# SecuBox - Security Suite for OpenWrt **Version:** 1.0.0-beta **Last Updated:** 2026-03-15 **Status:** Beta — Ready for Pen Testing & Bug Bounty **Modules:** 86 LuCI Applications [![Build OpenWrt Packages](https://github.com/CyberMind-FR/secubox-openwrt/actions/workflows/build-openwrt-packages.yml/badge.svg)](https://github.com/CyberMind-FR/secubox-openwrt/actions/workflows/build-openwrt-packages.yml) [![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](LICENSE) [![Release](https://img.shields.io/github/v/release/CyberMind-FR/secubox-openwrt?include_prereleases&label=release)](https://github.com/CyberMind-FR/secubox-openwrt/releases) --- ## Overview SecuBox is a comprehensive security and network management suite for OpenWrt, providing a unified ecosystem of 86 specialized dashboards and tools. The platform implements a **Four-Layer Architecture** for defense in depth, featuring AI-powered threat analysis, P2P mesh networking, and multi-channel service exposure. **Website:** [secubox.maegia.tv](https://secubox.maegia.tv) **Publisher:** [CyberMind.fr](https://cybermind.fr) --- ## Four-Layer Architecture ``` +============================================================+ | LAYER 4: MESH NETWORKING | | MirrorNet / P2P Hub / Services Mirrors | | +--------------------------------------------------------+ | | | LAYER 3: AI GATEWAY | | | | MCP Server / Threat Analyst / DNS Guard | | | | +----------------------------------------------------+ | | | | | LAYER 2: TACTICAL | | | | | | CrowdSec / WAF / Scenarios | | | | | | +------------------------------------------------+ | | | | | | | LAYER 1: OPERATIONAL | | | | | | | | fw4 / DPI / Bouncer / HAProxy | | | | | | | +------------------------------------------------+ | | | | | +----------------------------------------------------+ | | | +--------------------------------------------------------+ | +============================================================+ ``` | Layer | Function | Time Scale | SecuBox Components | |-------|----------|------------|-------------------| | **Layer 1** | Real-time blocking | ms → seconds | nftables/fw4, netifyd DPI, CrowdSec Bouncer | | **Layer 2** | Pattern correlation | minutes → hours | CrowdSec Agent/LAPI, mitmproxy WAF, Scenarios | | **Layer 3** | AI analysis | minutes → hours | MCP Server, Threat Analyst, DNS Guard | | **Layer 4** | Mesh networking | continuous | P2P Hub, MirrorBox, Services Registry | --- ## Key Features ### Security - **CrowdSec Integration** — Real-time threat intelligence, CAPI enrollment, auto-banning - **mitmproxy WAF** — HTTPS inspection with CVE detection, sensitivity-based auto-ban - **Deep Packet Inspection** — netifyd/nDPId protocol analysis - **MAC Guardian** — WiFi MAC spoofing detection with CrowdSec integration - **DNS Guard** — AI-powered DGA, tunneling, and anomaly detection ### AI Gateway - **MCP Server** — Model Context Protocol for Claude Desktop integration - **Threat Analyst** — Autonomous AI agent for threat analysis and rule generation - **LocalAI** — Self-hosted LLM with model management ### Mesh Networking - **P2P Hub** — Decentralized peer discovery with globe visualization - **MirrorBox** — Distributed service catalog with auto-sync - **App Store** — P2P package distribution across mesh peers - **Master Link** — Secure mesh onboarding with dynamic IPK generation ### Service Exposure - **Punk Exposure** — Multi-channel service emancipation (Tor + DNS/SSL + Mesh) - **HAProxy** — Load balancer with webroot ACME, auto-SSL - **Tor Shield** — .onion hidden services with split-routing ### Media & Content - **Jellyfin** — LXC media server with setup wizard - **Lyrion** — Music server with CIFS integration - **Zigbee2MQTT** — LXC Alpine container for IoT - **Domoticz** — Home automation with MQTT bridge --- ## SecuBox Modules (86 Total) ### Core (6 modules) | Module | Description | |--------|-------------| | luci-app-secubox | Central dashboard/Hub | | luci-app-secubox-portal | Unified entry point with tabs | | luci-app-secubox-admin | Admin control center | | secubox-app-bonus | App store and documentation | | luci-app-system-hub | System control with backup | | luci-theme-secubox | KISS UI theme | ### Security (15 modules) | Module | Description | |--------|-------------| | luci-app-crowdsec-dashboard | CrowdSec monitoring | | luci-app-security-threats | Unified netifyd + CrowdSec | | luci-app-client-guardian | Captive portal, parental controls | | luci-app-auth-guardian | OAuth2/OIDC, vouchers | | luci-app-exposure | Service exposure manager | | luci-app-tor-shield | Tor anonymization | | luci-app-mitmproxy | HTTPS inspection WAF | | luci-app-mac-guardian | WiFi MAC security | | luci-app-dns-guard | AI-powered DNS anomaly | | luci-app-waf | Web Application Firewall | | luci-app-threat-analyst | AI threat analysis | | luci-app-ksm-manager | Key/HSM management | | luci-app-master-link | Mesh onboarding | | luci-app-routes-status | VHosts route checker | | secubox-mcp-server | MCP protocol server | ### Network (12 modules) | Module | Description | |--------|-------------| | luci-app-haproxy | Load balancer with SSL | | luci-app-wireguard-dashboard | WireGuard VPN | | luci-app-vhost-manager | Nginx reverse proxy | | luci-app-network-modes | Sniffer/AP/Relay/Router | | luci-app-network-tweaks | DNS & proxy controls | | luci-app-dns-provider | DNS provider API | | luci-app-cdn-cache | CDN optimization | | luci-app-bandwidth-manager | QoS and quotas | | luci-app-traffic-shaper | TC/CAKE shaping | | luci-app-mqtt-bridge | USB-to-MQTT IoT | | luci-app-media-flow | Streaming detection | | luci-app-netdiag | Network diagnostics | ### DPI (2 modules) | Module | Description | |--------|-------------| | luci-app-ndpid | nDPId deep packet inspection | | luci-app-netifyd | netifyd flow monitoring | ### P2P Mesh (4 modules) | Module | Description | |--------|-------------| | luci-app-p2p | P2P Hub with MirrorBox | | luci-app-service-registry | Service catalog | | luci-app-device-intel | Device intelligence | | secubox-content-pkg | Content distribution | ### AI/LLM (4 modules) | Module | Description | |--------|-------------| | luci-app-localai | LocalAI v3.9.0 | | luci-app-ollama | Ollama LLM | | luci-app-glances | System monitoring | | luci-app-netdata-dashboard | Netdata real-time | ### Media (7 modules) | Module | Description | |--------|-------------| | luci-app-jellyfin | Media server (LXC) | | luci-app-lyrion | Music server | | luci-app-zigbee2mqtt | Zigbee gateway (LXC) | | luci-app-domoticz | Home automation (LXC) | | luci-app-ksmbd | SMB/CIFS shares | | luci-app-smbfs | Remote mount manager | | luci-app-magicmirror2 | Smart display | ### Content Platforms (6 modules) | Module | Description | |--------|-------------| | luci-app-gitea | Git platform | | luci-app-hexojs | Static site generator | | luci-app-metablogizer | Metabolizer CMS | | luci-app-streamlit | Streamlit apps | | luci-app-picobrew | PicoBrew server | | luci-app-jitsi | Video conferencing | ### Remote Access (3 modules) | Module | Description | |--------|-------------| | luci-app-rustdesk | RustDesk relay | | luci-app-guacamole | Clientless desktop | | luci-app-simplex | SimpleX Chat | ### *Plus 27 additional supporting packages...* --- ## Supported Architectures | Architecture | Targets | Example Devices | |--------------|---------|-----------------| | **ARM64** | aarch64-cortex-a53/a72, mediatek-filogic, rockchip-armv8 | MOCHAbin, NanoPi R4S/R5S, GL.iNet MT3000, Raspberry Pi 4 | | **ARM32** | arm-cortex-a7/a9-neon, qualcomm-ipq40xx | Turris Omnia, Google WiFi | | **MIPS** | mips-24kc, mipsel-24kc | TP-Link Archer, Xiaomi | | **x86** | x86-64 | PC, VMs, Docker, Proxmox | --- ## Installation ### From Pre-built Packages ```bash opkg update opkg install luci-app-secubox-portal_*.ipk opkg install luci-app-crowdsec-dashboard_*.ipk ``` ### Build from Source ```bash # Clone into OpenWrt SDK cd ~/openwrt-sdk/package/ git clone https://github.com/CyberMind-FR/secubox-openwrt.git secubox # Build make package/secubox/luci-app-secubox-portal/compile V=s ``` ### Add as Feed ``` src-git secubox https://github.com/CyberMind-FR/secubox-openwrt.git ``` --- ## MCP Integration (Claude Desktop) SecuBox includes an MCP server for AI integration: ```json { "mcpServers": { "secubox": { "command": "ssh", "args": ["root@192.168.255.1", "/usr/bin/secubox-mcp"] } } } ``` **Available tools:** `crowdsec.alerts`, `crowdsec.decisions`, `waf.logs`, `dns.queries`, `network.flows`, `system.metrics`, `wireguard.status`, `ai.analyze_threats`, `ai.cve_lookup`, `ai.suggest_waf_rules` --- ## Roadmap | Version | Status | Focus | |---------|--------|-------| | **v0.17** | Released | Core Mesh, 38 modules | | **v0.18** | Released | P2P Hub, AI Gateway, 86 modules | | **v0.19** | Released | Full P2P intelligence | | **v1.0** | **Beta** | Pen testing, bug bounty, ANSSI prep | | **v1.1** | Planned | ANSSI certification, GA release | ### Beta Release See [BETA-RELEASE.md](BETA-RELEASE.md) for security testing guidelines and bug bounty scope. --- ## Links - **Website**: [secubox.maegia.tv](https://secubox.maegia.tv) - **GitHub**: [github.com/CyberMind-FR/secubox-openwrt](https://github.com/CyberMind-FR/secubox-openwrt) - **Publisher**: [CyberMind.fr](https://cybermind.fr) - **Issues**: [GitHub Issues](https://github.com/CyberMind-FR/secubox-openwrt/issues) --- ## License Apache-2.0 © 2024-2026 CyberMind.fr --- ## Author **Gandalf** - [CyberMind.fr](https://cybermind.fr) **Ex Tenebris, Lux Securitas** Made in France