sssnake/vigil
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.3.0: Fix daemon, in-module WebUI only, remove standalone server

Browse Source 
Daemon fixes:
- Fixed MODDIR detection (removed readlink -f, use directory probe)
- Removed all 'local' keyword usage (Android sh compatibility)
- Removed duplicate network blocklist install
- Removed reference to deleted webui.sh
- Default log level now INFO (was WARN, hiding startup messages)

WebUI:
- Removed standalone webui.sh HTTP server
- WebUI is now in-module only (webroot/index.html via KernelSU manager)
- Uses ksu.exec() API — no server process needed
- Tap module card in KernelSU to open dashboard

Cleanup:
- Removed stealth.sh
- Removed WEBUI_ENABLED/WEBUI_PORT config (not needed for in-module)
- Removed webui CLI command
- Bumped to v0.3.0
This commit is contained in:
sssnake
2026-03-31 21:56:05 -07:00
parent 65966eb952
commit ce86ecd494
7 changed files with 136 additions and 464 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
module.prop
View File

@@ -1,7 +1,7 @@
id=vigil id=vigil
name=Vigil — Anti-Surveillance Shield name=Vigil — Anti-Surveillance Shield
version=v0.2.0 version=v0.3.0
versionCode=2 versionCode=3
author=Setec Labs author=Setec Labs
description=Anti-surveillance, anti-stalkerware, and anti-forensic protection for journalists, activists, and at-risk users. Detects Pegasus, stalkerware, IMSI catchers, silent SMS, forensic extraction tools, and more. description=Anti-surveillance, anti-stalkerware, and anti-forensic protection for journalists, activists, and at-risk users. Detects Pegasus, stalkerware, IMSI catchers, silent SMS, forensic extraction tools, and more.
updateJson= updateJson=

12
vigil/bin/vigil
View File

@@ -3,7 +3,7 @@
# Command-line interface for managing Vigil protection # Command-line interface for managing Vigil protection
# (c) Setec Labs # (c) Setec Labs
VERSION="0.1.0" VERSION="0.3.0"
MODDIR="" MODDIR=""
VIGIL_DATA="/data/adb/vigil" VIGIL_DATA="/data/adb/vigil"
@@ -227,11 +227,7 @@ cmd_deep_scan() {
"$VIGIL_LIB/deep_scan.sh" deep "$VIGIL_LIB/deep_scan.sh" deep
} }
cmd_webui() {
check_module
echo "Starting Vigil WebUI on http://localhost:${WEBUI_PORT:-8088}"
"$VIGIL_LIB/webui.sh" serve
}
cmd_harden() { cmd_harden() {
check_module check_module
@@ -304,9 +300,6 @@ cmd_help() {
echo " duress [setup|status]" echo " duress [setup|status]"
echo " Duress/panic trigger configuration" echo " Duress/panic trigger configuration"
echo "" echo ""
echo "${BOLD}Dashboard${NC}"
echo " webui Start WebUI dashboard (localhost:8088)"
echo ""
echo "${BOLD}Maintenance${NC}" echo "${BOLD}Maintenance${NC}"
echo " update-ioc Update threat indicator database" echo " update-ioc Update threat indicator database"
echo " version Show version" echo " version Show version"
@@ -337,7 +330,6 @@ case "$1" in
app) shift; cmd_app_honeypot "$@" ;; app) shift; cmd_app_honeypot "$@" ;;
network) shift; cmd_network "$@" ;; network) shift; cmd_network "$@" ;;
duress) shift; cmd_duress "$@" ;; duress) shift; cmd_duress "$@" ;;
webui) cmd_webui ;;
log) shift; cmd_log "$@" ;; log) shift; cmd_log "$@" ;;
version) echo "Vigil v${VERSION}" ;; version) echo "Vigil v${VERSION}" ;;
help|--help|-h|"") cmd_help ;; help|--help|-h|"") cmd_help ;;

122
vigil/bin/vigild
View File

@@ -3,22 +3,31 @@
# Main daemon that orchestrates all protection modules # Main daemon that orchestrates all protection modules
# (c) Setec Labs # (c) Setec Labs
MODDIR=$(dirname $(dirname $(dirname $(readlink -f "$0")))) # Find module directory reliably
MODDIR=""
for d in /data/adb/modules/vigil /data/adb/modules_update/vigil; do
[ -d "$d/vigil/lib" ] && MODDIR="$d" && break
done
if [ -z "$MODDIR" ]; then
echo "ERROR: Vigil module directory not found"
exit 1
fi
VIGIL_DATA="/data/adb/vigil" VIGIL_DATA="/data/adb/vigil"
VIGIL_LIB="$MODDIR/vigil/lib" VIGIL_LIB="$MODDIR/vigil/lib"
VIGIL_LOG="$VIGIL_DATA/vigil.log" VIGIL_LOG="$VIGIL_DATA/vigil.log"
VIGIL_PID="$VIGIL_DATA/vigild.pid" VIGIL_PID="$VIGIL_DATA/vigild.pid"
# Ensure dirs exist # Ensure dirs exist
mkdir -p "$VIGIL_DATA/alerts" "$VIGIL_DATA/baseline" mkdir -p "$VIGIL_DATA/alerts" "$VIGIL_DATA/baseline" "$VIGIL_DATA/reports" "$VIGIL_DATA/quarantine"
# Load config # Load config
[ -f "$VIGIL_DATA/vigil.conf" ] && . "$VIGIL_DATA/vigil.conf" [ -f "$VIGIL_DATA/vigil.conf" ] && . "$VIGIL_DATA/vigil.conf"
log() { log() {
local level="$1" level="$1"
local msg="$2" msg="$2"
local min_level="${VIGIL_LOG_LEVEL:-2}" min_level="${VIGIL_LOG_LEVEL:-3}"
case "$level" in case "$level" in
ERROR) lvl=1 ;; ERROR) lvl=1 ;;
@@ -33,10 +42,10 @@ log() {
} }
rotate_log() { rotate_log() {
local max_size="${VIGIL_LOG_MAX_SIZE:-1048576}" max_size="${VIGIL_LOG_MAX_SIZE:-1048576}"
if [ -f "$VIGIL_LOG" ]; then if [ -f "$VIGIL_LOG" ]; then
local size=$(stat -c '%s' "$VIGIL_LOG" 2>/dev/null || echo 0) size=$(stat -c '%s' "$VIGIL_LOG" 2>/dev/null || wc -c < "$VIGIL_LOG" 2>/dev/null || echo 0)
if [ "$size" -gt "$max_size" ]; then if [ "$size" -gt "$max_size" ] 2>/dev/null; then
mv "$VIGIL_LOG" "$VIGIL_LOG.1" mv "$VIGIL_LOG" "$VIGIL_LOG.1"
log INFO "Log rotated" log INFO "Log rotated"
fi fi
@@ -44,37 +53,17 @@ rotate_log() {
} }
process_alerts() { process_alerts() {
local alert_file="$VIGIL_DATA/alerts/pending" alert_file="$VIGIL_DATA/alerts/pending"
if [ -f "$alert_file" ] && [ -s "$alert_file" ]; then if [ -f "$alert_file" ] && [ -s "$alert_file" ]; then
local count=$(wc -l < "$alert_file") count=$(wc -l < "$alert_file")
log WARN "Processing $count pending alerts" log WARN "Processing $count pending alerts"
# Archive alerts
cat "$alert_file" >> "$VIGIL_DATA/alerts/history" cat "$alert_file" >> "$VIGIL_DATA/alerts/history"
# If backend configured, report alerts
if [ -n "$VIGIL_BACKEND_URL" ]; then
# POST alerts to backend server
local payload=$(cat "$alert_file" | while IFS='|' read -r sev ts mod msg; do
echo "{\"severity\":\"$sev\",\"timestamp\":$ts,\"module\":\"$mod\",\"message\":\"$msg\"}"
done | paste -sd',' -)
curl -s -X POST \
-H "Content-Type: application/json" \
-H "X-Vigil-Device: ${VIGIL_DEVICE_ID:-unknown}" \
-d "{\"alerts\":[$payload]}" \
"$VIGIL_BACKEND_URL/api/alerts" \
>> "$VIGIL_LOG" 2>&1 &
fi
# Clear pending
> "$alert_file" > "$alert_file"
fi fi
} }
generate_device_id() { generate_device_id() {
if [ -z "$VIGIL_DEVICE_ID" ] || [ "$VIGIL_DEVICE_ID" = "" ]; then if [ -z "$VIGIL_DEVICE_ID" ] || [ "$VIGIL_DEVICE_ID" = "" ]; then
# Generate a pseudorandom device ID (not fingerprinting — just for backend comms)
VIGIL_DEVICE_ID=$(cat /proc/sys/kernel/random/uuid 2>/dev/null | cut -d'-' -f1-2) VIGIL_DEVICE_ID=$(cat /proc/sys/kernel/random/uuid 2>/dev/null | cut -d'-' -f1-2)
if [ -n "$VIGIL_DEVICE_ID" ]; then if [ -n "$VIGIL_DEVICE_ID" ]; then
sed -i "s/^VIGIL_DEVICE_ID=.*/VIGIL_DEVICE_ID=\"$VIGIL_DEVICE_ID\"/" "$VIGIL_DATA/vigil.conf" 2>/dev/null sed -i "s/^VIGIL_DEVICE_ID=.*/VIGIL_DEVICE_ID=\"$VIGIL_DEVICE_ID\"/" "$VIGIL_DATA/vigil.conf" 2>/dev/null
@@ -82,10 +71,8 @@ generate_device_id() {
fi fi
} }
# ── SIGNAL HANDLERS ──
cleanup() { cleanup() {
log INFO "vigild shutting down (PID: $$)" log INFO "vigild shutting down (PID: $$)"
# Stop background monitors
kill $(jobs -p) 2>/dev/null kill $(jobs -p) 2>/dev/null
rm -f "$VIGIL_PID" rm -f "$VIGIL_PID"
exit 0 exit 0
@@ -94,144 +81,125 @@ cleanup() {
trap cleanup TERM INT QUIT trap cleanup TERM INT QUIT
# ── MAIN ── # ── MAIN ──
main() {
echo $$ > "$VIGIL_PID" echo $$ > "$VIGIL_PID"
log INFO "════════════════════════════════════════" log INFO "════════════════════════════════════════"
log INFO "vigild starting (PID: $$)" log INFO "vigild starting (PID: $$)"
log INFO "Module: $MODDIR" log INFO "Module: $MODDIR"
log INFO "Data: $VIGIL_DATA" log INFO "Data: $VIGIL_DATA"
log INFO "Lib: $VIGIL_LIB"
log INFO "════════════════════════════════════════" log INFO "════════════════════════════════════════"
generate_device_id generate_device_id
# ── Start background monitors ── # ── Start background monitors ──
# 1. Forensic Shield (continuous USB/process monitoring) # 1. Forensic Shield
if [ "${FORENSIC_SHIELD_ENABLED:-1}" = "1" ]; then if [ "${FORENSIC_SHIELD_ENABLED:-1}" = "1" ]; then
log INFO "Starting Forensic Shield monitor..." log INFO "Starting Forensic Shield monitor..."
"$VIGIL_LIB/forensic_shield.sh" monitor >> "$VIGIL_LOG" 2>&1 & "$VIGIL_LIB/forensic_shield.sh" monitor >> "$VIGIL_LOG" 2>&1 &
log INFO "Forensic Shield PID: $!" log INFO "Forensic Shield PID: $!"
fi fi
# 2. SMS Shield (continuous logcat monitoring + silent install blocking) # 2. SMS Shield
if [ "${SMS_SHIELD_ENABLED:-1}" = "1" ] && [ "${SMS_SILENT_DETECT:-1}" = "1" ]; then if [ "${SMS_SHIELD_ENABLED:-1}" = "1" ] && [ "${SMS_SILENT_DETECT:-1}" = "1" ]; then
log INFO "Starting SMS Shield monitor..." log INFO "Starting SMS Shield monitor..."
"$VIGIL_LIB/sms_shield.sh" monitor >> "$VIGIL_LOG" 2>&1 & "$VIGIL_LIB/sms_shield.sh" monitor >> "$VIGIL_LOG" 2>&1 &
log INFO "SMS Shield PID: $!" log INFO "SMS Shield PID: $!"
fi fi
# 2b. Silent install blocker (global package install monitor) # 3. Silent install blocker
if [ "${SMS_BLOCK_SILENT_INSTALL:-1}" = "1" ]; then if [ "${SMS_BLOCK_SILENT_INSTALL:-1}" = "1" ]; then
log INFO "Starting silent install blocker..." log INFO "Starting silent install blocker..."
"$VIGIL_LIB/sms_shield.sh" monitor-installs >> "$VIGIL_LOG" 2>&1 & "$VIGIL_LIB/sms_shield.sh" monitor-installs >> "$VIGIL_LOG" 2>&1 &
log INFO "Install Blocker PID: $!" log INFO "Install Blocker PID: $!"
fi fi
# 3. Network Monitor (continuous connection watching) # 4. Network Monitor
if [ "${NETWORK_MONITOR_ENABLED:-1}" = "1" ] && [ "${NETWORK_LOG_SUSPICIOUS:-1}" = "1" ]; then if [ "${NETWORK_MONITOR_ENABLED:-1}" = "1" ] && [ "${NETWORK_LOG_SUSPICIOUS:-1}" = "1" ]; then
log INFO "Starting Network monitor..." log INFO "Starting Network monitor..."
"$VIGIL_LIB/network_monitor.sh" monitor >> "$VIGIL_LOG" 2>&1 & "$VIGIL_LIB/network_monitor.sh" monitor >> "$VIGIL_LOG" 2>&1 &
log INFO "Network Monitor PID: $!" log INFO "Network Monitor PID: $!"
fi fi
# 4. Install network blocklists # 5. Install network blocklists
if [ "${NETWORK_BLOCK_C2:-1}" = "1" ] || [ "${NETWORK_BLOCK_TRACKERS:-1}" = "1" ]; then if [ "${NETWORK_BLOCK_C2:-1}" = "1" ] || [ "${NETWORK_BLOCK_TRACKERS:-1}" = "1" ]; then
log INFO "Installing network blocklists..." log INFO "Installing network blocklists..."
"$VIGIL_LIB/network_monitor.sh" install >> "$VIGIL_LOG" 2>&1 "$VIGIL_LIB/network_monitor.sh" install >> "$VIGIL_LOG" 2>&1
fi fi
# 5. Deep scan background monitor (low-priority forensic analysis) # 6. Deep scan background
if [ "${DEEP_SCAN_BACKGROUND:-1}" = "1" ]; then if [ "${DEEP_SCAN_BACKGROUND:-1}" = "1" ]; then
log INFO "Starting deep scan background monitor..." log INFO "Starting deep scan background monitor..."
"$VIGIL_LIB/deep_scan.sh" background >> "$VIGIL_LOG" 2>&1 & "$VIGIL_LIB/deep_scan.sh" background >> "$VIGIL_LOG" 2>&1 &
log INFO "Deep Scan Background PID: $!" log INFO "Deep Scan PID: $!"
fi fi
# 6. SMS Honeypot (fake location on silent SMS) # 7. SMS Honeypot
if [ "${SMS_FAKE_RESPONSE:-0}" = "1" ]; then if [ "${SMS_FAKE_RESPONSE:-0}" = "1" ]; then
log INFO "Starting SMS Honeypot monitor..." log INFO "Starting SMS Honeypot monitor..."
"$VIGIL_LIB/sms_honeypot.sh" monitor >> "$VIGIL_LOG" 2>&1 & "$VIGIL_LIB/sms_honeypot.sh" monitor >> "$VIGIL_LOG" 2>&1 &
log INFO "SMS Honeypot PID: $!" log INFO "SMS Honeypot PID: $!"
fi fi
# 7. Duress trigger monitors (power button + PIN) # 8. Duress triggers
if [ "${DURESS_ENABLED:-0}" = "1" ]; then if [ "${DURESS_ENABLED:-0}" = "1" ]; then
log INFO "Starting Duress monitors..." log INFO "Starting Duress monitors..."
"$VIGIL_LIB/duress.sh" monitor >> "$VIGIL_LOG" 2>&1 & "$VIGIL_LIB/duress.sh" monitor >> "$VIGIL_LOG" 2>&1 &
log INFO "Duress Monitor PID: $!" log INFO "Duress Monitor PID: $!"
fi fi
# 8. Apply anti-forensics hardening on boot # 9. Anti-forensics hardening
if [ "${ANTIFORENSICS_ENABLED:-1}" = "1" ]; then if [ "${ANTIFORENSICS_ENABLED:-1}" = "1" ]; then
log INFO "Applying anti-forensics hardening..." log INFO "Applying anti-forensics hardening..."
"$VIGIL_LIB/antiforensics.sh" harden >> "$VIGIL_LOG" 2>&1 "$VIGIL_LIB/antiforensics.sh" harden >> "$VIGIL_LOG" 2>&1
fi fi
# 9. WebUI dashboard # 10. Initial quick scan
if [ "${WEBUI_ENABLED:-1}" = "1" ]; then
log INFO "Starting WebUI on port ${WEBUI_PORT:-8088}..."
"$VIGIL_LIB/webui.sh" serve >> "$VIGIL_LOG" 2>&1 &
log INFO "WebUI PID: $!"
fi
# 10. Install network blocklists
if [ "${NETWORK_BLOCK_C2:-1}" = "1" ] || [ "${NETWORK_BLOCK_TRACKERS:-1}" = "1" ]; then
log INFO "Installing network blocklists..."
"$VIGIL_LIB/network_monitor.sh" install >> "$VIGIL_LOG" 2>&1
fi
# 10. Run initial quick scan
log INFO "Running initial quick scan..." log INFO "Running initial quick scan..."
"$VIGIL_LIB/scanner.sh" quick >> "$VIGIL_LOG" 2>&1 "$VIGIL_LIB/scanner.sh" quick >> "$VIGIL_LOG" 2>&1
# ── Main loop ── # ── Main loop ──
local last_scan=$(date +%s) last_scan=$(date +%s)
local last_integrity=$(date +%s) last_integrity=$(date +%s)
local last_ioc_update=$(date +%s) last_ioc_update=$(date +%s)
local scan_interval="${SCANNER_INTERVAL:-3600}" scan_interval="${SCANNER_INTERVAL:-3600}"
local integrity_interval="${FROSTGUARD_INTERVAL:-1800}" integrity_interval="${FROSTGUARD_INTERVAL:-1800}"
local ioc_update_interval="${IOC_UPDATE_INTERVAL:-86400}" ioc_update_interval="${IOC_UPDATE_INTERVAL:-86400}"
log INFO "Entering main loop (scan: ${scan_interval}s, integrity: ${integrity_interval}s, ioc: ${ioc_update_interval}s)" log INFO "Main loop started (scan:${scan_interval}s integrity:${integrity_interval}s ioc:${ioc_update_interval}s)"
while true; do while true; do
local now=$(date +%s) now=$(date +%s)
# Periodic threat scan # Periodic threat scan
if [ $((now - last_scan)) -ge "$scan_interval" ]; then if [ $((now - last_scan)) -ge "$scan_interval" ]; then
log INFO "Running scheduled threat scan..." log INFO "Scheduled threat scan..."
"$VIGIL_LIB/scanner.sh" quick >> "$VIGIL_LOG" 2>&1 "$VIGIL_LIB/scanner.sh" quick >> "$VIGIL_LOG" 2>&1
last_scan=$now last_scan=$now
fi fi
# Periodic integrity check # Periodic integrity check
if [ "${FROSTGUARD_ENABLED:-1}" = "1" ] && [ $((now - last_integrity)) -ge "$integrity_interval" ]; then if [ "${FROSTGUARD_ENABLED:-1}" = "1" ] && [ $((now - last_integrity)) -ge "$integrity_interval" ]; then
log INFO "Running scheduled integrity check..." log INFO "Scheduled integrity check..."
"$VIGIL_LIB/integrity.sh" verify >> "$VIGIL_LOG" 2>&1 "$VIGIL_LIB/integrity.sh" verify >> "$VIGIL_LOG" 2>&1
last_integrity=$now last_integrity=$now
fi fi
# Periodic IOC auto-update # Periodic IOC update
if [ $((now - last_ioc_update)) -ge "$ioc_update_interval" ]; then if [ $((now - last_ioc_update)) -ge "$ioc_update_interval" ]; then
log INFO "Checking for IOC updates..." log INFO "Checking IOC updates..."
"$VIGIL_LIB/ioc_updater.sh" auto >> "$VIGIL_LOG" 2>&1 "$VIGIL_LIB/ioc_updater.sh" auto >> "$VIGIL_LOG" 2>&1
last_ioc_update=$now last_ioc_update=$now
fi fi
# Process any pending alerts
process_alerts process_alerts
# Rotate log if needed
rotate_log rotate_log
# Check if we're still supposed to be running # Check we're still the running instance
if [ ! -f "$VIGIL_PID" ] || [ "$(cat "$VIGIL_PID" 2>/dev/null)" != "$$" ]; then if [ ! -f "$VIGIL_PID" ] || [ "$(cat "$VIGIL_PID" 2>/dev/null)" != "$$" ]; then
log WARN "PID file mismatch — another instance may be running. Exiting." log WARN "PID mismatch — exiting"
cleanup cleanup
fi fi
sleep 60 sleep 60
done done
}
main

4
vigil/config/vigil.conf
View File

@@ -86,7 +86,3 @@ APP_HONEYPOT_AUTO=0 # Auto-honeypot detected threats (0=manual)
IOC_UPDATE_INTERVAL=86400 # Seconds between auto-updates (86400=24hr) IOC_UPDATE_INTERVAL=86400 # Seconds between auto-updates (86400=24hr)
VIGIL_API_KEY="" # Autarch API key for backend updates VIGIL_API_KEY="" # Autarch API key for backend updates
VIGIL_BACKEND_URL="" # Autarch backend URL VIGIL_BACKEND_URL="" # Autarch backend URL
# ── WebUI Dashboard ─────────────────────────────────
WEBUI_ENABLED=1 # Start WebUI on boot
WEBUI_PORT=8088 # Port for local dashboard

284
vigil/lib/webui.sh
View File

@@ -1,284 +0,0 @@
#!/system/bin/sh
# Vigil — WebUI Server
# Serves a local web dashboard for settings, status, alerts, and scan control
# (c) Setec Labs
#
# Runs on localhost:8088 (configurable)
# Uses busybox httpd with CGI, or falls back to nc-based server
VIGIL_DATA="/data/adb/vigil"
VIGIL_LOG="$VIGIL_DATA/vigil.log"
WEBUI_PORT="${WEBUI_PORT:-8088}"
WEBUI_DIR=""
VIGIL_LIB="$(dirname "$0")"
# Find the webroot
for d in /data/adb/modules/vigil/vigil/webroot "$VIGIL_LIB/../webroot"; do
[ -d "$d" ] && WEBUI_DIR="$d" && break
done
[ -f "$VIGIL_DATA/vigil.conf" ] && . "$VIGIL_DATA/vigil.conf"
log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [webui] $1" >> "$VIGIL_LOG"
}
# ── CGI API HANDLER ──
# Processes API requests and returns JSON
handle_api() {
local endpoint="$1"
local method="$2"
echo "HTTP/1.1 200 OK"
echo "Content-Type: application/json"
echo "Access-Control-Allow-Origin: *"
echo "Connection: close"
echo ""
case "$endpoint" in
/api/status)
local daemon_status="stopped"
local daemon_pid=""
if [ -f "$VIGIL_DATA/vigild.pid" ]; then
daemon_pid=$(cat "$VIGIL_DATA/vigild.pid")
kill -0 "$daemon_pid" 2>/dev/null && daemon_status="running"
fi
local lockdown=$([ -f "$VIGIL_DATA/.lockdown" ] && echo "true" || echo "false")
cat <<ENDJSON
{
"daemon": "$daemon_status",
"pid": "$daemon_pid",
"lockdown": $lockdown,
"version": "0.2.0",
"modules": {
"scanner": "${SCANNER_ENABLED:-1}",
"frostguard": "${FROSTGUARD_ENABLED:-1}",
"forensic_shield": "${FORENSIC_SHIELD_ENABLED:-1}",
"sms_shield": "${SMS_SHIELD_ENABLED:-1}",
"network_monitor": "${NETWORK_MONITOR_ENABLED:-1}",
"key_wiper": "${KEYWIPER_ENABLED:-1}",
"deep_scan": "${DEEP_SCAN_BACKGROUND:-1}",
"antiforensics": "${ANTIFORENSICS_ENABLED:-1}",
"duress": "${DURESS_ENABLED:-0}",
"sms_honeypot": "${SMS_FAKE_RESPONSE:-0}",
"app_honeypot": "${APP_HONEYPOT_AUTO:-0}",
"quarantine": "${QUARANTINE_ENABLED:-0}"
}
}
ENDJSON
;;
/api/alerts)
echo "["
if [ -f "$VIGIL_DATA/alerts/history" ]; then
local first=1
tail -50 "$VIGIL_DATA/alerts/history" | while IFS='|' read -r sev ts mod msg; do
[ $first -eq 0 ] && echo ","
first=0
# Escape quotes in message
msg=$(echo "$msg" | sed 's/"/\\"/g')
echo " {\"severity\":\"$sev\",\"timestamp\":$ts,\"module\":\"$mod\",\"message\":\"$msg\"}"
done
fi
echo "]"
;;
/api/ioc-stats)
echo "{"
local first=1
for f in packages.txt certificates.txt domains.txt ips.txt hashes.txt cellebrite_hashes.txt hosts.txt; do
[ $first -eq 0 ] && echo ","
first=0
local name=$(echo "$f" | sed 's/\.txt//')
local count=0
[ -f "$VIGIL_DATA/$f" ] && count=$(wc -l < "$VIGIL_DATA/$f")
echo " \"$name\": $count"
done
echo "}"
;;
/api/config)
if [ "$method" = "POST" ]; then
# Read POST body from stdin
read -r body
# Parse key=value pairs and update config
echo "$body" | tr '&' '\n' | while IFS='=' read -r key val; do
key=$(echo "$key" | tr -d ' ')
val=$(echo "$val" | tr -d ' ')
if grep -q "^${key}=" "$VIGIL_DATA/vigil.conf" 2>/dev/null; then
sed -i "s|^${key}=.*|${key}=${val}|" "$VIGIL_DATA/vigil.conf"
fi
done
echo "{\"status\":\"ok\"}"
else
# Return current config as JSON
echo "{"
local first=1
grep -v '^#' "$VIGIL_DATA/vigil.conf" 2>/dev/null | grep '=' | while IFS='=' read -r key val; do
key=$(echo "$key" | tr -d ' ')
val=$(echo "$val" | sed 's/^"//' | sed 's/"$//' | sed 's/#.*//' | tr -d ' ')
[ -z "$key" ] && continue
[ $first -eq 0 ] && echo ","
first=0
echo " \"$key\": \"$val\""
done
echo "}"
fi
;;
/api/scan)
echo "{\"status\":\"started\"}"
# Run scan in background
"$VIGIL_LIB/scanner.sh" quick >> "$VIGIL_LOG" 2>&1 &
;;
/api/deep-scan)
echo "{\"status\":\"started\"}"
"$VIGIL_LIB/deep_scan.sh" deep >> "$VIGIL_LOG" 2>&1 &
;;
/api/lockdown)
"$VIGIL_LIB/key_wiper.sh" lockdown >> "$VIGIL_LOG" 2>&1 &
echo "{\"status\":\"lockdown_initiated\"}"
;;
/api/harden)
"$VIGIL_LIB/antiforensics.sh" harden >> "$VIGIL_LOG" 2>&1 &
echo "{\"status\":\"hardening\"}"
;;
/api/sanitize)
"$VIGIL_LIB/antiforensics.sh" sanitize >> "$VIGIL_LOG" 2>&1 &
echo "{\"status\":\"sanitizing\"}"
;;
/api/update-ioc)
"$VIGIL_LIB/ioc_updater.sh" update >> "$VIGIL_LOG" 2>&1 &
echo "{\"status\":\"updating\"}"
;;
/api/log)
echo "["
if [ -f "$VIGIL_LOG" ]; then
local first=1
tail -100 "$VIGIL_LOG" | while read -r line; do
line=$(echo "$line" | sed 's/"/\\"/g')
[ $first -eq 0 ] && echo ","
first=0
echo " \"$line\""
done
fi
echo "]"
;;
/api/exec)
# Standalone mode: execute shell command (replaces ksu.exec)
echo "HTTP/1.1 200 OK"
echo "Content-Type: text/plain"
echo "Connection: close"
echo ""
if [ "$method" = "POST" ] && [ -n "$POST_BODY" ]; then
eval "$POST_BODY" 2>&1
fi
return
;;
*)
echo "{\"error\":\"unknown endpoint\"}"
;;
esac
}
# ── NC-BASED HTTP SERVER ──
# Simple HTTP server using netcat — no dependencies
cmd_serve() {
log "WebUI starting on port $WEBUI_PORT..."
echo "Vigil WebUI: http://localhost:$WEBUI_PORT"
while true; do
# Listen for a connection and handle it
{
# Read the HTTP request
local request=""
local method=""
local path=""
local content_length=0
while read -r line; do
line=$(echo "$line" | tr -d '\r')
[ -z "$line" ] && break
if [ -z "$request" ]; then
request="$line"
method=$(echo "$line" | awk '{print $1}')
path=$(echo "$line" | awk '{print $2}')
fi
if echo "$line" | grep -qi "Content-Length:"; then
content_length=$(echo "$line" | grep -oE '[0-9]+')
fi
done
# Read POST body if present
local POST_BODY=""
if [ "$method" = "POST" ] && [ "$content_length" -gt 0 ] 2>/dev/null; then
POST_BODY=$(dd bs=1 count="$content_length" 2>/dev/null)
fi
export POST_BODY
# Route the request
case "$path" in
/api/*)
handle_api "$path" "$method"
;;
/|/index.html)
echo "HTTP/1.1 200 OK"
echo "Content-Type: text/html"
echo "Connection: close"
echo ""
cat "$WEBUI_DIR/index.html" 2>/dev/null || echo "<h1>WebUI files not found</h1>"
;;
*)
local file="$WEBUI_DIR${path}"
if [ -f "$file" ]; then
local mime="text/plain"
case "$path" in
*.html) mime="text/html" ;;
*.css) mime="text/css" ;;
*.js) mime="application/javascript" ;;
*.json) mime="application/json" ;;
*.png) mime="image/png" ;;
*.svg) mime="image/svg+xml" ;;
esac
echo "HTTP/1.1 200 OK"
echo "Content-Type: $mime"
echo "Connection: close"
echo ""
cat "$file"
else
echo "HTTP/1.1 404 Not Found"
echo "Connection: close"
echo ""
echo "404"
fi
;;
esac
} | busybox nc -l -p "$WEBUI_PORT" 2>/dev/null || {
# Fallback: use toybox nc or /system/bin/nc
log "busybox nc not available, trying alternatives..."
break
}
done
}
# ── DISPATCH ──
case "$1" in
serve) cmd_serve ;;
status) echo "WebUI port: $WEBUI_PORT" ;;
*)
echo "Vigil WebUI Server"
echo "Usage: webui.sh serve"
echo " Starts web dashboard on http://localhost:$WEBUI_PORT"
;;
esac

2
vigil/webroot/index.html
View File

@@ -60,7 +60,7 @@ body{font-family:'SF Mono','Cascadia Code','Fira Code',monospace;background:var(
<div class="hdr"> <div class="hdr">
<h1>VIGIL</h1> <h1>VIGIL</h1>
<div class="sub">Anti-Surveillance Shield by Setec Labs</div> <div class="sub">Anti-Surveillance Shield by Setec Labs</div>
<div class="ver">v0.2.0</div> <div class="ver">v0.3.0</div>
</div> </div>
<div class="sb"> <div class="sb">
<div class="sc"><span class="sd" id="dd"></span><span id="dt">Checking...</span></div> <div class="sc"><span class="sd" id="dd"></span><span id="dt">Checking...</span></div>

2
webroot/index.html
View File

@@ -60,7 +60,7 @@ body{font-family:'SF Mono','Cascadia Code','Fira Code',monospace;background:var(
<div class="hdr"> <div class="hdr">
<h1>VIGIL</h1> <h1>VIGIL</h1>
<div class="sub">Anti-Surveillance Shield by Setec Labs</div> <div class="sub">Anti-Surveillance Shield by Setec Labs</div>
<div class="ver">v0.2.0</div> <div class="ver">v0.3.0</div>
</div> </div>
<div class="sb"> <div class="sb">
<div class="sc"><span class="sd" id="dd"></span><span id="dt">Checking...</span></div> <div class="sc"><span class="sd" id="dd"></span><span id="dt">Checking...</span></div>