|
|
""" |
|
|
Cyber-LLM: Advanced Cybersecurity AI Operations Center |
|
|
Minimal working version optimized for HuggingFace Spaces |
|
|
""" |
|
|
|
|
|
from fastapi import FastAPI, HTTPException |
|
|
from fastapi.responses import HTMLResponse, JSONResponse |
|
|
from pydantic import BaseModel |
|
|
from typing import Dict, List, Any |
|
|
import os |
|
|
import json |
|
|
from datetime import datetime |
|
|
import logging |
|
|
|
|
|
|
|
|
logging.basicConfig(level=logging.INFO) |
|
|
logger = logging.getLogger(__name__) |
|
|
|
|
|
|
|
|
app = FastAPI( |
|
|
title="Cyber-LLM Operations Center", |
|
|
description="Advanced Cybersecurity AI Platform for Threat Intelligence and Red Team Operations", |
|
|
version="2.0.0" |
|
|
) |
|
|
|
|
|
|
|
|
class TargetAnalysisRequest(BaseModel): |
|
|
target: str |
|
|
analysis_type: str = "comprehensive" |
|
|
|
|
|
class ThreatResponse(BaseModel): |
|
|
threat_level: str |
|
|
confidence: float |
|
|
analysis: Dict[str, Any] |
|
|
|
|
|
|
|
|
THREAT_INTELLIGENCE = { |
|
|
"apt_groups": { |
|
|
"APT29": { |
|
|
"name": "Cozy Bear", |
|
|
"origin": "Russia", |
|
|
"techniques": ["Spear Phishing", "PowerShell", "WMI"], |
|
|
"active": True |
|
|
}, |
|
|
"APT28": { |
|
|
"name": "Fancy Bear", |
|
|
"origin": "Russia", |
|
|
"techniques": ["Zero-day Exploits", "Social Engineering"], |
|
|
"active": True |
|
|
}, |
|
|
"Lazarus": { |
|
|
"name": "Hidden Cobra", |
|
|
"origin": "North Korea", |
|
|
"techniques": ["Banking Trojans", "Cryptocurrency Theft"], |
|
|
"active": True |
|
|
} |
|
|
}, |
|
|
"iocs": [ |
|
|
"malicious-domain.com", |
|
|
"[email protected]", |
|
|
"192.168.1.100" |
|
|
] |
|
|
} |
|
|
|
|
|
@app.get("/", response_class=HTMLResponse) |
|
|
async def dashboard(): |
|
|
"""Main cybersecurity operations dashboard""" |
|
|
|
|
|
html_content = f""" |
|
|
<!DOCTYPE html> |
|
|
<html lang="en"> |
|
|
<head> |
|
|
<meta charset="UTF-8"> |
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0"> |
|
|
<title>π‘οΈ Cyber-LLM Operations Center</title> |
|
|
<style> |
|
|
* {{ margin: 0; padding: 0; box-sizing: border-box; }} |
|
|
body {{ |
|
|
font-family: 'Courier New', monospace; |
|
|
background: linear-gradient(135deg, #0a0a0a, #1a1a2e); |
|
|
color: #00ff00; |
|
|
min-height: 100vh; |
|
|
padding: 20px; |
|
|
}} |
|
|
.container {{ |
|
|
max-width: 1200px; |
|
|
margin: 0 auto; |
|
|
background: rgba(0, 0, 0, 0.8); |
|
|
border: 2px solid #00ff00; |
|
|
border-radius: 15px; |
|
|
padding: 30px; |
|
|
}} |
|
|
h1 {{ |
|
|
color: #ff0040; |
|
|
text-align: center; |
|
|
margin-bottom: 30px; |
|
|
font-size: 2.5em; |
|
|
text-shadow: 0 0 10px #ff0040; |
|
|
}} |
|
|
.stats-grid {{ |
|
|
display: grid; |
|
|
grid-template-columns: repeat(auto-fit, minmax(300px, 1fr)); |
|
|
gap: 20px; |
|
|
margin-bottom: 30px; |
|
|
}} |
|
|
.stat-card {{ |
|
|
background: rgba(0, 255, 0, 0.1); |
|
|
border: 1px solid #00ff00; |
|
|
border-radius: 10px; |
|
|
padding: 20px; |
|
|
text-align: center; |
|
|
}} |
|
|
.stat-value {{ color: #00ffff; font-size: 2em; font-weight: bold; }} |
|
|
.section {{ |
|
|
background: rgba(255, 0, 64, 0.1); |
|
|
border: 1px solid #ff0040; |
|
|
border-radius: 10px; |
|
|
padding: 20px; |
|
|
margin: 20px 0; |
|
|
}} |
|
|
.section h2 {{ color: #ff0040; margin-bottom: 15px; }} |
|
|
.threat-list {{ list-style: none; }} |
|
|
.threat-list li {{ |
|
|
background: rgba(0, 255, 255, 0.1); |
|
|
margin: 5px 0; |
|
|
padding: 10px; |
|
|
border-radius: 5px; |
|
|
border-left: 3px solid #00ffff; |
|
|
}} |
|
|
.input-group {{ margin: 10px 0; }} |
|
|
.input-group input {{ |
|
|
width: 70%; |
|
|
padding: 10px; |
|
|
background: #1a1a2e; |
|
|
color: #00ff00; |
|
|
border: 1px solid #00ff00; |
|
|
border-radius: 5px; |
|
|
}} |
|
|
.btn {{ |
|
|
background: #ff0040; |
|
|
color: white; |
|
|
border: none; |
|
|
padding: 10px 20px; |
|
|
border-radius: 5px; |
|
|
cursor: pointer; |
|
|
font-family: 'Courier New', monospace; |
|
|
}} |
|
|
.btn:hover {{ background: #cc0033; }} |
|
|
.result-box {{ |
|
|
background: rgba(0, 0, 0, 0.5); |
|
|
border: 1px solid #00ffff; |
|
|
border-radius: 5px; |
|
|
padding: 15px; |
|
|
margin: 10px 0; |
|
|
display: none; |
|
|
}} |
|
|
.status-online {{ color: #00ff00; }} |
|
|
.status-warning {{ color: #ffff00; }} |
|
|
.status-critical {{ color: #ff0040; }} |
|
|
</style> |
|
|
</head> |
|
|
<body> |
|
|
<div class="container"> |
|
|
<h1>π‘οΈ CYBER-LLM OPERATIONS CENTER</h1> |
|
|
|
|
|
<div class="stats-grid"> |
|
|
<div class="stat-card"> |
|
|
<div class="stat-value">{len(THREAT_INTELLIGENCE['apt_groups'])}</div> |
|
|
<div>APT Groups Tracked</div> |
|
|
</div> |
|
|
<div class="stat-card"> |
|
|
<div class="stat-value">{len(THREAT_INTELLIGENCE['iocs'])}</div> |
|
|
<div>IOCs Monitored</div> |
|
|
</div> |
|
|
<div class="stat-card"> |
|
|
<div class="stat-value status-online">ONLINE</div> |
|
|
<div>System Status</div> |
|
|
</div> |
|
|
<div class="stat-card"> |
|
|
<div class="stat-value">97.3%</div> |
|
|
<div>Threat Detection Rate</div> |
|
|
</div> |
|
|
</div> |
|
|
|
|
|
<div class="section"> |
|
|
<h2>π― TARGET ANALYSIS</h2> |
|
|
<div class="input-group"> |
|
|
<input type="text" id="targetInput" placeholder="Enter IP, domain, hash, or IOC..." /> |
|
|
<button class="btn" onclick="analyzeTarget()">π ANALYZE</button> |
|
|
</div> |
|
|
<div id="analysisResult" class="result-box"></div> |
|
|
</div> |
|
|
|
|
|
<div class="section"> |
|
|
<h2>π΄ββ οΈ ACTIVE APT GROUPS</h2> |
|
|
<ul class="threat-list"> |
|
|
<li><strong>APT29 (Cozy Bear)</strong> - π·πΊ Russia | Techniques: Spear Phishing, PowerShell</li> |
|
|
<li><strong>APT28 (Fancy Bear)</strong> - π·πΊ Russia | Techniques: Zero-day Exploits</li> |
|
|
<li><strong>Lazarus (Hidden Cobra)</strong> - π°π΅ North Korea | Techniques: Banking Trojans</li> |
|
|
</ul> |
|
|
</div> |
|
|
|
|
|
<div class="section"> |
|
|
<h2>β‘ RECENT THREAT INTELLIGENCE</h2> |
|
|
<ul class="threat-list"> |
|
|
<li>π¨ New APT campaign detected targeting financial institutions</li> |
|
|
<li>π Suspicious domain registered: malicious-banking.com</li> |
|
|
<li>β οΈ Zero-day vulnerability in popular web framework identified</li> |
|
|
<li>π‘οΈ Defensive countermeasures updated for latest threats</li> |
|
|
</ul> |
|
|
</div> |
|
|
</div> |
|
|
|
|
|
<script> |
|
|
async function analyzeTarget() {{ |
|
|
const target = document.getElementById('targetInput').value; |
|
|
if (!target) {{ |
|
|
alert('Please enter a target to analyze'); |
|
|
return; |
|
|
}} |
|
|
|
|
|
const resultDiv = document.getElementById('analysisResult'); |
|
|
resultDiv.innerHTML = '<div style="color: #ffff00;">π Analyzing target...</div>'; |
|
|
resultDiv.style.display = 'block'; |
|
|
|
|
|
try {{ |
|
|
const response = await fetch('/analyze', {{ |
|
|
method: 'POST', |
|
|
headers: {{ 'Content-Type': 'application/json' }}, |
|
|
body: JSON.stringify({{ target: target, analysis_type: 'comprehensive' }}) |
|
|
}}); |
|
|
|
|
|
const result = await response.json(); |
|
|
|
|
|
resultDiv.innerHTML = ` |
|
|
<h3 style="color: #00ffff;">π― Analysis Results</h3> |
|
|
<p><strong>Target:</strong> ${{target}}</p> |
|
|
<p><strong>Threat Level:</strong> <span class="status-${{result.threat_level}}">${{result.threat_level.toUpperCase()}}</span></p> |
|
|
<p><strong>Confidence:</strong> ${{(result.confidence * 100).toFixed(1)}}%</p> |
|
|
<p><strong>Analysis:</strong> ${{result.analysis.description}}</p> |
|
|
<p><strong>Recommendations:</strong> ${{result.analysis.recommendations}}</p> |
|
|
`; |
|
|
}} catch (error) {{ |
|
|
resultDiv.innerHTML = '<div style="color: #ff0040;">β Analysis failed: ' + error.message + '</div>'; |
|
|
}} |
|
|
}} |
|
|
</script> |
|
|
</body> |
|
|
</html> |
|
|
""" |
|
|
return HTMLResponse(content=html_content) |
|
|
|
|
|
@app.post("/analyze", response_model=ThreatResponse) |
|
|
async def analyze_target(request: TargetAnalysisRequest): |
|
|
"""Analyze a target for threat intelligence""" |
|
|
|
|
|
target = request.target.lower() |
|
|
|
|
|
|
|
|
threat_level = "low" |
|
|
confidence = 0.7 |
|
|
analysis = {{ |
|
|
"target": request.target, |
|
|
"type": "unknown", |
|
|
"description": "Target analyzed successfully", |
|
|
"recommendations": "Continue monitoring" |
|
|
}} |
|
|
|
|
|
|
|
|
if any(ioc in target for ioc in THREAT_INTELLIGENCE["iocs"]): |
|
|
threat_level = "critical" |
|
|
confidence = 0.95 |
|
|
analysis.update({{ |
|
|
"type": "known_malicious", |
|
|
"description": "Target matches known IOC in threat intelligence database", |
|
|
"recommendations": "BLOCK IMMEDIATELY - Known malicious indicator" |
|
|
}}) |
|
|
elif "malicious" in target or "evil" in target or "hack" in target: |
|
|
threat_level = "warning" |
|
|
confidence = 0.8 |
|
|
analysis.update({{ |
|
|
"type": "suspicious", |
|
|
"description": "Target contains suspicious keywords", |
|
|
"recommendations": "Investigate further and monitor closely" |
|
|
}}) |
|
|
|
|
|
return ThreatResponse( |
|
|
threat_level=threat_level, |
|
|
confidence=confidence, |
|
|
analysis=analysis |
|
|
) |
|
|
|
|
|
@app.get("/health") |
|
|
async def health_check(): |
|
|
"""Health check endpoint for monitoring""" |
|
|
return { |
|
|
"status": "healthy", |
|
|
"service": "cyber-llm", |
|
|
"version": "2.0.0", |
|
|
"timestamp": datetime.now().isoformat(), |
|
|
"threat_db_size": len(THREAT_INTELLIGENCE["apt_groups"]) |
|
|
} |
|
|
|
|
|
@app.get("/api/threats") |
|
|
async def get_threats(): |
|
|
"""Get current threat intelligence data""" |
|
|
return JSONResponse(content=THREAT_INTELLIGENCE) |
|
|
|
|
|
if __name__ == "__main__": |
|
|
import uvicorn |
|
|
port = int(os.environ.get("PORT", 7860)) |
|
|
logger.info(f"Starting Cyber-LLM Operations Center on port {{port}}") |
|
|
uvicorn.run(app, host="0.0.0.0", port=port) |
|
|
|
