secubox-openwrt

Author	SHA1	Message	Date
CyberMind-FR	af222328ee	fix(waf): Add 'strict' sensitivity alias and fix false positives - secubox_analytics.py: Add 'strict' as alias for 'aggressive' in autoban - Fix waf_bypass false positives on LuCI static resources - Root cause: different analytics versions across mitmproxy instances - Update HISTORY.md with OpenClaw Gemini fix and WAF tuning Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-27 16:39:49 +01:00
CyberMind-FR	a469076297	feat(waf): Add CVE-2025-14528 router botnet detection Add new router_botnet WAF category for IoT/router exploitation: CVE-2025-14528 (D-Link DIR-803 getcfg.php): - AUTHORIZED_GROUP parameter manipulation - SERVICES=DEVICE.ACCOUNT enumeration - Newline injection bypass (%0a, %0d) Additional router exploit patterns: - D-Link hedwig.cgi, HNAP, service.cgi RCE - UPnP SOAP injection - Goform command injection - ASUS/TP-Link/Netgear/Zyxel exploits Mirai-variant botnet scanner detection: - User-Agent signatures (Mirai, Hajime, Mozi, BotenaGo, etc.) - Router payload injection patterns Sources: CrowdSec Threat Intel, Global Security Mag Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-24 11:04:05 +01:00
CyberMind-FR	cac9fa3e4f	fix(mitmproxy): Fix false positives for legitimate browsers - Remove 'mozilla/5.0' from BOT_SIGNATURES - was flagging ALL modern browsers as bots since this is the standard UA prefix - Fix suspicious UA detection - no longer flags normal browsers - Increase CrowdSec bruteforce threshold from 5/30s to 10/60s to reduce false positives from normal login flows Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-14 05:51:53 +01:00
CyberMind-FR	418cb2c76e	fix(mitmproxy): Fix SSRF false positives for internal traffic SSRF detection was triggering on any request to internal IPs (192.168.x.x, 10.x.x.x, etc.) because it was checking the target URL itself. Now only checks query parameters and request body for SSRF patterns, which is where actual SSRF attacks occur. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-14 05:38:26 +01:00
CyberMind-FR	e58f479cd4	feat(waf): Update WAF scenarios with 2024-2025 CVEs and OWASP threats Add detection patterns for latest actively exploited vulnerabilities: - CVE-2025-55182 (React2Shell, CVSS 10.0) - CVE-2025-8110 (Gogs RCE), CVE-2025-53770 (SharePoint) - CVE-2025-52691 (SmarterMail), CVE-2025-40551 (SolarWinds) - CVE-2024-47575 (FortiManager), CVE-2024-21887 (Ivanti) - CVE-2024-3400, CVE-2024-0012, CVE-2024-9474 (PAN-OS) New attack categories based on OWASP Top 10 2025: - HTTP Request Smuggling (TE.CL/CL.TE conflicts) - AI/LLM Prompt Injection (ChatML, instruction markers) - WAF Bypass techniques (Unicode normalization, double encoding) - Supply Chain attacks (CI/CD poisoning, dependency confusion) - Extended SSTI (Jinja2, Freemarker, Velocity, Thymeleaf) - API Abuse (BOLA/IDOR, mass assignment) CrowdSec scenarios split into 11 separate files for reliability. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-12 05:02:57 +01:00
CyberMind-FR	adec1144d6	feat: Streamlit ZIP flatten, mitmproxy bot whitelist, Fabricator app - Add extract_zip_flatten() to Streamlit RPCD for nested ZIP handling - Add bot whitelist to mitmproxy WAF (Facebook, Google, Bing crawlers) - Skip threat detection for whitelisted legitimate crawlers - Track Fabricator app and stats evolution in HISTORY.md Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-07 09:59:20 +01:00
CyberMind-FR	e31e43b8d7	feat(mitmproxy): Add modular WAF rules with CVE patterns and autoban fixes - Add waf-rules.json with 46 patterns across 8 categories: - sqli, xss, lfi, rce (OWASP Top 10) - cve_2024 (recent CVE exploits) - scanners, webmail, api_abuse - Add waf_loader.py dynamic rules loader module - Add mitmproxy-waf-sync UCI to JSON config sync script - Fix GeoIP: install geoip2 package in container - Fix autoban: add cron job, lower min_severity to "high" - Enable WAF for webmail (mail.secubox.in) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-07 07:46:26 +01:00

7 Commits