secubox-openwrt/README.md

SecuBox - Security Suite for OpenWrt

Version: 1.0.0-beta Last Updated: 2026-03-15 Status: Beta — Ready for Pen Testing & Bug Bounty Modules: 86 LuCI Applications

---

Overview

SecuBox is a comprehensive security and network management suite for OpenWrt, providing a unified ecosystem of 86 specialized dashboards and tools. The platform implements a Four-Layer Architecture for defense in depth, featuring AI-powered threat analysis, P2P mesh networking, and multi-channel service exposure.

Website: secubox.maegia.tv Publisher: CyberMind.fr

---

Four-Layer Architecture

+============================================================+
|              LAYER 4: MESH NETWORKING                       |
|              MirrorNet / P2P Hub / Services Mirrors         |
|  +--------------------------------------------------------+ |
|  |           LAYER 3: AI GATEWAY                          | |
|  |           MCP Server / Threat Analyst / DNS Guard      | |
|  |  +----------------------------------------------------+ | |
|  |  |         LAYER 2: TACTICAL                          | | |
|  |  |         CrowdSec / WAF / Scenarios                 | | |
|  |  |  +------------------------------------------------+ | | |
|  |  |  |       LAYER 1: OPERATIONAL                     | | | |
|  |  |  |       fw4 / DPI / Bouncer / HAProxy            | | | |
|  |  |  +------------------------------------------------+ | | |
|  |  +----------------------------------------------------+ | |
|  +--------------------------------------------------------+ |
+============================================================+

Layer	Function	Time Scale	SecuBox Components
Layer 1	Real-time blocking	ms → seconds	nftables/fw4, netifyd DPI, CrowdSec Bouncer
Layer 2	Pattern correlation	minutes → hours	CrowdSec Agent/LAPI, mitmproxy WAF, Scenarios
Layer 3	AI analysis	minutes → hours	MCP Server, Threat Analyst, DNS Guard
Layer 4	Mesh networking	continuous	P2P Hub, MirrorBox, Services Registry

---

Key Features

Security

• CrowdSec Integration — Real-time threat intelligence, CAPI enrollment, auto-banning
• mitmproxy WAF — HTTPS inspection with CVE detection, sensitivity-based auto-ban
• Deep Packet Inspection — netifyd/nDPId protocol analysis
• MAC Guardian — WiFi MAC spoofing detection with CrowdSec integration
• DNS Guard — AI-powered DGA, tunneling, and anomaly detection

AI Gateway

• MCP Server — Model Context Protocol for Claude Desktop integration
• Threat Analyst — Autonomous AI agent for threat analysis and rule generation
• LocalAI — Self-hosted LLM with model management

Mesh Networking

• P2P Hub — Decentralized peer discovery with globe visualization
• MirrorBox — Distributed service catalog with auto-sync
• App Store — P2P package distribution across mesh peers
• Master Link — Secure mesh onboarding with dynamic IPK generation

Service Exposure

• Punk Exposure — Multi-channel service emancipation (Tor + DNS/SSL + Mesh)
• HAProxy — Load balancer with webroot ACME, auto-SSL
• Tor Shield — .onion hidden services with split-routing

Media & Content

• Jellyfin — LXC media server with setup wizard
• Lyrion — Music server with CIFS integration
• Zigbee2MQTT — LXC Alpine container for IoT
• Domoticz — Home automation with MQTT bridge

---

SecuBox Modules (86 Total)

Core (6 modules)

Module	Description
luci-app-secubox	Central dashboard/Hub
luci-app-secubox-portal	Unified entry point with tabs
luci-app-secubox-admin	Admin control center
secubox-app-bonus	App store and documentation
luci-app-system-hub	System control with backup
luci-theme-secubox	KISS UI theme

Security (15 modules)

Module	Description
luci-app-crowdsec-dashboard	CrowdSec monitoring
luci-app-security-threats	Unified netifyd + CrowdSec
luci-app-client-guardian	Captive portal, parental controls
luci-app-auth-guardian	OAuth2/OIDC, vouchers
luci-app-exposure	Service exposure manager
luci-app-tor-shield	Tor anonymization
luci-app-mitmproxy	HTTPS inspection WAF
luci-app-mac-guardian	WiFi MAC security
luci-app-dns-guard	AI-powered DNS anomaly
luci-app-waf	Web Application Firewall
luci-app-threat-analyst	AI threat analysis
luci-app-ksm-manager	Key/HSM management
luci-app-master-link	Mesh onboarding
luci-app-routes-status	VHosts route checker
secubox-mcp-server	MCP protocol server

Network (12 modules)

Module	Description
luci-app-haproxy	Load balancer with SSL
luci-app-wireguard-dashboard	WireGuard VPN
luci-app-vhost-manager	Nginx reverse proxy
luci-app-network-modes	Sniffer/AP/Relay/Router
luci-app-network-tweaks	DNS & proxy controls
luci-app-dns-provider	DNS provider API
luci-app-cdn-cache	CDN optimization
luci-app-bandwidth-manager	QoS and quotas
luci-app-traffic-shaper	TC/CAKE shaping
luci-app-mqtt-bridge	USB-to-MQTT IoT
luci-app-media-flow	Streaming detection
luci-app-netdiag	Network diagnostics

DPI (2 modules)

Module	Description
luci-app-ndpid	nDPId deep packet inspection
luci-app-netifyd	netifyd flow monitoring

P2P Mesh (4 modules)

Module	Description
luci-app-p2p	P2P Hub with MirrorBox
luci-app-service-registry	Service catalog
luci-app-device-intel	Device intelligence
secubox-content-pkg	Content distribution

AI/LLM (4 modules)

Module	Description
luci-app-localai	LocalAI v3.9.0
luci-app-ollama	Ollama LLM
luci-app-glances	System monitoring
luci-app-netdata-dashboard	Netdata real-time

Media (7 modules)

Module	Description
luci-app-jellyfin	Media server (LXC)
luci-app-lyrion	Music server
luci-app-zigbee2mqtt	Zigbee gateway (LXC)
luci-app-domoticz	Home automation (LXC)
luci-app-ksmbd	SMB/CIFS shares
luci-app-smbfs	Remote mount manager
luci-app-magicmirror2	Smart display

Content Platforms (6 modules)

Module	Description
luci-app-gitea	Git platform
luci-app-hexojs	Static site generator
luci-app-metablogizer	Metabolizer CMS
luci-app-streamlit	Streamlit apps
luci-app-picobrew	PicoBrew server
luci-app-jitsi	Video conferencing

Remote Access (3 modules)

Module	Description
luci-app-rustdesk	RustDesk relay
luci-app-guacamole	Clientless desktop
luci-app-simplex	SimpleX Chat

Plus 27 additional supporting packages...

---

Supported Architectures

Architecture	Targets	Example Devices
ARM64	aarch64-cortex-a53/a72, mediatek-filogic, rockchip-armv8	MOCHAbin, NanoPi R4S/R5S, GL.iNet MT3000, Raspberry Pi 4
ARM32	arm-cortex-a7/a9-neon, qualcomm-ipq40xx	Turris Omnia, Google WiFi
MIPS	mips-24kc, mipsel-24kc	TP-Link Archer, Xiaomi
x86	x86-64	PC, VMs, Docker, Proxmox

---

Installation

From Pre-built Packages

opkg update
opkg install luci-app-secubox-portal_*.ipk
opkg install luci-app-crowdsec-dashboard_*.ipk

Build from Source

# Clone into OpenWrt SDK
cd ~/openwrt-sdk/package/
git clone https://github.com/CyberMind-FR/secubox-openwrt.git secubox

# Build
make package/secubox/luci-app-secubox-portal/compile V=s

Add as Feed

src-git secubox https://github.com/CyberMind-FR/secubox-openwrt.git

---

MCP Integration (Claude Desktop)

SecuBox includes an MCP server for AI integration:

{
  "mcpServers": {
    "secubox": {
      "command": "ssh",
      "args": ["root@192.168.255.1", "/usr/bin/secubox-mcp"]
    }
  }
}

Available tools: crowdsec.alerts, crowdsec.decisions, waf.logs, dns.queries, network.flows, system.metrics, wireguard.status, ai.analyze_threats, ai.cve_lookup, ai.suggest_waf_rules

---

Roadmap

Version	Status	Focus
v0.17	Released	Core Mesh, 38 modules
v0.18	Released	P2P Hub, AI Gateway, 86 modules
v0.19	Released	Full P2P intelligence
v1.0	Beta	Pen testing, bug bounty, ANSSI prep
v1.1	Planned	ANSSI certification, GA release

Beta Release

See BETA-RELEASE.md for security testing guidelines and bug bounty scope.

Default Credentials (VM Appliance)

• Username: root
• Password: c3box (change on first login!)

---

Links

• Website: secubox.maegia.tv
• GitHub: github.com/CyberMind-FR/secubox-openwrt
• Publisher: CyberMind.fr
• Issues: GitHub Issues

---

License

Apache-2.0 © 2024-2026 CyberMind.fr

---

Author

Gandalf - CyberMind.fr

Ex Tenebris, Lux Securitas

Made in France