{"id":49086943,"url":"https://github.com/dionipe/wafx-cybermap","last_synced_at":"2026-04-20T16:08:25.694Z","repository":{"id":343806223,"uuid":"1179216295","full_name":"dionipe/wafx-cybermap","owner":"dionipe","description":"Peruntukan — tabel pengguna target (SOC, SysAdmin, NOC, Audit) Kategori Ancaman — tabel OAS/MAV/IDS/VUL/RMW dengan warna, pemicu, dan contoh pola Arsitektur — diagram ASCII alur data dari Coraza log → Go → SSE → Browser  Struktur file, instalasi \u0026 build, akses URL, konfigurasi konstanta, dependensi, dan catatan keamanan","archived":false,"fork":false,"pushed_at":"2026-03-11T20:24:52.000Z","size":5416,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-12T01:27:53.549Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dionipe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-11T20:05:42.000Z","updated_at":"2026-03-11T20:24:56.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/dionipe/wafx-cybermap","commit_stats":null,"previous_names":["dionipe/wafx-cybermap"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/dionipe/wafx-cybermap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dionipe%2Fwafx-cybermap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dionipe%2Fwafx-cybermap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dionipe%2Fwafx-cybermap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dionipe%2Fwafx-cybermap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dionipe","download_url":"https://codeload.github.com/dionipe/wafx-cybermap/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dionipe%2Fwafx-cybermap/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32054673,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-20T11:35:06.609Z","status":"ssl_error","status_checked_at":"2026-04-20T11:34:48.899Z","response_time":94,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-20T16:08:23.405Z","updated_at":"2026-04-20T16:08:25.688Z","avatar_url":"https://github.com/dionipe.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# WAFX CyberThreat Live Map\n\n🌐 **Live:** [https://ctmap.indobsd.id](https://ctmap.indobsd.id)  \n🛡️ **WAFX Platform:** [https://wafx.indobsd.id](https://wafx.indobsd.id)\n\nVisualisasi serangan siber secara real-time berbasis peta dunia interaktif. Data diambil langsung dari log audit **WAFX-NGINX Coraza WAF** yang sedang berjalan, kemudian ditampilkan sebagai animasi arc balistik dari lokasi penyerang menuju server target.\n\n```\n┌─────────────────────────────────────────────────────────┐\n│  WAFX CyberThreat Live Map  │  01:47:32   │ 1,240 Total │\n├─────────────────────────────────────────────────────────┤\n│                                                         │\n│  🗺  Peta Dunia (CartoDB Dark Matter)                   │\n│      ← arc animasi berwarna per kategori ancaman        │\n│      ● Target: Jakarta, Indonesia                       │\n│                                                         │\n│  [OAS]  240    [MAV]  58     [IDS]  891                 │\n│  [VUL]  42     [RMW]   9                                │\n│                                                         │\n│  ┌─── Global Attack Feed ──────────────────────────┐   │\n│  │ IDS  01:47:31  45.12.33.154   Germany           │   │\n│  │ VUL  01:47:29  182.2.71.0     China             │   │\n│  └─────────────────────────────────────────────────┘   │\n└─────────────────────────────────────────────────────────┘\n```\n\n---\n\n## Peruntukan\n\n| Pengguna | Kegunaan |\n|---|---|\n| **SOC / Security Analyst** | Memantau serangan masuk secara real-time tanpa membuka log mentah |\n| **System Administrator** | Melihat distribusi geografis penyerang dan kategori ancaman dominan |\n| **Network Operations Center (NOC)** | Display dinding (wall display) sebagai live threat intelligence feed |\n| **Audit \u0026 Compliance** | Bukti visual bahwa WAF aktif mendeteksi dan memblokir ancaman |\n\n---\n\n## Kategori Ancaman\n\n| Kode | Nama Lengkap | Warna | Pemicu |\n|---|---|---|---|\n| **OAS** | On-Access Scan | 🟡 Amber | LFI, RFI, path traversal (`../`), akses file sensitif (`.env`, `.git`, `wp-config`) |\n| **MAV** | Mail Anti Virus | 🔵 Biru | Serangan SMTP/webmail, PHPMailer injection, `/mail`, `/roundcube` |\n| **IDS** | Intrusion Detection Scan | 🟢 Hijau | Protocol violation, missing Host header, HTTP method probing, scanning umum |\n| **VUL** | Vulnerability Scan | 🔴 Merah | SQL injection, XSS, command injection, RCE (`attack-sqli`, `attack-xss`) |\n| **RMW** | Ransomware | 🟣 Ungu | Pola ekstensi file terenkripsi (`.crypt`, `.wncry`, `.locked`), akses `/decrypt` |\n\n---\n\n## Arsitektur\n\n```\n┌──────────────────────────────────────────────────────────────────┐\n│                        SERVER                                    │\n│                                                                  │\n│  ┌──────────────┐    parse + tail    ┌────────────────────────┐  │\n│  │ Coraza Audit │ ─────────────────► │   Go Backend           │  │\n│  │ Log          │                    │   wafx-cybermap        │  │\n│  │ /var/log/    │                    │   :8085                │  │\n│  │ nginx/       │  GeoIP lookup      │                        │  │\n│  │ coraza_audit │ ◄── ip-api.com ──► │  SSE /api/events       │  │\n│  │ .log         │                    │  JSON /api/stats       │  │\n│  └──────────────┘                    └──────────┬─────────────┘  │\n│                                                  │               │\n│  ┌───────────────────────────────────────────────▼─────────────┐ │\n│  │  Nginx Reverse Proxy  :8083  →  localhost:8085              │ │\n│  └─────────────────────────────────────────────────────────────┘ │\n└──────────────────────────────────────────────────────────────────┘\n                                │  SSE stream\n                                ▼\n                    ┌───────────────────────┐\n                    │  Browser              │\n                    │  Leaflet.js Map       │\n                    │  Canvas Arc Animation │\n                    │  Stats Panel + Feed   │\n                    └───────────────────────┘\n```\n\n---\n\n## Cara Kerja\n\n### 1. Parsing Log Coraza (Backend Go)\n\nCoraza WAF menulis log audit ke `/var/log/nginx/coraza_audit.log` dalam format native multi-section:\n\n```\n--\u003cID\u003e-A--\n[2026/03/12 01:34:08] \u003ctxid\u003e \u003cclient_ip\u003e \u003cport\u003e \u003cserver_ip\u003e \u003cport\u003e\n--\u003cID\u003e-B--\nGET /wp-config.php HTTP/1.1\nHost: example.com\nUser-Agent: python-requests/2.28\n--\u003cID\u003e-H--\n[msg \"Restricted File Access Attempt\"][severity \"CRITICAL\"]\n[tag \"attack-lfi\"][tag \"OWASP_CRS\"]\n```\n\nBackend mem-parse setiap **block A→Z** menggunakan regex:\n- **Section A** → timestamp + client IP\n- **Section B** → HTTP method, URI, Host header, User-Agent\n- **Section H** → msg, severity, tags (digunakan untuk klasifikasi kategori)\n\n### 2. Klasifikasi Ancaman\n\nSetiap block yang berhasil di-parse diklasifikasikan ke salah satu dari 5 kategori berdasarkan **prioritas berurutan**:\n\n```\nRMW → OAS → MAV → VUL → IDS (default)\n```\n\nKlasifikasi memeriksa kombinasi: `[msg]`, `[tag]`, URI, dan HTTP method.\n\n### 3. GeoIP Lookup\n\nClient IP di-resolve ke koordinat geografis menggunakan **ip-api.com** (free tier):\n\n- Rate-limited: **~42 request/menit** (aman di bawah limit 45/menit)\n- Cache per IP selama **2 jam** (in-memory)\n- IP privat/loopback langsung dikembalikan sebagai `\"Local\"` tanpa request\n\n### 4. Server-Sent Events (SSE)\n\nBackend mem-push dua jenis event ke browser:\n\n| Event | Payload | Kapan |\n|---|---|---|\n| `threat` | JSON satu ThreatEvent (IP, geo, tipe, warna, koordinat) | Setiap event baru |\n| `stats` | JSON counter OAS/MAV/IDS/VUL/RMW + total | Setiap 5 detik |\n\nClient baru yang baru connect menerima **replay 150 event terakhir** sebelum live stream dimulai.\n\n### 5. Log Tailing Real-Time\n\n```\nstartup\n  ├── seedFromFile(coraza_audit.log.1, 100)   ← event kemarin\n  ├── seedFromFile(coraza_audit.log,   50)    ← event hari ini\n  └── tailLog()                               ← poll setiap 2 detik\n             │\n             ├── detect file rotation (size \u003c last)  → reopen\n             └── read new bytes → parse → broadcast\n```\n\n### 6. Playback Engine (Frontend)\n\nSaat halaman di-refresh, event history tidak langsung muncul sekaligus melainkan **dianimasikan satu per satu**:\n\n```\nBrowser connect SSE\n       │\n       ▼\n  [collect]  ──► buffer semua event lama (unix age \u003e 60 detik)\n       │         tunggu 450ms keheningan\n       ▼\n  [play]     ──► animasi 1 event setiap 320ms\n       │         arc + feed item + counter naik satu-satu\n       ▼\n  [live]     ──► event real-time tampil langsung\n       │         setelah 2.2 detik sepi...\n       ▼\n  [loop]     ──► ulang arc dari event pertama (counter terus naik)\n       │         feed tidak ditambah (tidak duplikat)\n       └──────► kembali ke [live] → [loop] → selamanya ♾\n```\n\n### 7. Animasi Arc Canvas\n\nArc digambar menggunakan **Bézier quadratic** di `\u003ccanvas\u003e` overlay Leaflet:\n\n```\nControl point (lifted)\n       ▲\n       │ lift = min(distance × 0.42, 220px)\n       │\nsrc ───┼─── (animated) ───► dst (Jakarta)\n```\n\nSetiap arc memiliki 3 fase waktu:\n- **travel** (2200ms): titik bergerak dari src ke dst\n- **hold** (800ms): arc penuh ditampilkan\n- **fade** (1200ms): arc memudar menghilang\n\n---\n\n## Struktur File\n\n```\n/opt/wafx-cybermap/\n├── main.go                  # Go backend (SSE, log parser, GeoIP)\n├── go.mod                   # Go module\n├── wafx-cybermap            # Binary hasil build\n└── static/\n    └── index.html           # Frontend (Leaflet map, canvas, SSE client)\n\n/etc/systemd/system/\n└── wafx-cybermap.service    # Systemd unit (auto-start)\n\n/etc/nginx/conf.d/\n└── wafx-cybermap.conf       # Nginx reverse proxy :8083 → :8085\n```\n\n---\n\n## Instalasi \u0026 Build\n\n```bash\ncd /opt/wafx-cybermap\ngo build -o wafx-cybermap .\n```\n\n### Jalankan via systemd (recommended)\n\n```bash\nsystemctl start   wafx-cybermap\nsystemctl stop    wafx-cybermap\nsystemctl restart wafx-cybermap\nsystemctl status  wafx-cybermap\n\n# Aktifkan auto-start saat boot\nsystemctl enable  wafx-cybermap\n\n# Lihat log\njournalctl -u wafx-cybermap -f\n```\n\n### Jalankan manual (foreground)\n\n```bash\n./wafx-cybermap\n```\n\n---\n\n## Akses\n\n### Publik\n\n| URL | Keterangan |\n|---|---|\n| [https://ctmap.indobsd.id](https://ctmap.indobsd.id) | **Live map** (production) |\n| [https://wafx.indobsd.id](https://wafx.indobsd.id) | **WAFX Security Platform** |\n\n### Lokal / Internal\n\n| URL | Keterangan |\n|---|---|\n| `http://localhost:8083/` | Via Nginx reverse proxy (port standar) |\n| `http://localhost:8083/cyber-map.html` | Alias path |\n| `http://localhost:8085/` | Langsung ke Go service |\n| `http://localhost:8085/api/stats` | JSON stats (total, per kategori) |\n| `http://localhost:8085/api/events` | SSE stream (text/event-stream) |\n\n---\n\n## Konfigurasi\n\nKonstanta utama di [main.go](main.go):\n\n| Konstanta | Default | Keterangan |\n|---|---|---|\n| `auditLogPath` | `/var/log/nginx/coraza_audit.log` | Log aktif Coraza |\n| `auditLogBakPath` | `/var/log/nginx/coraza_audit.log.1` | Log rotasi (kemarin) |\n| `listenAddr` | `:8085` | Port Go service |\n| `targetLat` / `targetLng` | `-6.2146` / `106.8451` | Koordinat server target (Jakarta) |\n| `geoRateDelay` | `1400ms` | Interval antar GeoIP request |\n| `geoCacheTTL` | `2 jam` | Durasi cache GeoIP per IP |\n| `historySize` | `150` | Maksimal event di ring-buffer |\n\n---\n\n## Dependensi\n\n| Komponen | Versi | Keterangan |\n|---|---|---|\n| Go | ≥ 1.21 | Standard library only, tidak ada external package |\n| Leaflet.js | 1.9.4 | Peta interaktif (CDN) |\n| CartoDB Dark Matter | — | Tile layer peta gelap (free, no key) |\n| ip-api.com | free tier | GeoIP lookup (45 req/min, no key) |\n| WAFX-NGINX Coraza | — | Sumber data log audit |\n\n---\n\n## Catatan Keamanan\n\n- Service berjalan di port **8085** yang tidak terekspos langsung ke internet — diakses melalui Nginx yang sudah dikonfigurasi dengan WAF rules\n- Direktif `coraza off` pada nginx config untuk endpoint `/api/events` mencegah Coraza memblokir SSE stream yang legitimate\n- GeoIP hanya dilakukan untuk **public IP** — IP privat (RFC1918) dan loopback tidak dikirim ke api eksternal\n- Tidak ada autentikasi pada service ini karena didesain untuk akses internal/LAN saja\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdionipe%2Fwafx-cybermap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdionipe%2Fwafx-cybermap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdionipe%2Fwafx-cybermap/lists"}