- Changed pgrep to detect mitmproxy-in container only
- mitmproxy-out removed from deployment (not needed for WAF)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove unused application field concatenation causing "TCPnull" display
- Sort protocols by flow count instead of non-existent bytes field
- Simplify protocol card to show protocol name and flow count only
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
BusyBox sh doesn't support 'local' outside of functions.
Remove all 'local' keywords and fix orphaned variable declarations.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rewrite client/destination collection using awk instead of pipe/while
(BusyBox shell subshell limitations with variable scope)
- Use conntrack for flow counting per client
- Use pgrep -f for process detection (truncated process names)
- Compatible with nDPId instead of netifyd
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Real-time passive flow monitoring on br-lan for network analysis:
- dpi-lan-collector service watches netifyd flows in real-time
- Tracks active clients, external destinations, and protocols
- Per-client bandwidth and flow statistics
- Protocol/application detection via nDPI
- Zero latency impact - pure passive observation
LuCI integration:
- New "LAN Flows" dashboard view with real-time updates
- RPCD methods: get_lan_status, get_lan_clients, get_lan_destinations, get_lan_protocols
- Settings panel for LAN analysis configuration
CLI commands:
- dpi-dualctl lan - show summary
- dpi-dualctl clients - list active LAN clients
- dpi-dualctl destinations - external destinations
- dpi-dualctl protocols - detected protocols/apps
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add settings.js LuCI view for full UCI configuration
- Add widget.js embeddable component for other dashboards
- Add comprehensive README.md with architecture diagram
- Add luci-app-dpi-dual entry to SecuBox catalog
- Update menu.d to include Settings tab
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- secubox-app-maltego: Transform Distribution Server in LXC
- Python-based transform execution engine
- REST API compatible with Maltego desktop client
- Custom transform support via /srv/maltego/transforms/
- secubox-app-sherlock: Username hunting across social networks
- Sherlock + Holehe integration for username/email OSINT
- maigret, theHarvester, socialscan also installed
- REST API with async task execution
Both tools exposed via HAProxy at:
- https://maltego.gk2.secubox.in/
- https://sherlock.gk2.secubox.in/
Streamlit OSINT dashboard deployed at:
- https://osint.gk2.secubox.in/
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
qBittorrent (secubox-app-qbittorrent):
- Full-featured BitTorrent client with web UI
- Container IP: 192.168.255.42:8090
- qbittorrent-nox from Debian repos
- API commands: add, list, status
WebTorrent (secubox-app-webtorrent):
- Browser-based torrent streaming via WebRTC
- Container IP: 192.168.255.43:8095
- Node.js server with webtorrent library
- Stream video files directly in browser
- Beautiful dark theme web UI
Both use Debian LXC containers (no Docker/Podman)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Install python3 for wrapper script
- Use nzbhydra2wrapperPy3.py instead of native binary
- Download generic release (not linux-specific)
- Handle already-installed case
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use functions instead of inline local vars (not allowed in case)
- Use 1/0 instead of true/false for json_add_boolean
- Use full paths for lxc-info and curl
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix file permissions (chmod 644/755) after upload
- Use site_${name} UCI section naming for metablogizer
- Auto-assign port and call metablogizerctl publish
- Generate README.nfo for new droplets
- Handle both old/new section naming in list/remove
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The 'file' command is not available on OpenWrt. Replaced
mime-type detection with extension parsing (.html, .htm, .zip).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Simple drag-and-drop publishing for HTML/ZIP files:
- Auto-detects content type (static/streamlit/hexo)
- Creates vhosts at gk2.secubox.in by default
- Registers with metablogizer or streamlit accordingly
- CLI: dropletctl publish/list/remove/rename
- LuCI drag-drop interface at Services > Droplet
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace gsub(/[\[\]]/) with two sub() calls for section parsing
- Use explicit pattern matching for each NFO field
- Single-pass awk extraction for all 7 fields (category, desc, keywords, caps, audience, icon, version)
- Remove NFO parser library dependency (now uses direct awk)
- Simplify capability tracking with tr instead of for loop
Tested: 110 NFO entries now correctly extracted from 239 total items
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Scan all HAProxy vhosts (243 total) in addition to MetaBlogizer/Streamlit
- New "service" type for HAProxy-only vhosts (purple theme)
- Backend-based categorization (jellyfin→Média, gitea→Développement, etc.)
- Stats bar shows Services count
- Category tabs include Services filter
- 236 total items now displayed (vs 3 before)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- MetaBlog NFO support: read descriptions, keywords, capabilities
- Version badges on cards with NFO version info
- Capability filter cloud: clickable capability badges
- Audience filter bar: filter by target audience
- Dynamic preview modal: click eye button to preview site in iframe
- Enhanced search: searches all NFO metadata fields
- NFO stats counter in stats bar
UI enhancements:
- Preview button appears on hover
- Modal with full-screen iframe preview
- ESC key and click-outside to close
- "Open in new tab" link in preview footer
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Dashboard stats row uses 5 columns but only grid classes 2-4 were
defined, causing statistics to display in a single line.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New packages:
- secubox-app-config-vault: Git-based config versioning CLI (configvaultctl)
- luci-app-config-vault: KISS-themed dashboard with status rings
Features:
- 9 configuration modules (users, network, services, security, etc.)
- Auto-commit and auto-push to private Gitea repository
- Export/import clone tarballs for device provisioning
- Commit history browser with restore capability
Also adds System Hardware Report to secubox-app-reporter:
- CPU/Memory/Disk/Temperature gauges with animations
- Environmental impact card (power/kWh/CO₂ estimates)
- Health recommendations based on system metrics
- Debug log viewer with severity highlighting
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New meta-status report combining dev + services with enhanced visuals:
- Stats rings with conic gradients (health, services, uptime)
- Channel distribution bars (Tor/DNS/Mesh percentages)
- Stat cards with icons and gradients
- Recent completions and WIP sections
- Roadmap progress visualization
- Top services tables
Email configuration:
- Default to local mailserver (127.0.0.1:25)
- Default recipient: gk2@secubox.in
- No TLS for local delivery
CLI: secubox-reportctl generate meta
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Reports were created with 600 permissions, preventing web access.
Now explicitly sets chmod 644 after file generation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
KISS-themed dashboard for SecuBox Report Generator:
- Status overview with report counts and schedule status
- Quick action cards for dev/services/all reports
- Generate and Send buttons with email support
- Reports list with view/delete actions
- Schedule configuration (daily/weekly/off)
- Email configuration status and test button
RPCD Methods:
- status: Get generator status and report counts
- list_reports: List all generated reports with metadata
- generate/send: Create reports (optionally send via email)
- schedule: Configure cron schedules
- delete_report: Remove report files
- test_email: Send test email
Menu: SecuBox → System → Report Generator
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Two-report system for SecuBox status reporting:
- Development Status Report: health score, HISTORY.md completions, WIP items, roadmap progress
- Services Distribution Report: Tor hidden services, DNS/SSL vhosts, mesh services
Features:
- CLI: secubox-reportctl generate|send|schedule|status|preview|list|clean
- HTML output with KissTheme dark styling
- Email delivery via msmtp/sendmail with MIME multipart
- UCI configuration for SMTP and scheduling
- Cron integration for automated reports
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace hardcoded #fff backgrounds with var(--kiss-bg) dark theme
- Convert all text colors to var(--kiss-text) and var(--kiss-muted)
- Update borders to var(--kiss-line) for consistent styling
- Use color-mix() for transparent accent backgrounds
- Map --sb-* variables to --kiss-* for unified theming
Fixes white background issue on admin dashboard.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace hardcoded rgba() colors with var(--kiss-purple), var(--kiss-text), var(--kiss-muted)
- Use color-mix() for transparent purple backgrounds and borders in service links
- Consistent styling with KissTheme design system
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add --httpaddr 0.0.0.0 to squeezeboxserver startup args
- Set httpaddr in default server.prefs
- Improve DNS config with multiple nameservers and search domain
Fixes Squeezebox devices on WAN network (192.168.1.x) getting
"connection reset by peer" when trying to stream from Lyrion
bound only to LAN IP (192.168.255.1).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace hardcoded RGBA colors with kiss-badge-green/kiss-badge-red
classes for consistent theming of port status indicators.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Edit, pull, and push Streamlit apps via Gitea:
CLI (slforge):
- edit: Open app source in Gitea web editor
- pull: Pull latest changes from Gitea repo
- push: Commit and push local changes to Gitea
- preview: Generate HTML preview of app
- Auto-creates org/repo on first edit
RPCD (5 new methods):
- gitea_status: Check Gitea connectivity and app repo status
- edit: Get Gitea editor URL for app
- pull: Pull from Gitea to local
- push: Push local changes to Gitea
- preview: Generate preview capture
LuCI (overview.js):
- Gitea status card with connection indicator
- Edit button opens Gitea web editor
- Pull button syncs from remote
- Editor modal for inline editing
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- generate_landing() now uses /usr/share/metacatalog/templates/landing.html.tpl
- Fallback to basic inline HTML if template missing
- Enables easier landing page customization
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New scan_haproxy() function indexes HAProxy vhosts as catalog entries
- Skips entries already indexed from MetaBlogizer/Streamlit sources
- Extracts backend, port, SSL/WAF status from UCI config
- Auto-detects content type from backend name (streamlit, metablog, media, cloud)
- Updated cmd_scan to include haproxy source
- Total entries: 120 -> 246
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
