sssnake/Autarch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Autarch/master_plan.md

418 lines
14 KiB
Markdown
Raw Normal View History

Initial public release — AUTARCH v1.0.0 Full security platform with web dashboard, 16 Flask blueprints, 26 modules, autonomous AI agent, WebUSB hardware support, and Archon Android companion app. Includes Hash Toolkit, debug console, anti-stalkerware shield, Metasploit/RouterSploit integration, WireGuard VPN, OSINT reconnaissance, and multi-backend LLM support. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-01 03:57:32 -08:00
# AUTARCH Evolution Plan
## From CLI Framework to Full-Stack Security Platform
### Context
AUTARCH is currently a CLI-only Python security framework at `/home/snake/dh_framework/` with 20+ modules across 6 categories (Defense, Offense, Counter, Analyze, OSINT, Simulate), LLM integration (llama.cpp/transformers/Claude), Metasploit RPC integration, and an OSINT sites database with 7,200+ sites.
There is also a UPnP port forwarding script at `/home/snake/wg_setec/upnp-renew.sh` (using miniupnpc) that forwards ports 443/TCP, 51820/UDP, 8080/TCP but has **no cron job installed** despite being intended to run every 12 hours.
The goal is to evolve AUTARCH into a portable, cross-platform security platform with a web dashboard, advanced OSINT search engine, Wireshark integration, UPnP management, and Docker packaging -- while preserving the existing CLI interface.
---
## Phase 0: Backup & New Working Directory
**What:** Copy the codebase to `~/autarch`, excluding models (9GB).
**Steps:**
1. `mkdir ~/autarch`
2. `rsync -av --exclude='models/' --exclude='snoop/' --exclude='__pycache__/' /home/snake/dh_framework/ ~/autarch/`
3. Verify the copy: `ls ~/autarch/` and `du -sh ~/autarch/`
4. Switch working directory to `~/autarch`
5. `git init` in the new directory for version control going forward
**Files:** No code changes. Pure copy operation.
---
## Phase 1: UPnP Manager Integration
**What:** Integrate UPnP port forwarding management into AUTARCH with a config-driven approach and cron job management.
**New files:**
- `core/upnp.py` -- UPnP manager class wrapping `upnpc` (miniupnpc CLI)
- `modules/upnp_manager.py` -- CLI menu module (CATEGORY: defense)
**Changes to existing files:**
- `core/config.py` -- Add `[upnp]` config section with port mappings, internal IP, refresh interval
- `core/menu.py` -- No changes needed (module auto-discovered)
**`core/upnp.py` design:**
```python
class UPnPManager:
def list_mappings() # upnpc -l
def add_mapping(internal_ip, internal_port, external_port, protocol, description)
def remove_mapping(external_port, protocol)
def refresh_all() # Re-add all configured mappings
def get_external_ip() # upnpc -e
def install_cron(interval_hours) # Write crontab entry
def uninstall_cron() # Remove crontab entry
def get_cron_status() # Check if cron is active
def load_mappings_from_config()
def save_mappings_to_config()
```
**Config section:**
```ini
[upnp]
enabled = true
internal_ip = 10.0.0.26
refresh_hours = 12
mappings = 443:TCP,51820:UDP,8080:TCP
```
**CLI module menu:**
```
UPnP Port Manager
[1] Show Current Mappings
[2] Add Port Mapping
[3] Remove Port Mapping
[4] Refresh All Mappings
[5] Show External IP
[6] Cron Job Settings (currently: every 12h / not installed)
[7] Edit Internal IP
[0] Back
```
**Cron management:** Uses `subprocess` to read/write crontab via `crontab -l` and `crontab -` pipe. Adds entry like:
```
0 */12 * * * /usr/bin/python3 /home/snake/autarch/autarch.py --upnp-refresh > /dev/null 2>&1
```
**Also add to autarch.py:** `--upnp-refresh` CLI flag that calls `UPnPManager.refresh_all()` and exits (for cron use).
---
## Phase 2: Web UI Dashboard (Flask)
**What:** Add a Flask-based web dashboard running alongside the CLI. Reuse patterns from wg_setec (dark theme, session auth, template inheritance).
**New directory structure:**
```
~/autarch/
├── web/
│ ├── __init__.py
│ ├── app.py # Flask app factory
│ ├── auth.py # Login/session auth (from wg_setec pattern)
│ ├── routes/
│ │ ├── __init__.py
│ │ ├── dashboard.py # Main dashboard
│ │ ├── defense.py # Defense tools page
│ │ ├── offense.py # Offense tools page
│ │ ├── counter.py # Counter-intel page
│ │ ├── analyze.py # Analysis page
│ │ ├── osint.py # OSINT search engine
│ │ ├── simulate.py # Simulation page
│ │ ├── settings.py # Settings management
│ │ ├── upnp.py # UPnP management page
│ │ └── wireshark.py # Wireshark page (Phase 4)
│ ├── templates/
│ │ ├── base.html # Master template (dark theme, sidebar nav)
│ │ ├── login.html
│ │ ├── dashboard.html # Overview with status cards
│ │ ├── defense.html
│ │ ├── offense.html
│ │ ├── counter.html
│ │ ├── analyze.html
│ │ ├── osint.html # Advanced search UI
│ │ ├── simulate.html
│ │ ├── settings.html
│ │ ├── upnp.html
│ │ └── wireshark.html
│ └── static/
│ ├── css/style.css # Dark theme (reuse wg_setec CSS variables)
│ └── js/app.js # Vanilla JS for interactions
```
**Dashboard landing page shows:**
- System status cards (LLM loaded, MSF connected, UPnP active, services running)
- Quick action buttons for each category
- Recent activity/scan results
- Server info (hostname, IP, uptime)
**Each category page provides:**
- Module listing with descriptions
- Quick-launch buttons that trigger module functions via API
- Results display area
- Settings specific to that category
**Flask app startup:**
- Add `--web` flag to `autarch.py` to start web server
- Add `--web-port PORT` (default 8080)
- Web server runs in background thread or separate process
- Can run CLI and web simultaneously
**Authentication:**
- Session-based with bcrypt (same as wg_setec)
- Default admin/admin, forced password change on first login
- Config section `[web]` for port, host, secret_key
**Key reusable patterns from wg_setec:**
- CSS variables dark theme (`/home/snake/wg_setec/static/css/style.css`)
- Template inheritance (`/home/snake/wg_setec/templates/base.html`)
- Auth decorator (`/home/snake/wg_setec/auth.py`)
- Flash messages, status dots, data tables
---
## Phase 3: OSINT Search Engine (Web)
**What:** Build an advanced OSINT search interface in the web UI that surpasses the CLI capabilities.
**Route:** `web/routes/osint.py`
**Template:** `web/templates/osint.html`
**Search interface features:**
- Search box with type selector (username / email / phone / domain / IP)
- Category multi-select checkboxes (filter site categories)
- NSFW toggle
- Scan depth selector (Quick 100 / Standard 500 / Full 7000+)
- Advanced options panel:
- Thread count slider
- Timeout setting
- User-agent selection
- Proxy support field
- Export format (JSON/HTML/CSV)
**Real-time results (Server-Sent Events):**
- `GET /osint/search/stream?username=X&...` -- SSE endpoint
- Progressive results as sites are checked
- Live progress bar (sites checked / total)
- Results appear in cards grouped by status (good/maybe/bad)
- Filter/sort results client-side
**Results display:**
- Card layout per found profile: site name, URL (clickable), confidence %, category badge
- Expandable detail: detection method, page title, response info
- Bulk actions: save to dossier, export, open all in new tabs
- Summary statistics bar chart
**Backend integration:**
- Reuses existing `modules/recon.py` scanning functions
- Reuses `core/sites_db.py` for site queries
- New `web/tasks.py` for async scan management (threading, not Celery -- keep it simple)
**Dossier management page:**
- List existing dossiers
- Create new dossier
- Link search results to dossier
- View/edit dossier details
- Export dossier as report
---
## Phase 4: Wireshark Module (tshark + pyshark)
**What:** Add packet capture and analysis capabilities using tshark CLI and pyshark Python library.
**New files:**
- `core/wireshark.py` -- tshark/pyshark wrapper class
- `modules/wireshark.py` -- CLI menu module (CATEGORY: analyze)
- `web/routes/wireshark.py` -- Web dashboard page
**`core/wireshark.py` design:**
```python
class WiresharkManager:
def list_interfaces() # tshark -D
def start_capture(interface, filter, duration, output_file)
def stop_capture()
def get_capture_stats()
def read_pcap(filepath) # pyshark FileCapture
def live_capture(interface, filter, callback) # pyshark LiveCapture
def get_protocol_hierarchy() # Protocol distribution
def extract_conversations() # IP conversations
def extract_dns_queries() # DNS analysis
def extract_http_requests() # HTTP analysis
def extract_credentials() # Plain-text credential detection
def apply_display_filter(capture, filter_string)
def export_packets(capture, format) # JSON/CSV export
```
**CLI module menu:**
```
Wireshark / Packet Analysis
[1] List Interfaces
[2] Start Live Capture
[3] Open PCAP File
[4] Protocol Analysis
[5] Conversation Analysis
[6] DNS Query Analysis
[7] HTTP Traffic Analysis
[8] Credential Detection
[9] Export Results
[0] Back
```
**Web UI features:**
- Interface selector dropdown
- Capture filter input (BPF syntax)
- Start/stop capture buttons
- Live packet stream (SSE)
- Protocol distribution pie chart
- Conversation table
- Packet detail view (expandable tree)
- PCAP file upload and analysis
**Dependencies:** `pyshark`, system `tshark` (part of Wireshark package)
---
## Phase 5: Path Portability & Windows Support
**What:** Make all paths relative/configurable, remove hardcoded paths, add Windows compatibility.
**Key changes:**
1. **Path resolution system** (`core/paths.py`):
```python
import platform, os
from pathlib import Path
def get_app_dir():
"""Returns the application root directory"""
return Path(__file__).parent.parent
def get_data_dir():
return get_app_dir() / 'data'
def get_config_path():
return get_app_dir() / 'autarch_settings.conf'
def get_results_dir():
return get_app_dir() / 'results'
def is_windows():
return platform.system() == 'Windows'
def get_platform():
return platform.system().lower() # 'linux', 'windows', 'darwin'
```
2. **Audit all files for hardcoded paths:**
- `core/config.py` -- WG paths, model paths
- `core/msf.py` -- msfrpcd path
- `core/upnp.py` -- upnpc path
- `modules/*.py` -- any `/home/snake/` references
- Replace all with `paths.get_*()` calls or config-driven paths
3. **Platform-specific tool detection:**
- Check for `tshark`, `nmap`, `upnpc`, `wg`, `msfrpcd` availability
- Graceful degradation when tools missing (disable features, show install instructions)
- Windows: use `where` instead of `which`
4. **Cross-platform subprocess calls:**
- Use `shutil.which()` for tool discovery
- Use `pathlib.Path` everywhere instead of string concatenation
- Handle Windows vs Unix shell differences
5. **Windows-specific considerations:**
- `nmap` available on Windows (nmap.org installer)
- `tshark` available on Windows (Wireshark installer)
- `upnpc` available on Windows (miniupnpc builds)
- Metasploit available via WSL or native Windows build
- WireGuard available on Windows
- No `sudo` -- use `ctypes.windll.shell32.IsUserAnAdmin()` check
---
## Phase 6: Docker Packaging
**What:** Create Docker configuration for portable deployment with all dependencies bundled.
**New files:**
```
~/autarch/
├── Dockerfile
├── docker-compose.yml
├── .dockerignore
└── scripts/
├── entrypoint.sh # Container startup script
└── install-tools.sh # Install nmap, tshark, upnpc, etc.
```
**Dockerfile approach:**
- Base: `python:3.11-slim`
- Install system tools: `nmap`, `tshark`, `miniupnpc`, `wireguard-tools`
- Install Python deps from `requirements.txt`
- Copy application code
- Expose ports: 8080 (web UI), 55553 (MSF RPC passthrough)
- Volume mounts: `/data` (persistent), `/models` (LLM models)
- Entrypoint: can start CLI, web, or both
**docker-compose.yml:**
```yaml
services:
autarch:
build: .
ports:
- "8080:8080"
volumes:
- ./data:/app/data
- ./models:/app/models
- ./results:/app/results
environment:
- AUTARCH_MODE=web # or 'cli' or 'both'
network_mode: host # Needed for network scanning tools
```
**requirements.txt** (consolidated):
```
flask
bcrypt
pyshark
qrcode
Pillow
requests
llama-cpp-python # optional
transformers # optional
torch # optional
anthropic # optional
msgpack
```
---
## Execution Order
| Step | Phase | Effort | Description |
|------|-------|--------|-------------|
| 1 | Phase 0 | 5 min | Backup & create ~/autarch |
| 2 | Phase 1 | 1 session | UPnP manager + cron job management |
| 3 | Phase 2 | 2-3 sessions | Flask web dashboard skeleton + all pages |
| 4 | Phase 3 | 1-2 sessions | OSINT search engine with SSE streaming |
| 5 | Phase 4 | 1-2 sessions | Wireshark/tshark integration |
| 6 | Phase 5 | 1-2 sessions | Path portability + Windows support |
| 7 | Phase 6 | 1 session | Docker packaging |
**Each phase is self-contained and testable before moving to the next.**
---
## Verification Plan
After each phase:
1. **Phase 0:** `ls ~/autarch/` matches expected structure, `python3 ~/autarch/autarch.py --help` works
2. **Phase 1:** UPnP menu accessible, `upnpc -l` shows mappings, cron installs/uninstalls correctly
3. **Phase 2:** `python3 autarch.py --web` starts Flask on :8080, login works, all pages render, CLI still works independently
4. **Phase 3:** OSINT search returns results in web UI, SSE streaming shows live progress, results match CLI output
5. **Phase 4:** `tshark -D` lists interfaces from web UI, capture start/stop works, PCAP analysis shows results
6. **Phase 5:** No hardcoded paths remain (`grep -r '/home/snake' .` returns nothing), app runs from any directory
7. **Phase 6:** `docker-compose up` starts the app, web UI accessible, tools available inside container
---
## Critical Files Reference
| Existing File | Role | Reuse For |
|---|---|---|
| `/home/snake/wg_setec/static/css/style.css` | Dark theme CSS | Web UI base theme |
| `/home/snake/wg_setec/templates/base.html` | Template inheritance | Web UI base template |
| `/home/snake/wg_setec/auth.py` | bcrypt session auth | Web UI authentication |
| `/home/snake/wg_setec/upnp-renew.sh` | UPnP port script | Reference for port mappings |
| `core/config.py` | Config handler | Add [upnp], [web] sections |
| `core/sites_db.py` | Sites DB (7200+ sites) | OSINT search backend |
| `modules/recon.py` | OSINT scanner (2193 lines) | OSINT search engine backend |
| `core/menu.py` | Module discovery | Auto-discover new modules |
| `autarch.py` | Entry point | Add --web, --upnp-refresh flags |
Reference in New Issue Copy Permalink