An Advanced AI-Powered Cybersecurity Deception Platform for Real-Time Threat Detection & Attacker Intelligence
A full-stack cybersecurity platform that deploys realistic cloud honeypots, captures attacker behavior, profiles threats using AI, and visualizes attacks through an interactive global dashboard.
- ๐ Fake S3 Bucket โ Simulates AWS S3 operations (
GET,PUT,DELETE) - ๐ Fake AWS Credentials โ Baits credential harvesters
- ๐ Fake Admin Login Portal โ Captures brute-force attempts
- ๐๏ธ Fake Database Config Leak โ Exposes decoy secrets
- โก 5-Provider AI Waterfall Engine
- ๐ง Groq โ Gemini โ OpenRouter โ Rule-Based
- ๐ Logarithmic Threat Scoring
- ๐พ SQLite Cached Profiles
- ๐จ 5-Tier Threat Classification
- ๐บ๏ธ Global Threat Map with Curved Attack Flow Lines
- ๐ Geo-Located Attacker Markers
- ๐ Real-Time Event Feed
- ๐ Sliding Live Event Log Drawer
- ๐ง Animated AI Profile Cards
- ๐ Telemetry + Analytics Modules
- ๐ 25 Simulated Attackers from 15+ Countries
- ๐น๏ธ 4 Simulation Speeds
- โฑ๏ธ Auto-Termination Controls
- ๐๏ธ Dynamic Speed Adjustment
flowchart TD
A[๐ External Attackers / Bots] --> B[๐ชค Honeypot Trap Layer]
subgraph TrapLayer [Honeypot Services]
B1[Fake S3 Bucket]
B2[Fake AWS Credentials]
B3[Fake Admin Login]
B4[Fake DB Config Leak]
end
B --> B1
B --> B2
B --> B3
B --> B4
B1 --> C[๐ฅ Event Capture Engine]
B2 --> C
B3 --> C
B4 --> C
C --> D[๐ IP Geolocation Service]
D --> E[๐๏ธ SQLite Database]
E --> F[๐ค AI Profiling Engine]
subgraph AIEngine [Threat Intelligence Waterfall]
F1[Groq]
F2[Gemini]
F3[OpenRouter]
F4[Rule-Based Engine]
end
F --> F1
F --> F2
F --> F3
F --> F4
F --> G[๐ Threat Score Generation]
G --> H[โก React Dashboard]
subgraph Dashboard [Visualization Layer]
H1[Global Threat Map]
H2[Live Event Feed]
H3[AI Profile Cards]
H4[Telemetry]
H5[Analytics Charts]
end
H --> H1
H --> H2
H --> H3
H --> H4
H --> H5
I[๐ฎ Attack Simulator] --> B
| Layer | Technology |
|---|---|
| Backend | Python, Flask, SQLite |
| Frontend | React, Vite |
| AI Models | Groq, Gemini, OpenRouter |
| Visualization | Leaflet, Recharts |
| Geolocation | ip-api.com |
| Alerts | Slack Webhooks |
cd backend
pip install flask flask-cors python-dotenv requests groq google-generativeai openai pdfplumber pandas
cp .env.example .env
python db.py
python app.pycd frontend
npm install
npm run devConfigure inside backend/.env
| Variable | Purpose |
|---|---|
| GROQ_API_KEY | Primary AI Model |
| GEMINI_API_KEY | Fallback AI |
| OPENROUTER_API_KEY | Last-Resort AI |
| SLACK_WEBHOOK_URL | Alert Notifications |
curl -X POST http://localhost:5000/admin/login \
-H "Content-Type: application/json" \
-d '{"user":"admin","pass":"admin123"}'curl http://localhost:5000/aws/credentialscurl http://localhost:5000/fake-s3/prod-backup/db-dump.sql| Endpoint | Method | Description |
|---|---|---|
/fake-s3/<bucket>/<key> |
GET/PUT/DELETE | Fake S3 Access |
/aws/credentials |
GET/POST | Fake AWS Keys |
/admin/login |
GET/POST | Admin Login Trap |
/config/database |
GET | Fake DB Leak |
| Endpoint | Method |
|---|---|
/api/simulator/start |
POST |
/api/simulator/stop |
POST |
/api/simulator/status |
GET |
Honeypot/
โโโ backend/
โ โโโ uploads/
โ โโโ app.py
โ โโโ analyzer.py
โ โโโ capture.py
โ โโโ db.py
โ โโโ simulator.py
โ โโโ alerter.py
โ โโโ honeypot.db
โ
โโโ frontend/
โ โโโ src/
โ โ โโโ App.jsx
โ โ โโโ Dashboard.jsx
โ โ โโโ ThreatMap.jsx
โ โ โโโ ProfileCard.jsx
โ โ โโโ Telemetry.jsx
โ โ โโโ ...
โ โ
โ โโโ package.json
โ โโโ vite.config.js
โ
โโโ README.md- Kubernetes Honeypot Support
- Machine Learning Anomaly Detection
- SIEM Integration
- Multi-Tenant Architecture
- Docker Deployment
Educational / Research Purposes Only