SecuBox - Security Suite for OpenWrt
Version: 0.18.0
Last Updated: 2026-03-04
Status: Production Ready
Modules: 86 LuCI Applications
Overview
SecuBox is a comprehensive security and network management suite for OpenWrt, providing a unified ecosystem of 86 specialized dashboards and tools. The platform implements a Four-Layer Architecture for defense in depth, featuring AI-powered threat analysis, P2P mesh networking, and multi-channel service exposure.
Website: secubox.maegia.tv
Publisher: CyberMind.fr
Four-Layer Architecture
+============================================================+
| LAYER 4: MESH NETWORKING |
| MirrorNet / P2P Hub / Services Mirrors |
| +--------------------------------------------------------+ |
| | LAYER 3: AI GATEWAY | |
| | MCP Server / Threat Analyst / DNS Guard | |
| | +----------------------------------------------------+ | |
| | | LAYER 2: TACTICAL | | |
| | | CrowdSec / WAF / Scenarios | | |
| | | +------------------------------------------------+ | | |
| | | | LAYER 1: OPERATIONAL | | | |
| | | | fw4 / DPI / Bouncer / HAProxy | | | |
| | | +------------------------------------------------+ | | |
| | +----------------------------------------------------+ | |
| +--------------------------------------------------------+ |
+============================================================+
| Layer |
Function |
Time Scale |
SecuBox Components |
| Layer 1 |
Real-time blocking |
ms → seconds |
nftables/fw4, netifyd DPI, CrowdSec Bouncer |
| Layer 2 |
Pattern correlation |
minutes → hours |
CrowdSec Agent/LAPI, mitmproxy WAF, Scenarios |
| Layer 3 |
AI analysis |
minutes → hours |
MCP Server, Threat Analyst, DNS Guard |
| Layer 4 |
Mesh networking |
continuous |
P2P Hub, MirrorBox, Services Registry |
Key Features
Security
- CrowdSec Integration — Real-time threat intelligence, CAPI enrollment, auto-banning
- mitmproxy WAF — HTTPS inspection with CVE detection, sensitivity-based auto-ban
- Deep Packet Inspection — netifyd/nDPId protocol analysis
- MAC Guardian — WiFi MAC spoofing detection with CrowdSec integration
- DNS Guard — AI-powered DGA, tunneling, and anomaly detection
AI Gateway
- MCP Server — Model Context Protocol for Claude Desktop integration
- Threat Analyst — Autonomous AI agent for threat analysis and rule generation
- LocalAI — Self-hosted LLM with model management
Mesh Networking
- P2P Hub — Decentralized peer discovery with globe visualization
- MirrorBox — Distributed service catalog with auto-sync
- App Store — P2P package distribution across mesh peers
- Master Link — Secure mesh onboarding with dynamic IPK generation
Service Exposure
- Punk Exposure — Multi-channel service emancipation (Tor + DNS/SSL + Mesh)
- HAProxy — Load balancer with webroot ACME, auto-SSL
- Tor Shield — .onion hidden services with split-routing
Media & Content
- Jellyfin — LXC media server with setup wizard
- Lyrion — Music server with CIFS integration
- Zigbee2MQTT — LXC Alpine container for IoT
- Domoticz — Home automation with MQTT bridge
SecuBox Modules (86 Total)
Core (6 modules)
| Module |
Description |
| luci-app-secubox |
Central dashboard/Hub |
| luci-app-secubox-portal |
Unified entry point with tabs |
| luci-app-secubox-admin |
Admin control center |
| secubox-app-bonus |
App store and documentation |
| luci-app-system-hub |
System control with backup |
| luci-theme-secubox |
KISS UI theme |
Security (15 modules)
| Module |
Description |
| luci-app-crowdsec-dashboard |
CrowdSec monitoring |
| luci-app-security-threats |
Unified netifyd + CrowdSec |
| luci-app-client-guardian |
Captive portal, parental controls |
| luci-app-auth-guardian |
OAuth2/OIDC, vouchers |
| luci-app-exposure |
Service exposure manager |
| luci-app-tor-shield |
Tor anonymization |
| luci-app-mitmproxy |
HTTPS inspection WAF |
| luci-app-mac-guardian |
WiFi MAC security |
| luci-app-dns-guard |
AI-powered DNS anomaly |
| luci-app-waf |
Web Application Firewall |
| luci-app-threat-analyst |
AI threat analysis |
| luci-app-ksm-manager |
Key/HSM management |
| luci-app-master-link |
Mesh onboarding |
| luci-app-routes-status |
VHosts route checker |
| secubox-mcp-server |
MCP protocol server |
Network (12 modules)
| Module |
Description |
| luci-app-haproxy |
Load balancer with SSL |
| luci-app-wireguard-dashboard |
WireGuard VPN |
| luci-app-vhost-manager |
Nginx reverse proxy |
| luci-app-network-modes |
Sniffer/AP/Relay/Router |
| luci-app-network-tweaks |
DNS & proxy controls |
| luci-app-dns-provider |
DNS provider API |
| luci-app-cdn-cache |
CDN optimization |
| luci-app-bandwidth-manager |
QoS and quotas |
| luci-app-traffic-shaper |
TC/CAKE shaping |
| luci-app-mqtt-bridge |
USB-to-MQTT IoT |
| luci-app-media-flow |
Streaming detection |
| luci-app-netdiag |
Network diagnostics |
DPI (2 modules)
| Module |
Description |
| luci-app-ndpid |
nDPId deep packet inspection |
| luci-app-netifyd |
netifyd flow monitoring |
P2P Mesh (4 modules)
| Module |
Description |
| luci-app-p2p |
P2P Hub with MirrorBox |
| luci-app-service-registry |
Service catalog |
| luci-app-device-intel |
Device intelligence |
| secubox-content-pkg |
Content distribution |
AI/LLM (4 modules)
| Module |
Description |
| luci-app-localai |
LocalAI v3.9.0 |
| luci-app-ollama |
Ollama LLM |
| luci-app-glances |
System monitoring |
| luci-app-netdata-dashboard |
Netdata real-time |
Media (7 modules)
| Module |
Description |
| luci-app-jellyfin |
Media server (LXC) |
| luci-app-lyrion |
Music server |
| luci-app-zigbee2mqtt |
Zigbee gateway (LXC) |
| luci-app-domoticz |
Home automation (LXC) |
| luci-app-ksmbd |
SMB/CIFS shares |
| luci-app-smbfs |
Remote mount manager |
| luci-app-magicmirror2 |
Smart display |
Content Platforms (6 modules)
| Module |
Description |
| luci-app-gitea |
Git platform |
| luci-app-hexojs |
Static site generator |
| luci-app-metablogizer |
Metabolizer CMS |
| luci-app-streamlit |
Streamlit apps |
| luci-app-picobrew |
PicoBrew server |
| luci-app-jitsi |
Video conferencing |
Remote Access (3 modules)
| Module |
Description |
| luci-app-rustdesk |
RustDesk relay |
| luci-app-guacamole |
Clientless desktop |
| luci-app-simplex |
SimpleX Chat |
Plus 27 additional supporting packages...
Supported Architectures
| Architecture |
Targets |
Example Devices |
| ARM64 |
aarch64-cortex-a53/a72, mediatek-filogic, rockchip-armv8 |
MOCHAbin, NanoPi R4S/R5S, GL.iNet MT3000, Raspberry Pi 4 |
| ARM32 |
arm-cortex-a7/a9-neon, qualcomm-ipq40xx |
Turris Omnia, Google WiFi |
| MIPS |
mips-24kc, mipsel-24kc |
TP-Link Archer, Xiaomi |
| x86 |
x86-64 |
PC, VMs, Docker, Proxmox |
Installation
From Pre-built Packages
opkg update
opkg install luci-app-secubox-portal_*.ipk
opkg install luci-app-crowdsec-dashboard_*.ipk
Build from Source
# Clone into OpenWrt SDK
cd ~/openwrt-sdk/package/
git clone https://github.com/CyberMind-FR/secubox-openwrt.git secubox
# Build
make package/secubox/luci-app-secubox-portal/compile V=s
Add as Feed
src-git secubox https://github.com/CyberMind-FR/secubox-openwrt.git
MCP Integration (Claude Desktop)
SecuBox includes an MCP server for AI integration:
{
"mcpServers": {
"secubox": {
"command": "ssh",
"args": ["root@192.168.255.1", "/usr/bin/secubox-mcp"]
}
}
}
Available tools: crowdsec.alerts, crowdsec.decisions, waf.logs, dns.queries, network.flows, system.metrics, wireguard.status, ai.analyze_threats, ai.cve_lookup, ai.suggest_waf_rules
Roadmap
| Version |
Status |
Focus |
| v0.17 |
Released |
Core Mesh, 38 modules |
| v0.18 |
Current |
P2P Hub, AI Gateway, 86 modules |
| v0.19 |
Planned |
Full P2P intelligence |
| v1.0 |
Planned |
ANSSI certification |
Links
License
Apache-2.0 © 2024-2026 CyberMind.fr
Author
Gandalf - CyberMind.fr
Ex Tenebris, Lux Securitas
Made in France
CyberMind-FR
2f0dc626ac