Contributing ============ This project is open to contributions, and there are several areas of work to be developed. Join the Discord server to get involved: **Discord**: https://discord.gg/RXWn85cnYm Roadmap ------- **Completed:** - Modbus Industrial Honeypot Module — Complete TCP honeypot with PLC emulation - React Dashboard Redesign — Modern SPA with React 19, Vite, Tailwind CSS - Rule-Based Alerting Engine — Declarative YAML rules (MLS001 … MLS012) with MQL queries, severities, schedules and accumulated 0–100 verdicts - Alerts Page — Grouped/flat views, severity & status filters, bulk acknowledge/resolve - Agent Topology — Interactive manager ↔ agents ↔ modules canvas with persisted layout - Activity & Attacker Statistics Pages - Custom FTP Honeypot Image — Debian slim + vsftpd, dropping the third-party ``fauria/vsftpd`` dependency - GeoIP Attack Map — Interactive world map with ip-api.com enrichment - Hybrid Deployment — Support for internal, external, and mixed networks - CVE Module Framework — Dedicated category for vulnerability-specific honeypots - Telnet Honeypot Module — Standard telnet honeypot with weak credentials - Interactive Shell - Critical Events Dashboard — Highlighted alerts for security-critical events - Distributed Architecture — Manager/agent model with mTLS-secured communications - Agent Health Monitoring — Real-time agent status polling and dashboard page - Auto-Enrollment — One-time token based agent enrollment with embedded PKI - HTTPS Dashboard — Direct access over TLS (no SSH tunnel needed) - Remote Agent Management — Start/stop/restart agent modules from manager CLI via mTLS - Dashboard Enhancements — Auto-refresh, date range filter, trend arrows, heatmap, multi-day timeline, top credentials, sortable/paginated tables - GeoIP Enrichment API — Cached batch IP geolocation with country flags in dashboard - Security Hardening — Path traversal protection, rate limiting, input validation, SHA-256 hashing, SSRF mitigation, error message sanitization **Planned:** - Improve MQTT module - Develop new CVE modules - Develop new modules (SNMP, etc.) - MITRE ATT&CK mapping for threat events - Automated PDF/HTML reports - Behavioral clustering (attack pattern grouping) - Adaptive deception (dynamic honeypot responses) - Rules UI to tune thresholds without redeploying (engine landed in v2.2, UI still pending) Credits ------- Thank you to all contributors for helping the project move forward. - `summoningshells `_ - `Mlh4040 `_