Skip to content

lukas-holzner/FuSec

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

24 Commits
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 

Repository files navigation

FuSec ๐Ÿ”

Python License Streamlit Neo4j Docker

FuSec is a comprehensive security vulnerability management and analysis platform developed for the Siemens Challenge at HackaTUM 2025. This tool provides security teams with powerful insights into vulnerability landscapes, risk assessment, and AI-powered mitigation strategies.

๐Ÿš€ Features

  • ๐Ÿ“Š Security Dashboard: Real-time visualization of vulnerability metrics, host criticality, and risk levels
  • ๐Ÿ” CVE Analysis: Integration with NIST vulnerability database for detailed CVE information
  • ๐ŸŽฏ Risk Assessment: Automated scoring system for hosts and applications based on vulnerability severity
  • ๐Ÿค– AI-Powered Mitigations: Intelligent mitigation suggestions using Groq API, including Ansible playbooks
  • ๐ŸŒ Geographic Analysis: Visualization of vulnerability distribution across different regions
  • ๐Ÿ”ฌ Advanced Investigation: Multi-parameter search and filtering capabilities for vulnerability research
  • ๐Ÿ“ˆ Interactive Visualizations: Dynamic charts and graphs powered by Plotly for data exploration

๐Ÿ› ๏ธ Technologies Used

  • Backend: Python 3.11, Neo4j Graph Database
  • Frontend: Streamlit Web Framework
  • Visualization: Plotly, Pandas
  • AI Integration: Groq API for intelligent mitigations
  • Data Sources: NIST CVE Database
  • Deployment: Docker, Python Package Manager

๐Ÿ“‹ Prerequisites

  • Python 3.11 or higher
  • Neo4j Database (local or remote)
  • Groq API key (for AI-powered mitigations)
  • Docker (optional, for containerized deployment)

๐Ÿš€ Quick Start

Option 1: Local Installation

  1. Clone the repository

    git clone https://github.com/lukas-holzner/FuSec.git
    cd FuSec
  2. Install dependencies

    pip install -r requirements.txt
  3. Configure the application Create a src/config.ini file with your database and API settings:

    [NEO4J]
    URI = bolt://localhost:7687
    USER = neo4j
    PASSWORD = your_password
    
    [GROQ]
    API_KEY = your_groq_api_key
  4. Run the application

    streamlit run src/1_General.py
  5. Access the dashboard Open your browser and navigate to http://localhost:8501

Option 2: Docker Deployment

  1. Build the Docker image

    docker build -t fusec .
  2. Run the container

    docker run -p 8501:8501 \
      -e NEO4J_URI=bolt://your-neo4j-host:7687 \
      -e NEO4J_USER=neo4j \
      -e NEO4J_PASSWORD=your_password \
      -e GROQ_API_KEY=your_groq_api_key \
      fusec

๐Ÿ“– Usage

1. General Dashboard ๐Ÿ“Š

  • View overall security metrics including total hosts, critical systems, and vulnerability counts
  • Analyze vulnerability distribution by severity levels
  • Monitor geographic spread of security issues

2. Investigation Tools ๐Ÿ”

  • CVE Search: Look up specific Common Vulnerabilities and Exposures
  • Advanced Filtering: Search by software publishers, products, and version ranges
  • Risk Analysis: Identify high-risk systems and applications
  • Host Criticality: Evaluate system importance and exposure levels

3. Mitigation Assistance ๐Ÿค–

  • Input CVE details to receive AI-generated mitigation strategies
  • Get both automated Ansible playbooks and manual step-by-step guides
  • Access NIST database integration for comprehensive vulnerability information

๐Ÿ“ Project Structure

FuSec/
โ”œโ”€โ”€ src/
โ”‚   โ”œโ”€โ”€ 1_General.py              # Main dashboard application
โ”‚   โ”œโ”€โ”€ pages/
โ”‚   โ”‚   โ”œโ”€โ”€ 2_Investigation.py    # Investigation and search tools
โ”‚   โ”‚   โ””โ”€โ”€ 3_Mitigations.py      # AI-powered mitigation suggestions
โ”‚   โ”œโ”€โ”€ database/
โ”‚   โ”‚   โ”œโ”€โ”€ connection.py         # Neo4j database connection and queries
โ”‚   โ”‚   โ””โ”€โ”€ nist.py              # NIST CVE database integration
โ”‚   โ”œโ”€โ”€ visualization/
โ”‚   โ”‚   โ””โ”€โ”€ dashboard.py         # Dashboard components and charts
โ”‚   โ””โ”€โ”€ config.ini               # Configuration file (create manually)
โ”œโ”€โ”€ requirements.txt             # Python dependencies
โ”œโ”€โ”€ Dockerfile                   # Container configuration
โ””โ”€โ”€ README.md                   # This file

๐Ÿ”ง Configuration

Environment Variables

For Docker deployment or when config.ini is not available:

  • NEO4J_URI: Neo4j database connection URI
  • NEO4J_USER: Neo4j database username
  • NEO4J_PASSWORD: Neo4j database password
  • GROQ_API_KEY: Groq API key for AI-powered features

Database Setup

FuSec requires a Neo4j graph database with the following node types:

  • System: Represents hosts and infrastructure
  • Application: Software applications running on systems
  • Vulnerability: CVE entries and security issues
  • Finding: Security findings and assessments
  • Weakness: Security weaknesses and vulnerabilities

๐Ÿค Contributing

We welcome contributions to FuSec! Please follow these steps:

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add some amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

Development Guidelines

  • Follow PEP 8 style guidelines
  • Add appropriate documentation for new features
  • Include tests for new functionality
  • Update README.md if needed

๐Ÿ“ License

This project is licensed under the MIT License - see the LICENSE file for details.

๐Ÿ† Credits

FuSec was developed as part of the Siemens Challenge at HackaTUM 2025, one of Europe's largest hackathons focused on technology and innovation.

Team Contributors

  • Development team focused on cybersecurity and vulnerability management
  • Special thanks to the Siemens Challenge organizers and mentors
  • HackaTUM 2025 organizing committee

Third-Party Libraries

  • Streamlit - Web application framework
  • Neo4j - Graph database platform
  • Plotly - Interactive visualization library
  • Groq - AI inference platform
  • NIST - National Vulnerability Database

๐Ÿ› Issues and Support

If you encounter any issues or have questions:

  1. Check the Issues page
  2. Create a new issue with detailed description
  3. Include system information and error messages

๐Ÿ”ฎ Future Enhancements

  • Integration with additional vulnerability databases
  • Advanced machine learning models for risk prediction
  • Real-time vulnerability scanning capabilities
  • Enhanced reporting and export features
  • Multi-tenant support for enterprise deployment

Built with โค๏ธ for cybersecurity professionals at HackaTUM 2025

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors