CyberMind-FR
2e772c1fa9
- PROJECT-STATUS-AND-INNOVATION.md: Complete rewrite with current status - Four-layer architecture documentation - Punk Exposure three-channel model - All implemented innovations (AI Gateway, MCP, DPI, etc.) - Bug bounty scope and attack surface - VM distribution details - README.md: Added default VM credentials Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
9.1 KiB
9.1 KiB
SecuBox v1.0.0-beta — Project Status & Innovation
Version: 1.0.0-beta Status: Beta Release — Pen Testing & Bug Bounty Ready Date: 2026-03-15 Publisher: CyberMind.fr
Executive Summary
SecuBox is a production-ready security and mesh networking platform for OpenWrt, featuring 86 LuCI modules, AI-powered threat analysis, and a unique three-channel service exposure model. The v1.0.0-beta release is ready for security testing and bug bounty programs.
Key Achievements
| Metric | Value |
|---|---|
| LuCI Modules | 86 |
| Total Packages | 123+ |
| RPCD Methods | 400+ |
| JavaScript Views | 150+ |
| Architectures | x86-64, ARM64, MIPS, MediaTek |
Release Artifacts
- Source Code: github.com/CyberMind-FR/secubox-openwrt
- VM Appliance: SecuBox-v1.0.0-beta.tar.gz (69 MB)
- Documentation: BETA-RELEASE.md, SECURITY.md
Four-Layer Security Architecture
+============================================================+
| LAYER 4: MESH NETWORKING |
| MirrorNet / P2P Hub / Services Mirrors |
| +--------------------------------------------------------+ |
| | LAYER 3: AI GATEWAY | |
| | MCP Server / Threat Analyst / DNS Guard | |
| | +----------------------------------------------------+ | |
| | | LAYER 2: TACTICAL | | |
| | | CrowdSec / WAF / Scenarios | | |
| | | +------------------------------------------------+ | | |
| | | | LAYER 1: OPERATIONAL | | | |
| | | | fw4 / DPI / Bouncer / HAProxy | | | |
| | | +------------------------------------------------+ | | |
| | +----------------------------------------------------+ | |
| +--------------------------------------------------------+ |
+============================================================+
| Layer | Function | Time Scale | Components |
|---|---|---|---|
| Layer 1 | Real-time blocking | ms → seconds | nftables/fw4, netifyd DPI, CrowdSec Bouncer |
| Layer 2 | Pattern correlation | minutes → hours | CrowdSec Agent/LAPI, mitmproxy WAF, Scenarios |
| Layer 3 | AI analysis | minutes → hours | MCP Server, Threat Analyst, DNS Guard |
| Layer 4 | Mesh networking | continuous | P2P Hub, MirrorBox, Services Registry |
Punk Exposure — Three-Channel Service Publishing
The Peek / Poke / Emancipate model enables decentralized service exposure:
┌─────────────────────────────────────────────────────────────┐
│ YOUR CONTENT/SERVICE │
└─────────────────────────────────────────────────────────────┘
│
┌──────────────────┼──────────────────┐
▼ ▼ ▼
┌─────────┐ ┌─────────┐ ┌─────────┐
│ TOR │ │ DNS │ │ MESH │
│ .onion │ │ /SSL │ │ P2P │
└─────────┘ └─────────┘ └─────────┘
Anonymous Classical Tribal
Hidden Service HTTPS Gossip Network
| Channel | Use Case | Status |
|---|---|---|
| Tor | Anonymous hidden services | ✅ Implemented |
| DNS/SSL | Classical HTTPS with auto-SSL | ✅ Implemented |
| Mesh | Tribal gossip network | ✅ Implemented |
Emancipate CLI
# Full emancipation (Tor + DNS + Mesh)
secubox-exposure emancipate myblog 8080 blog.example.com --all
# Selective channels
secubox-exposure emancipate myapp 8080 myapp.secubox.in --dns --mesh
Innovation Highlights
1. AI Gateway (Implemented)
Data Classification & Routing:
- LOCAL_ONLY: Sensitive data stays on device
- SANITIZED: PII scrubbed before EU cloud processing
- CLOUD_DIRECT: Generic queries to opted-in providers
Provider Priority: LocalAI → Mistral EU → Claude → OpenAI → Gemini
2. MCP Server (Implemented)
Model Context Protocol integration for Claude Desktop:
{
"mcpServers": {
"secubox": {
"command": "ssh",
"args": ["root@192.168.255.1", "/usr/bin/secubox-mcp"]
}
}
}
Available Tools: crowdsec.alerts, waf.logs, dns.queries, network.flows, ai.analyze_threats, ai.suggest_waf_rules
3. Dual-Stream DPI (Implemented)
Phase 1 — TAP Stream: tc mirred passive monitoring Phase 2 — MITM Double Buffer: Enhanced correlation Phase 3 — Correlation Engine: Auto-ban for high-reputation IPs Phase 4 — LAN Passive Flow: Zero-MITM LAN observation
4. Threat Analyst (Implemented)
Autonomous AI agent for:
- Real-time threat analysis
- CrowdSec scenario generation
- WAF rule suggestions
- CVE lookups and context enrichment
5. Configuration Vault (Implemented)
Git-based config versioning with:
- Auto-commit and auto-push
- 9 configuration modules
- Export/import clone tarballs
- Device provisioning workflows
6. Unified SMTP Relay (Implemented)
Centralized SMTP configuration:
- Modes: external (Gmail, SendGrid), local (auto-detect), direct
- Shared library:
send_mail()function - All SecuBox apps use unified relay
Module Categories
Core (6 modules)
- luci-app-secubox, luci-app-secubox-portal, luci-app-secubox-admin
- secubox-app-bonus, luci-app-system-hub, luci-theme-secubox
Security (15 modules)
- CrowdSec, mitmproxy WAF, MAC Guardian, DNS Guard
- Threat Analyst, KSM Manager, Master Link
- Auth Guardian, Client Guardian, Exposure Manager
Network (12 modules)
- HAProxy, WireGuard, Network Modes, DNS Provider
- Bandwidth Manager, Traffic Shaper, CDN Cache
AI/LLM (4 modules)
- LocalAI, Ollama, AI Gateway, MCP Server
Media (7 modules)
- Jellyfin, Lyrion, PhotoPrism, Zigbee2MQTT, Domoticz
Content Platforms (6 modules)
- Gitea, MetaBlogizer, HexoJS, Streamlit, Jitsi
P2P Mesh (4 modules)
- P2P Hub, Service Registry, Device Intel, Content Package
Roadmap
| Version | Status | Focus |
|---|---|---|
| v0.17 | ✅ Released | Core Mesh, 38 modules |
| v0.18 | ✅ Released | P2P Hub, AI Gateway, 86 modules |
| v0.19 | ✅ Released | Full P2P intelligence |
| v1.0.0-beta | Current | Pen testing, bug bounty, documentation |
| v1.1 | Planned | ANSSI certification, GA release |
v1.1 Targets
- ANSSI CSPN Certification — French security certification
- CRA Compliance — EU Cyber Resilience Act readiness
- SBOM Pipeline — Automated vulnerability scanning
- Enterprise Features — Multi-tenant, SSO, audit logging
Security Testing
The v1.0.0-beta release is specifically prepared for:
Attack Surface
| Layer | Components | Risk Areas |
|---|---|---|
| Network Edge | HAProxy, mitmproxy WAF | WAF bypass, header injection |
| Applications | LuCI, RPCD | Shell injection, XSS, CSRF |
| Containers | LXC services | Container escape, privilege escalation |
| Mesh/P2P | WireGuard, gossip | Key theft, peer impersonation |
Bug Bounty Scope
| Severity | Category |
|---|---|
| Critical | RCE, Auth Bypass |
| High | Privilege Escalation, WAF Bypass |
| Medium | Information Disclosure |
| Low | DoS, XSS |
Report: security@cybermind.fr
Distribution
Virtual Appliance
| File | Format | Use |
|---|---|---|
| C3Box-SecuBox.ova | OVA | VMware, VirtualBox |
| C3Box-SecuBox.vdi | VDI | VirtualBox |
| C3Box-SecuBox.vmdk | VMDK | VMware |
| C3Box-SecuBox.qcow2 | QCOW2 | Proxmox/KVM |
Default Login: root / c3box
Package Feed
src/gz secubox https://secubox.in/feed
Technical Stack
| Component | Technology |
|---|---|
| OS | OpenWrt 24.10.x / 25.12 |
| Frontend | LuCI JavaScript, KISS Theme |
| Backend | RPCD/ubus, Shell, Lua |
| Security | CrowdSec, mitmproxy, nftables |
| Containers | LXC (Alpine/Debian) |
| AI | LocalAI, Claude API, Mistral |
| P2P | WireGuard, Gossip Protocol |
Contributors
- Lead: Gandalf — CyberMind.fr
- AI Assistance: Claude (Anthropic)
Links
- Website: secubox.maegia.tv
- GitHub: github.com/CyberMind-FR/secubox-openwrt
- Security: BETA-RELEASE.md | SECURITY.md
- Issues: GitHub Issues
Ex Tenebris, Lux Securitas
© 2024-2026 CyberMind.fr — Apache-2.0 License