## https://sploitus.com/exploit?id=2CCAEE62-DDB4-5C9A-8F6B-49D04468D4AE
# cybersec-ids
Full-stack AI-driven Web App Intrusion Detection System (IDS) with React dashboard. Real-time detection of XSS, SQLi, brute force, and more. Includes analytics, IP blocking, CSV export, and a demo vulnerable app for hands-on security testing.
# 🛡️ Web Application Security Monitoring & Intrusion Detection System
A **full-stack next-gen IDS (Intrusion Detection System)** for web applications, featuring live threat detection, analytics, IP blocking, geolocation, and seamless integration with any Node.js/Express web app.
---
## 🚀 Features
- **Real-Time Intrusion Detection:**
Detects XSS, SQL Injection, Brute Force, Directory Traversal, Command Injection, and more.
- **Live Dashboard:**
Modern React dashboard with real-time threat logs, statistics, analytics, and live updates (Socket.io).
- **IP Blocking:**
Automatic and manual blocking/unblocking of attacking IP addresses.
- **Geolocation & Analytics:**
Attackers’ locations, top endpoints targeted, attack type breakdown, and rich summary statistics.
- **Demo Vulnerable Web App:**
Ships with an intentionally vulnerable app—attack it and see instant IDS protection in action.
- **CSV Export:**
Download all security logs for audit or compliance.
---
## 🏗️ Architecture
[Demo Web App] → [IDS API/Backend] → [MongoDB]
↓
[React Real-Time Dashboard]
---
## 🛠️ Setup & Usage
### 1. Clone & Install Dependencies
- git clone
- cd cybersec-ids
- cd backend
- npm install
- cd ../frontend
- npm install
### 2. Start IDS Backend
- cd ../backend
- node app.js
- Opens at: `http://localhost:5000`
### 3. Start React Dashboard
- Opens at: `http://localhost:5000`
### 3. Start React Dashboard
cd ../frontend
npm start
- Opens at: `http://localhost:3000`
### 4. (Optional) Start Demo Vulnerable Web App
cd ../backend/demo-app
npm install
node demoApp.js
- App runs at: `http://localhost:3001`
---
## 🧪 How to Demo / Test
1. **Open the dashboard:** [http://localhost:3000](http://localhost:3000)
2. **Attack the demo web app:**
- _SQL Injection in login:_
```
curl -X POST http://localhost:3001/login -H "Content-Type: application/json" -d '{"username":"admin'' OR ''1''=''1","password":"test"}'
```
- _XSS in comments:_
```
curl -X POST http://localhost:3001/comments -H "Content-Type: application/json" -d '{"comment":"alert(''XSS'')","author":"attacker"}'
```
- _Directory Traversal:_
```
curl "http://localhost:3001/file?path=../../etc/passwd"
```
- _Command Injection:_
```
curl -X POST http://localhost:3001/search -H "Content-Type: application/json" -d '{"query":"test; rm -rf /"}'
```
3. **See the attacks INSTANTLY appear in your dashboard!**
4. **Block/unblock IPs, simulate attacks, and export CSV logs.**
---
## ✨ Example IDS Detection Rules
| Type | Pattern Example | Severity |
|-----------------------|---------------------------------------------------|----------|
| XSS (Comments) | ``, `onerror=`, `javascript:` | High |
| SQL Injection (Login) | `'`, `--`, `union select`, `drop`, `insert` | High |
| Directory Traversal | `../`, `%2e%2e`, `/etc/`, `c:\windows` | High |
| Command Injection | `|`, `;`, `&&`, `$()`, `\`backticks\`` | High |
| Brute Force | More than 5 failed logins in short period | Medium |
| Suspicious User-Agent | sqlmap, burp, nmap, metasploit | Medium |
_Easily add more in `backend/detection/ruleEngine.js`!_
---
## 🌐 Main API Reference
| Endpoint | Method | Description |
|---------------------------|--------|-------------------------------------|
| `/api/logs` | GET | Fetch threat logs |
| `/api/logs` | POST | Add a new log (auto-IDS analysis) |
| `/api/logs/stats` | GET | Get real-time threat summary |
| `/api/logs/export/csv` | GET | Download all logs as CSV |
| `/api/blocks` | GET/POST/DELETE | IP blocklist management |
| `/api/simulation/run` | POST | Built-in attack demo/simulation |
---
## 🤝 Integration
- Add the provided `idsLogger` middleware to **any Express app**.
- Or: `POST` incident logs or suspicious events to `/api/logs` from any system.
- Monitor real application/system logs with a small node script or via API.
---
## 🏆 Standout Qualities
- **Production-grade detection**: Not just logging, but actual prevention, blocking, and threat analytics.
- **Real-time results:** See dashboard update immediately when demo app is attacked.
- **End-to-end:** Demo app, IDS system, and dashboard—all in one.
- **Easy to extend:** New detection rules, ML models, or API integrations possible.
- **Professional reporting:** Download attack logs for security audits.
---
## 👨💻 Author
Harsha Vardhan Tagirisa
_Based on best practices in full-stack and application security._
---
## 📄 License
MIT
---