| title | Argus Security Console |
|---|---|
| emoji | 🛡️ |
| colorFrom | blue |
| colorTo | indigo |
| sdk | docker |
| app_port | 7860 |
| pinned | false |
Argus is an advanced, lightweight Security Operations Center (SOC) dashboard and forensics investigation suite. Built with Python and Flask, it simulates real-world threat hunting, packet analysis, and intrusion detection workflows.
This repository is optimized to deploy immediately as a Hugging Face Docker Space or on local machines.
Live Deployment Note: When hosted in cloud containers (like Hugging Face Spaces), low-level system hooks are restricted (Linux environment has no Windows Event logs, and root privileges for Scapy sniffing are blocked). Argus solves this by automatically engaging a real-time simulation engine that streams realistic attack telemetry so recruiters and viewers can interact with the app immediately without any local setup.
If you are a recruiter reviewing this project, you can use the following sample inputs to test every tool in the console.
- Click Access Terminal on the home page.
- Log in using the demo analyst credentials:
- Username:
admin - Password:
admin@123
- Username:
Demonstrates multi-threaded socket connections and service fingerprinting.
- Select the Port Scanner module.
- Enter target hostname:
scanme.nmap.org(or127.0.0.1for local loopback). - Set scan mode to Common ports (fast) and click Start Scan.
- Result: Resolves the IP address, queries ports concurrently, maps running protocols (HTTP, SSH, etc.), and displays exposure risk badges.
Demonstrates OSI layer decoding, payload inspection, and pattern-based threat alerts.
- Select the Network Sniffer module.
- Choose your network interface (or select
Simulated Loopback Adapterif running in container mode). - Click Start Sniffing.
- Result: Packets will begin streaming in. Watch for crimson red flagged alerts that capture threat signatures like SQL injections (
UNION SELECT), Cross-Site Scripting (<script>), and path traversals (../../etc/passwd). - Click Show Threats Only to filter the stream.
Demonstrates Windows Event Log analysis, forensic timelines, and brute force detection.
- Select Auth Log module.
- Result: Audits login records, isolates brute-forcing sources, and maps log spikes.
- Note: If running in container mode, Argus automatically simulates a live brute-force attack from
185.220.101.5(12 failed login hits) and109.236.80.12to populate the timelines.
Demonstrates external database API queries, local blacklist configurations, and custom caches.
- Select the Threat Intel module.
- Query any of these IPs to verify reputation filters:
185.220.101.0(Triggers local policy: Tor Exit Node)91.108.4.0(Triggers local policy: Known botnet C2)8.8.8.8(Google DNS - returns clean status)
- Result: Generates an evaluation report detailing Abuse Confidence ratings, reports count, ISP origin, and Tor Exit Node status.
Demonstrates regex-based parsing and extraction algorithms.
- Select the IoC Extractor module.
- Copy and paste the following threat advisory block:
WARNING: Host compromise detected on system 192.168.1.100. Incident responders found active Conti and Emotet ransomware strains. The server initiated connection to C2 node 203.0.113.99. Malicious downloader signature matches file MD5 hash: 5d41402abc4b2a76b9719d911017c592 Stolen files are exfiltrated to hostnames: update-server.tk, backdoor-dns.ml - Click Extract.
- Result: Argus parses, deduplicates, and structures files, hashes, IP addresses, domains, and malware families, providing an overall threat verdict.
Demonstrates BeautifulSoup HTML parsing, text sanitization, and pipeline integration.
- Select the URL Web Scraper module.
- Enter:
https://scanme.nmap.org(or any public security news page). - Click Scan.
- Result: Argus crawls the URL, removes script/style noise, strips layout tags, and feeds the plain text to the IoC parser to map vulnerabilities.
Demonstrates password policy enforcement and complexity checks.
- Select the Credential Auditor module.
- Try the following inputs:
admin123-> Fails policy checks (WEAK score).Argus#DefSec!Ops2026-> Passes checks (STRONG score, 90+/100).
Demonstrates Dynamic Web Scraping & News Aggregation.
- Select the Threat Intel Feed module.
- Click between feed sources: The Hacker News, BleepingComputer, or CISA Alerts.
- Result: Argus crawls the target homepage (or pulls simulated live articles if connection is firewalled) and maps active security keywords and IP indicators.
| Competency | Implementation Location |
|---|---|
| Concurrent Programming & Multi-threading | Scans ports concurrently in log_scanner.py using concurrent.futures.ThreadPoolExecutor |
| Object Parsing & Regular Expressions | Dissects IoCs, IPs, domains, and TLDs in threat_extractor.py and web_scraper.py |
| Network Protocol Dissection | Dissects Ethernet/IP/TCP/UDP packet streams using Scapy in packet_capture.py |
| Session State & Security Protocols | Session tokens, database mocks, brute-force locking, password hashing in auth_manager.py |
| BeautifulSoup Web Crawling | Fetches URLs, strip stylesheets/scripts, and aggregates text in web_fetcher.py and web_scraper.py |
| Interactive Charting & Visuals | Generates dark-theme timelines, charts, and dials via Plotly in visualizer.py |
| Multi-platform Dockerization | Multi-stage build layer optimizations, non-root user setups in Dockerfile |
- Install Prerequisites:
- Download and install Npcap (Ensure WinPcap API-compatible mode is checked).
- Start your terminal as Administrator.
- Install Python Libraries:
pip install -r requirements.txt
- Configure AbuseIPDB Key (Optional):
# Windows set ABUSEIPDB_KEY=your_key_here # Linux/macOS export ABUSEIPDB_KEY="your_key_here"
- Run Server:
Open http://127.0.0.1:7860.
python app.py