support via /srv/maltego/transforms/
- secubox-app-sherlock: Username hunting across social networks
- Sherlock + Holehe integration for username/email OSINT
- maigret, theHarvester, socialscan also installed
- REST API with async task execution
Both tools exposed via HAProxy at:
- https://maltego.gk2.secubox.in/
- https://sherlock.gk2.secubox.in/
Streamlit OSINT dashboard deployed at:
- https://osint.gk2.secubox.in/
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
qBittorrent (secubox-app-qbittorrent):
- Full-featured BitTorrent client with web UI
- Container IP: 192.168.255.42:8090
- qbittorrent-nox from Debian repos
- API commands: add, list, status
WebTorrent (secubox-app-webtorrent):
- Browser-based torrent streaming via WebRTC
- Container IP: 192.168.255.43:8095
- Node.js server with webtorrent library
- Stream video files directly in browser
- Beautiful dark theme web UI
Both use Debian LXC containers (no Docker/Podman)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Install python3 for wrapper script
- Use nzbhydra2wrapperPy3.py instead of native binary
- Download generic release (not linux-specific)
- Handle already-installed case
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use functions instead of inline local vars (not allowed in case)
- Use 1/0 instead of true/false for json_add_boolean
- Use full paths for lxc-info and curl
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix file permissions (chmod 644/755) after upload
- Use site_${name} UCI section naming for metablogizer
- Auto-assign port and call metablogizerctl publish
- Generate README.nfo for new droplets
- Handle both old/new section naming in list/remove
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The 'file' command is not available on OpenWrt. Replaced
mime-type detection with extension parsing (.html, .htm, .zip).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Simple drag-and-drop publishing for HTML/ZIP files:
- Auto-detects content type (static/streamlit/hexo)
- Creates vhosts at gk2.secubox.in by default
- Registers with metablogizer or streamlit accordingly
- CLI: dropletctl publish/list/remove/rename
- LuCI drag-drop interface at Services > Droplet
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace gsub(/[\[\]]/) with two sub() calls for section parsing
- Use explicit pattern matching for each NFO field
- Single-pass awk extraction for all 7 fields (category, desc, keywords, caps, audience, icon, version)
- Remove NFO parser library dependency (now uses direct awk)
- Simplify capability tracking with tr instead of for loop
Tested: 110 NFO entries now correctly extracted from 239 total items
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Scan all HAProxy vhosts (243 total) in addition to MetaBlogizer/Streamlit
- New "service" type for HAProxy-only vhosts (purple theme)
- Backend-based categorization (jellyfin→Média, gitea→Développement, etc.)
- Stats bar shows Services count
- Category tabs include Services filter
- 236 total items now displayed (vs 3 before)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- MetaBlog NFO support: read descriptions, keywords, capabilities
- Version badges on cards with NFO version info
- Capability filter cloud: clickable capability badges
- Audience filter bar: filter by target audience
- Dynamic preview modal: click eye button to preview site in iframe
- Enhanced search: searches all NFO metadata fields
- NFO stats counter in stats bar
UI enhancements:
- Preview button appears on hover
- Modal with full-screen iframe preview
- ESC key and click-outside to close
- "Open in new tab" link in preview footer
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
