https://github.com/hookprobe/hookprobe
π‘οΈ Free AI that blocks hackers while you sleep. Runs on cheap hardware. When someone in Tokyo gets attacked, you're protected in 30 seconds. No fees. No experts needed. Just protection. One node's detection β everyone's protection.
https://github.com/hookprobe/hookprobe
ai-security automated-mitigation autonomous-threat-response cybersecurity ids iot-security ips n8n open-source-security qsecbit siem small-business soar sql-injection-prevention threat-detection threat-intelligence vxlan vxlan-interface waf zero-trust
Last synced: about 1 month ago
JSON representation
π‘οΈ Free AI that blocks hackers while you sleep. Runs on cheap hardware. When someone in Tokyo gets attacked, you're protected in 30 seconds. No fees. No experts needed. Just protection. One node's detection β everyone's protection.
- Host: GitHub
- URL: https://github.com/hookprobe/hookprobe
- Owner: hookprobe
- License: other
- Created: 2024-06-22T19:52:52.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2026-03-02T08:43:07.000Z (about 2 months ago)
- Last Synced: 2026-03-02T12:37:33.741Z (about 2 months ago)
- Topics: ai-security, automated-mitigation, autonomous-threat-response, cybersecurity, ids, iot-security, ips, n8n, open-source-security, qsecbit, siem, small-business, soar, sql-injection-prevention, threat-detection, threat-intelligence, vxlan, vxlan-interface, waf, zero-trust
- Language: Python
- Homepage: https://hookprobe.com
- Size: 46.1 MB
- Stars: 12
- Watchers: 1
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: docs/CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: docs/SECURITY.md
Awesome Lists containing this project
- awesome-iot - HookProbe - Edge-first autonomous SOC and AI-native IDS for IoT network security. Runs on Raspberry Pi. (Security / Low Level)
- awesome-raspberry-pi - HookProbe - AI-native intrusion detection system with eBPF/XDP packet filtering and ML threat classification. Processes 8.8M+ security events on a Pi 5. (Projects)
- fucking-awesome-raspberry-pi - HookProbe - AI-native intrusion detection system with eBPF/XDP packet filtering and ML threat classification. Processes 8.8M+ security events on a Pi 5. (Projects)
README
One Node's Detection β Everyone's Protection
π‘οΈ A Family of Protectors Building the Future of Collective Defense π‘οΈ
Enterprise-grade AI security on a $75 Raspberry Pi. No vendor lock-in. No black boxes. No BS.
π― Live Demo β’
π Website β’
β‘ Quick Start β’
π Our Manifesto β’
π€ Join The Family β’
π οΈ Contribute
---
## π‘ The Vision
> *"In a world where attackers share everything, defenders must too."*
**The security industry is broken.** Enterprise protection costs $50,000/year. Small businesses get ransomed. Individuals are left defenseless. Meanwhile, the bad guys collaborate in forums and marketplaces while the good guys fight alone.
**We're building the resistance.**
HookProbe is a **decentralized security mesh** where every node protects every other node. When a Guardian in Tokyo blocks a zero-day, a Sentinel in SΓ£o Paulo is protected in seconds. When a Fortress in Berlin identifies ransomware, the entire mesh learns instantly.
**β Star this repo** if you believe security should be accessible to everyone. Stars help others discover protection.
---
## π Why HookProbe?
| The Problem | Our Answer |
|-------------|------------|
| π° Security costs $50K+/year | **$75 hardware, $0 software** |
| π Black-box algorithms | **Every decision is explainable** |
| π’ Enterprise-only protection | **Same AI for everyone** |
| π€ Vendors own your data | **Your data never leaves your edge** |
| π° Constant manual work | **Set it and forget it** |
| π Fighting alone | **Collective mesh defense** |
---
## The HookProbe Promise
**Transparency creates trust. Trust enables achievement.**
HookProbe is built on a simple belief: security technology should empower people, not create dependency. When you can see exactly how your protection works, audit every line of code, and understand every decision the system makes, you're free to focus on what matters - building, creating, and achieving more.
We reject the security industry's black-box approach. Our code is open. Our algorithms are documented. Our data handling is verifiable. When one HookProbe node anywhere in the world detects a threat, every node learns instantly - without anyone's private data ever leaving their control.
**This is security that works *for* you, not security that works *on* you.**
---
## Why Transparency Matters
| Black-Box Security | HookProbe (Transparent) |
|-------------------|-------------------------|
| "Trust us, we're protecting you" | Audit the code yourself |
| Your data sent to vendor clouds | Your data never leaves your edge |
| Opaque threat scoring | See exactly why decisions are made |
| Vendor lock-in | Open standards, your choice |
| Security creates dependency | Security enables independence |
| Complex interfaces hide complexity | Simple interfaces, documented complexity |
**The difference:** Black boxes ask for trust. Transparency earns it.
---
## How HookProbe Helps You Achieve More
### 1. Reclaim Your Time
Traditional security demands constant attention - alerts to investigate, logs to review, updates to manage. HookProbe handles this automatically so you can focus on your actual work.
- **Automated threat response** - No manual investigation needed
- **Self-learning baselines** - Adapts to your environment
- **Collective intelligence** - Benefits from global threat detection without effort
### 2. Protect Without Complexity
Enterprise security typically requires dedicated teams. HookProbe brings the same protection to anyone, regardless of technical background.
```bash
# That's it. You're protected.
./install.sh --tier guardian
```
### 3. Scale Without Cost
From a single Raspberry Pi to a global mesh of thousands of nodes - same technology, same transparency, scaling to your needs.
| Your Situation | Solution | Investment |
|----------------|----------|------------|
| Home network | Guardian | $75 hardware, $0 software |
| Small business | Fortress | $200 hardware, $0 software |
| Growing company | Nexus | $2000 hardware, $0 software |
### 4. Own Your Security Data
Every security decision, every threat detection, every response action - it's all yours. Export it. Analyze it. Verify it. No vendor has access unless you grant it.
---
## The Collective Defense Mesh
HookProbe's most powerful feature isn't code - it's community.
```
Node A (Singapore) Detects zero-day attack
β
βΌ
Mesh Intelligence Validates pattern, creates signature
β
ββββββββββββββββββββββββββββββββββββββββ
βΌ βΌ
Node B (London) Node C (New York) Node D (Berlin)
Protected in <30s Protected in <30s Protected in <30s
```
**How it works:**
1. **Detection** - Any node detects a new threat pattern
2. **Validation** - Mesh consensus confirms it's legitimate
3. **Distribution** - Anonymized signature shared instantly
4. **Protection** - All nodes block the threat
**What we never share:**
- Your raw traffic data
- Your IP addresses
- Your internal network details
- Any personally identifiable information
**What we share:**
- Anonymized threat signatures
- Attack patterns (source removed)
- Model weight updates (federated learning)
This is collective defense that respects individual privacy.
---
## The HTP-DSM-NEURO-QSECBIT-NSE Security Stack
HookProbe's core innovation is the integrated security stack that provides end-to-end protection from detection to response to mesh propagation.
```
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β HTP-DSM-NEURO-QSECBIT-NSE SECURITY STACK β
β "One node's detection β Everyone's protection" β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β HTP βββββΆβ DSM βββββΆβ NEURO βββββΆβ QSECBIT β β
β β Transport β β Consensus β β Resonance β β Scoring β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β β β β β
β ββββββββββββββββββββ΄βββββββββββββββββββ΄βββββββββββββββββββ β
β β β
β ββββββββΌβββββββ β
β β NSE β β
β β Encryption β β
β β (Neural AI) β β
β βββββββββββββββ β
β β
β "Nobody knows the key - the AI communicates via neural synapses" β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
```
### Stack Components
| Component | Purpose | Innovation |
|-----------|---------|------------|
| **HTP** | HookProbe Transport Protocol | Post-quantum Kyber KEM, keyless authentication |
| **DSM** | Decentralized Security Mesh | Byzantine fault-tolerant consensus, 2/3 quorum |
| **NEURO** | Neural Resonance Protocol | Device fingerprinting via weight evolution |
| **QSECBIT** | Quantified Security Metric | Real-time RAG scoring (GREEN/AMBER/RED) |
| **NSE** | Neural Synaptic Encryption | Keys emerge from neural state - nobody knows the password |
| **NAPSE** | Neural Adaptive Packet Synthesis Engine | AI-native IDS/NSM/IPS with L2-L7 deep packet analysis |
| **AEGIS** | Autonomous AI Orchestrator | 8 specialized agents, principle-guided autonomous defense |
### The NSE Innovation
Traditional encryption requires sharing secrets. NSE eliminates this:
```
Traditional: "Do you know the password?"
NSE: "Can your neural state produce the matching key?"
Keys are DERIVED from:
βββ Neural weight state (unique per device)
βββ Resonance Drift Vector (temporal)
βββ Qsecbit score (security context)
βββ Collective entropy (mesh participation)
Result: Encryption where nobody knows the key
```
### E2E Security Flow
When an attack is detected, the entire stack activates:
```
1. DETECTION β NAPSE identifies threat (AI-native, L2-L7)
2. SCORING β Qsecbit RAG status (GREEN/AMBER/RED)
3. RESPONSE β AEGIS orchestrates defense (8 AI agents)
4. PROPAGATION β Mesh consciousness spreads intelligence
5. CONSENSUS β DSM validates across validator network
6. PROTECTION β All nodes protected in <30 seconds
```
### Adversarial Security Testing
HookProbe includes AI vs AI testing - our Red Team AI attacks the stack while our Blue Team AI defends:
- **9 Attack Vectors**: TER replay, timing, entropy poisoning, weight prediction, etc.
- **CVSS Scoring**: Vulnerability severity from 0.0-10.0
- **Automated Mitigations**: AI-suggested code-level fixes
- **Designer Alerts**: Multi-channel notifications for critical findings
> "Know your vulnerabilities before someone else does"
---
## Technical Foundation (Fully Documented)
Every component is documented. Every algorithm is explained. Nothing is hidden.
### Qsecbit Engine - Transparent Threat Scoring
Traditional security: "This is bad" (trust us)
HookProbe: "This scores 0.72 because drift=0.25, attack_probability=0.85, decay=0.12"
```python
# The actual formula - no secrets
Qsecbit = α·drift + β·p_attack + γ·decay + δ·q_drift + Ρ·energy_anomaly
# You can verify every calculation
# See: core/qsecbit/qsecbit.py
```
| Protection | Status | What It Means |
|------------|--------|---------------|
| > 55% | π’ GREEN | All clear Β· Protected |
| 30-55% | π‘ AMBER | Monitoring Β· Stay alert |
| < 30% | π΄ RED | Under attack Β· Defending |
### dnsXai - Explainable DNS Protection
Not just "blocked" - but *why* it was blocked:
```
Domain: suspicious-tracker.com
Decision: BLOCKED
Confidence: 92%
Reason: High entropy (4.2), matches tracking pattern, CNAME resolves to known tracker
Category: ADVERTISING_TRACKER
```
Every block is explainable. Every decision is auditable.
### HTP Protocol - Verifiable Security
Post-quantum cryptography you can inspect:
- **Kyber KEM** - NIST-approved, implementation viewable
- **ChaCha20-Poly1305** - Standard authenticated encryption
- **Entropy-based authentication** - Novel but documented
### XDP/eBPF - Kernel-Level, User-Auditable
DDoS mitigation at the kernel level, but you can see exactly what rules are applied:
```bash
# View active XDP rules
./hookprobe-ctl xdp show
# Understand every decision
./hookprobe-ctl xdp explain --ip 192.168.1.100
```
---
## Who Benefits from HookProbe
### Home Users & Prosumers
**Achieve:** Secure home network without becoming a security expert
**Transparency benefit:** Know exactly what's being blocked and why
**Time saved:** Set and forget - system learns your patterns
### Small & Medium Businesses
**Achieve:** Enterprise-grade protection without enterprise costs
**Transparency benefit:** Audit-ready logs, explainable decisions
**Time saved:** No dedicated security team needed
### Developers & Technical Users
**Achieve:** Security that integrates with your workflow
**Transparency benefit:** Full API access, source code available
**Time saved:** Automated responses, scriptable interfaces
### Managed Service Providers
**Achieve:** Offer premium security services at scale
**Transparency benefit:** Show clients exactly how they're protected
**Time saved:** Centralized management, automated operations
Explore the [MSSP platform](https://mssp.hookprobe.com) for multi-tenant management, or [try the demo](https://mssp.hookprobe.com/?site=demo-site) instantly.
---
## HookProbe Cortex - See Your Mesh
Transparency isn't just about code - it's about visibility.
Cortex is a real-time 3D visualization of your entire defense network. Watch threats arrive from across the world and see them blocked in real-time.
```
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β HOOKPROBE CORTEX β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β ββ
β β ⬑ Nexus (ML/AI) Attack Arc β ββ
β β β β ββ
β β ⬑ Guardian ββββββ Mesh ββββββ ⬑ Fortress ββ
β β β β ββ
β β ⬑ Sentinel (IoT) β Repelled Arc ββ
β β ββ
β β [NODES: 1,247] [ATTACKS: 89] [REPELLED: 89] [QSECBIT] ββ
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Real-time 3D globe with attack trajectories β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
```
**Not a dashboard about your security. A window into your security.**
[Cortex Documentation](shared/cortex/README.md) | [See the live dashboard demo](https://mssp.hookprobe.com/?site=demo-site)
---
## β‘ Quick Start
```bash
# First-time setup (fresh Raspberry Pi)
sudo apt update && sudo apt install -y git
# Clone and install
git clone https://github.com/hookprobe/hookprobe.git
cd hookprobe
sudo ./install.sh --tier guardian # π Home/Prosumer ($75 RPi, 1.5GB RAM)
# Other tiers available:
# sudo ./install.sh --tier fortress # π’ Business ($200 Mini PC, 4GB RAM)
# sudo ./install.sh --tier fortress --enable-aiochi # With AI Eyes cognitive layer
# sudo ./install.sh --tier nexus # ποΈ Enterprise ($2000 Server, 16GB+ RAM)
```
**That's it!** The install script handles everything else automatically:
- System packages (hostapd, dnsmasq, etc.)
- Python dependencies
- Locale and WiFi country configuration
- Network interface setup
- Service configuration
**β±οΈ Time to protection:** ~5 minutes
**π Ongoing maintenance:** Automatic
**π° Software cost:** $0
[π Full Installation Guide](docs/installation/INSTALLATION.md)
---
## π― See It Live
**Not ready to install?** Explore HookProbe's capabilities instantly β no account required.
### [Try the Interactive Demo β](https://mssp.hookprobe.com/?site=demo-site)
The demo dashboard gives you hands-on access to:
- **Real-time Qsecbit scoring** β Watch the resilience gauge respond to simulated threats
- **Node management** β See how Guardian, Fortress, and Nexus nodes are monitored
- **Threat intelligence feed** β Global attack patterns with 1-minute delay
- **Alert management** β Severity-based triage with investigation workflows
- **Combat Mode** β Emergency isolation controls for active incidents
### Platform Links
| Platform | What You'll See | Access |
|----------|-----------------|--------|
| [**hookprobe.com**](https://hookprobe.com) | Architecture, product tiers, pricing, FAQ | Public |
| [**Live Demo Dashboard**](https://mssp.hookprobe.com/?site=demo-site) | Interactive MSSP dashboard with simulated data | Public (no login) |
| [**MSSP Platform**](https://mssp.hookprobe.com) | Multi-tenant management for service providers | [Create account](https://mssp.hookprobe.com/auth/login) |
> Currently showing **QSECBIT: 94% π’** across active mesh nodes β [see it live](https://hookprobe.com)
---
## Our Commitment to Transparency
### Open Source Foundation
The majority of HookProbe is open source under AGPL v3.0:
- Deployment scripts and configuration
- Guardian product tier
- Mesh communication layer
- Threat response modules
- All documentation
- Cortex visualization
### Documented Innovations
Our proprietary components (Qsecbit algorithm, Neural Resonance protocol, dnsXai classifier, AIOCHI cognitive layer, SLA AI business continuity) are clearly documented. You can understand *what* they do and *why* - the implementation is protected, but the purpose is transparent.
### Privacy by Architecture
We didn't add privacy as an afterthought. The architecture ensures:
- Raw data never leaves your edge
- Only anonymized signatures are shared
- You control what participates in the mesh
- Compliance (GDPR, NIS2) is built-in
### Community-Driven Development
- Public roadmap
- Open issue tracking
- Community contributions welcome
- Regular security audits
[Licensing Details](LICENSING.md) | [Contributing Guide](docs/CONTRIBUTING.md)
---
## Architecture Overview
```
hookprobe/
βββ core/ # Core Intelligence (documented)
β βββ aegis/ # AEGIS - Autonomous AI Orchestrator (proprietary)
β βββ napse/ # NAPSE - Neural Adaptive Packet Synthesis (proprietary)
β βββ htp/ # Transport Protocol (open source)
β βββ qsecbit/ # AI Threat Scoring (documented, proprietary)
β βββ neuro/ # Neural Authentication (documented, proprietary)
β
βββ shared/ # Shared Modules
β βββ dnsXai/ # AI DNS Protection (documented, proprietary)
β βββ mesh/ # Collective Defense (open source)
β βββ dsm/ # Decentralized Security (documented, proprietary)
β βββ aiochi/ # AIOCHI - AI Eyes Cognitive Layer (proprietary)
β βββ slaai/ # SLA AI Business Continuity (proprietary)
β βββ response/ # Automated Response (open source)
β βββ cortex/ # 3D Visualization (open source)
β
βββ products/ # Deployment Tiers (mostly open source)
β βββ guardian/ # Home/Prosumer
β βββ fortress/ # Business
β βββ nexus/ # Enterprise
β
βββ deploy/ # Deployment Scripts (open source)
```
Every directory has documentation. Every module has a README.
---
## Resources
| Resource | Description |
|----------|-------------|
| [**Live Demo**](https://mssp.hookprobe.com/?site=demo-site) | Try the dashboard instantly β no login required |
| [**hookprobe.com**](https://hookprobe.com) | Product overview, pricing, and FAQ |
| [MSSP Platform](https://mssp.hookprobe.com) | Multi-tenant management for service providers |
| [Installation Guide](docs/installation/INSTALLATION.md) | Get started in 5 minutes |
| [Architecture Overview](docs/architecture/HOOKPROBE-ARCHITECTURE.md) | Understand the system |
| [Qsecbit Documentation](core/qsecbit/README.md) | How threat scoring works |
| [Mesh Architecture](shared/mesh/ARCHITECTURE.md) | Collective defense explained |
| [Cortex Visualization](shared/cortex/README.md) | See your security |
| [API Reference](docs/components/README.md) | Integrate and extend |
| [GDPR Compliance](docs/GDPR.md) | Privacy documentation |
| [Security Policy](docs/SECURITY.md) | Report vulnerabilities |
---
## The HookProbe Difference
**We don't ask you to trust us. We give you the tools to verify.**
- Every threat decision is explainable
- Every line of defense code is auditable
- Every piece of your data stays under your control
- Every node in the mesh strengthens everyone
**This is what security looks like when transparency comes first.**
---
## π€ Join The Family
HookProbe isn't a product. It's a **movement**. A family of people who believe that security is a right, not a privilege.
### How You Can Help
| Action | Impact |
|--------|--------|
| β **Star this repo** | Help others discover protection |
| π§ **Deploy HookProbe** | Strengthen the mesh for everyone |
| π **Find vulnerabilities** | Make the stack stronger |
| π **Contribute code/docs** | Build the future together |
| π’ **Share the project** | Spread the word |
### What "Family" Means
- π **We share knowledge freely** - No paywalls on protection
- π€ **We help each other** - Stuck? Ask. Know something? Teach.
- π οΈ **We build together** - Your contribution makes everyone stronger
- π‘οΈ **We protect each other** - One node's detection β Everyone's protection
**Read our [Manifesto](MANIFESTO.md)** to understand what we're building and why.
---
## π― The Mission
```
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
β We're not building a product. β
β We're building a MOVEMENT. β
β β
β A world where: β
β β’ A grandmother in rural India has the same protection as a bank in NYC β
β β’ A small business in Nigeria can't be ransomed β
β β’ A journalist in a dangerous country has unbreakable encryption β
β β’ A hospital never has to choose between ransom and saving lives β
β β
β This is possible. β
β This is what we're building. β
β This is HookProbe. β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
```
---
HookProbe v5.1 "Neural"
One Node's Detection β Everyone's Protection
The HTP-DSM-NEURO-QSECBIT-NSE Security Stack
π‘οΈ Join the family. Protect each other. Achieve more. π‘οΈ
π― Live Demo Β·
π Website Β·
β‘ Get Started Β·
π Read The Manifesto Β·
π οΈ Contribute Β·
π¬ Community
"In a world where attackers share everything, defenders must too."