bkb.arcnode.xyz
this repo has no description
1<?php
2/**
3 * pitcherplant Intelligence Dashboard
4 *
5 * Standalone PHP page — deploy behind authentication or on an internal network.
6 * Reads the JSONL intel log directly. No database required.
7 *
8 * Configuration: set $intel_file below or via wp-trap-config.php.
9 */
10
11// --- Configuration ---
12$intel_file = '/var/log/wp-honeypot-intel.jsonl';
13$site_name = 'WordPress';
14$dashboard_token = '';
15
16$local_config = __DIR__ . '/config.php';
17$trap_config = __DIR__ . '/../trap/wp-trap-config.php';
18if (file_exists($local_config)) {
19 require $local_config;
20} elseif (file_exists($trap_config)) {
21 require $trap_config;
22}
23
24// --- Auth check ---
25if ($dashboard_token !== '' && ($_GET['token'] ?? '') !== $dashboard_token) {
26 http_response_code(403);
27 echo 'Forbidden';
28 exit;
29}
30
31// --- Parse log ---
32$entries = [];
33if (file_exists($intel_file)) {
34 $lines = file($intel_file, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
35 foreach ($lines as $line) {
36 $d = json_decode($line, true);
37 if ($d) $entries[] = $d;
38 }
39}
40
41// --- Compute stats ---
42$total_attempts = 0;
43$total_recon = 0;
44$usernames = [];
45$passwords = [];
46$ips = [];
47$countries = [];
48$hours = [];
49$creds = [];
50$ip_details = [];
51$last_event_time = '';
52
53foreach ($entries as $e) {
54 if (($e['type'] ?? '') === 'recon') {
55 $total_recon++;
56 } else {
57 $total_attempts += ($e['attempt'] ?? 0) > 0 ? 1 : 0;
58 }
59
60 $ip = $e['ip'] ?? '?';
61 $country = $e['country'] ?? '??';
62 $ips[$ip] = ($ips[$ip] ?? 0) + 1;
63 if ($country && $country !== '??') {
64 $countries[$country] = ($countries[$country] ?? 0) + 1;
65 }
66
67 $hour = substr($e['timestamp'] ?? '', 0, 13);
68 if ($hour) $hours[$hour] = ($hours[$hour] ?? 0) + 1;
69
70 if (!empty($e['username'])) {
71 $usernames[$e['username']] = ($usernames[$e['username']] ?? 0) + 1;
72 }
73 if (!empty($e['password'])) {
74 $passwords[$e['password']] = ($passwords[$e['password']] ?? 0) + 1;
75 }
76 if (!empty($e['username']) && !empty($e['password'])) {
77 $creds[] = [
78 'ts' => substr($e['timestamp'] ?? '', 0, 19),
79 'ip' => $ip,
80 'cc' => $country,
81 'user' => $e['username'],
82 'pass' => $e['password'],
83 'att' => $e['attempt'] ?? 0,
84 'delay'=> $e['delay_applied'] ?? 0,
85 ];
86 }
87
88 if (!isset($ip_details[$ip])) {
89 $ip_details[$ip] = ['country' => $country, 'attempts' => 0, 'first' => $e['timestamp'] ?? '', 'last' => ''];
90 }
91 $ip_details[$ip]['attempts']++;
92 $ip_details[$ip]['last'] = $e['timestamp'] ?? '';
93 $last_event_time = $e['timestamp'] ?? $last_event_time;
94}
95
96arsort($usernames);
97arsort($passwords);
98arsort($ips);
99arsort($countries);
100ksort($hours);
101
102$unique_ips = count($ips);
103$top_user = $usernames ? array_key_first($usernames) : '-';
104$top_pass = $passwords ? array_key_first($passwords) : '-';
105
106// Threat level
107$threat_level = 'NOMINAL';
108$threat_class = 'nominal';
109if ($total_attempts > 100) { $threat_level = 'ELEVATED'; $threat_class = 'elevated'; }
110if ($total_attempts > 500) { $threat_level = 'HIGH'; $threat_class = 'high'; }
111if ($total_attempts > 2000) { $threat_level = 'CRITICAL'; $threat_class = 'critical'; }
112
113// Time since last event
114$last_ago = '-';
115if ($last_event_time) {
116 $diff = time() - strtotime($last_event_time);
117 if ($diff < 60) $last_ago = $diff . 's ago';
118 elseif ($diff < 3600) $last_ago = floor($diff/60) . 'm ago';
119 elseif ($diff < 86400) $last_ago = floor($diff/3600) . 'h ago';
120 else $last_ago = floor($diff/86400) . 'd ago';
121}
122
123// Last 12 hours for compact timeline
124$recent_hours = array_slice($hours, -12, 12, true);
125
126// Active tab
127$tab = $_GET['tab'] ?? 'overview';
128?>
129<!DOCTYPE html>
130<html lang="en">
131<head>
132<meta charset="UTF-8">
133<meta name="viewport" content="width=device-width, initial-scale=1">
134<meta name="robots" content="noindex, nofollow">
135<title>THREAT INTEL // <?php echo htmlspecialchars($site_name); ?></title>
136<style>
137@import url('https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@300;400;500;600;700&family=Inter:wght@300;400;500;600;700&display=swap');
138
139:root {
140 --bg: #05080f;
141 --card: #0d1320;
142 --card-hover: #111828;
143 --border: #1a2540;
144 --border-glow: #1e3a5f;
145 --text: #c8d6e5;
146 --dim: #4a5568;
147 --bright: #e2e8f0;
148 --cyan: #00e5ff;
149 --cyan-dim: #0097a7;
150 --red: #ff1744;
151 --red-dim: #b71c1c;
152 --green: #00e676;
153 --green-dim: #1b5e20;
154 --amber: #ffab00;
155 --amber-dim: #ff6f00;
156 --blue: #2979ff;
157 --purple: #d500f9;
158 --mono: 'JetBrains Mono', 'SF Mono', SFMono-Regular, ui-monospace, 'DejaVu Sans Mono', Menlo, Consolas, monospace;
159 --sans: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
160}
161
162* { margin: 0; padding: 0; box-sizing: border-box; }
163
164body {
165 font-family: var(--sans);
166 background: var(--bg);
167 color: var(--text);
168 font-size: 13px;
169 line-height: 1.5;
170 min-height: 100vh;
171}
172
173body::before {
174 content: '';
175 position: fixed;
176 top: 0; left: 0; right: 0; bottom: 0;
177 background: repeating-linear-gradient(0deg, transparent, transparent 2px, rgba(0,229,255,0.008) 2px, rgba(0,229,255,0.008) 4px);
178 pointer-events: none;
179 z-index: 9999;
180}
181
182body::after {
183 content: '';
184 position: fixed;
185 top: 0; left: 0; right: 0; bottom: 0;
186 background-image: linear-gradient(rgba(0,229,255,0.03) 1px, transparent 1px), linear-gradient(90deg, rgba(0,229,255,0.03) 1px, transparent 1px);
187 background-size: 40px 40px;
188 pointer-events: none;
189 z-index: -1;
190}
191
192.wrap { max-width: 1400px; margin: 0 auto; padding: 16px 20px; }
193
194/* HEADER */
195.header {
196 display: flex; align-items: center; justify-content: space-between;
197 padding: 12px 20px;
198 background: linear-gradient(135deg, var(--card) 0%, rgba(0,229,255,0.05) 100%);
199 border: 1px solid var(--border); border-left: 3px solid var(--cyan); border-radius: 4px;
200 margin-bottom: 16px;
201}
202.header-left { display: flex; align-items: center; gap: 16px; }
203.header-icon {
204 width: 36px; height: 36px; border: 2px solid var(--cyan); border-radius: 50%;
205 display: flex; align-items: center; justify-content: center;
206 animation: pulse-ring 3s ease-in-out infinite;
207}
208.header-icon::before {
209 content: ''; width: 10px; height: 10px; background: var(--cyan); border-radius: 50%;
210 box-shadow: 0 0 12px var(--cyan), 0 0 24px rgba(0,229,255,0.3);
211}
212@keyframes pulse-ring {
213 0%,100% { border-color: var(--cyan); box-shadow: 0 0 8px rgba(0,229,255,0.2); }
214 50% { border-color: var(--cyan-dim); box-shadow: 0 0 4px rgba(0,229,255,0.1); }
215}
216.header-title { font-family: var(--mono); font-size: 16px; font-weight: 700; color: var(--cyan); letter-spacing: 2px; text-transform: uppercase; text-shadow: 0 0 20px rgba(0,229,255,0.3); }
217.header-subtitle { font-family: var(--mono); font-size: 11px; color: var(--dim); letter-spacing: 1px; }
218.header-right { display: flex; align-items: center; gap: 20px; font-family: var(--mono); font-size: 11px; }
219.header-meta { text-align: right; color: var(--dim); }
220.header-meta .val { color: var(--text); }
221
222.threat-badge { padding: 4px 14px; border-radius: 3px; font-family: var(--mono); font-size: 11px; font-weight: 700; letter-spacing: 2px; text-transform: uppercase; animation: threat-pulse 2s ease-in-out infinite; }
223.threat-badge.nominal { background: rgba(0,230,118,0.1); border: 1px solid var(--green-dim); color: var(--green); }
224.threat-badge.elevated { background: rgba(255,171,0,0.1); border: 1px solid var(--amber-dim); color: var(--amber); }
225.threat-badge.high { background: rgba(255,23,68,0.1); border: 1px solid var(--red-dim); color: var(--red); }
226.threat-badge.critical { background: rgba(255,23,68,0.15); border: 1px solid var(--red); color: var(--red); animation: threat-critical 1s ease-in-out infinite; }
227@keyframes threat-pulse { 0%,100% { opacity:1; } 50% { opacity:0.7; } }
228@keyframes threat-critical { 0%,100% { opacity:1; box-shadow: 0 0 12px rgba(255,23,68,0.3); } 50% { opacity:0.8; box-shadow: 0 0 20px rgba(255,23,68,0.5); } }
229
230/* STAT CARDS */
231.stats { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 12px; margin-bottom: 16px; }
232.stat { background: var(--card); border: 1px solid var(--border); border-radius: 4px; padding: 16px 20px; position: relative; overflow: hidden; transition: all 0.2s; }
233.stat:hover { background: var(--card-hover); border-color: var(--border-glow); }
234.stat::before { content: ''; position: absolute; top: 0; left: 0; right: 0; height: 2px; }
235.stat.red::before { background: linear-gradient(90deg, var(--red), transparent); }
236.stat.amber::before { background: linear-gradient(90deg, var(--amber), transparent); }
237.stat.cyan::before { background: linear-gradient(90deg, var(--cyan), transparent); }
238.stat.green::before { background: linear-gradient(90deg, var(--green), transparent); }
239.stat.purple::before { background: linear-gradient(90deg, var(--purple), transparent); }
240.stat .label { font-family: var(--mono); font-size: 10px; font-weight: 600; text-transform: uppercase; letter-spacing: 1.5px; color: var(--dim); margin-bottom: 6px; }
241.stat .value { font-family: var(--mono); font-size: 32px; font-weight: 700; line-height: 1; }
242.stat.red .value { color: var(--red); text-shadow: 0 0 20px rgba(255,23,68,0.3); }
243.stat.amber .value { color: var(--amber); text-shadow: 0 0 20px rgba(255,171,0,0.3); }
244.stat.cyan .value { color: var(--cyan); text-shadow: 0 0 20px rgba(0,229,255,0.3); }
245.stat.green .value { color: var(--green); text-shadow: 0 0 20px rgba(0,230,118,0.3); }
246.stat.purple .value { color: var(--purple); text-shadow: 0 0 20px rgba(213,0,249,0.3); }
247.stat .meta { font-family: var(--mono); font-size: 10px; color: var(--dim); margin-top: 4px; }
248
249/* NAV */
250nav { display: flex; gap: 2px; margin-bottom: 16px; background: var(--card); border: 1px solid var(--border); border-radius: 4px; padding: 4px; }
251nav a { color: var(--dim); text-decoration: none; padding: 8px 20px; border-radius: 3px; font-family: var(--mono); font-size: 11px; font-weight: 500; letter-spacing: 0.5px; text-transform: uppercase; transition: all 0.15s; }
252nav a:hover { color: var(--text); background: rgba(0,229,255,0.05); }
253nav a.active { color: var(--cyan); background: rgba(0,229,255,0.1); border: 1px solid rgba(0,229,255,0.2); text-shadow: 0 0 10px rgba(0,229,255,0.3); }
254
255/* PANELS */
256.panel { background: var(--card); border: 1px solid var(--border); border-radius: 4px; overflow: hidden; }
257.panel-header { display: flex; align-items: center; justify-content: space-between; padding: 10px 16px; border-bottom: 1px solid var(--border); background: rgba(0,229,255,0.02); }
258.panel-title { font-family: var(--mono); font-size: 10px; font-weight: 600; text-transform: uppercase; letter-spacing: 1.5px; color: var(--cyan); display: flex; align-items: center; gap: 8px; }
259.panel-title::before { content: ''; width: 5px; height: 5px; background: var(--cyan); border-radius: 50%; box-shadow: 0 0 6px var(--cyan); }
260.panel-count { font-family: var(--mono); font-size: 10px; color: var(--dim); }
261.panel-body { padding: 0; }
262.panel-divider { border-top: 1px solid var(--border); margin: 0; }
263
264/* TABLES */
265table { width: 100%; border-collapse: collapse; font-size: 12px; }
266th { text-align: left; padding: 8px 12px; background: rgba(0,0,0,0.3); color: var(--dim); font-family: var(--mono); font-weight: 600; font-size: 10px; text-transform: uppercase; letter-spacing: 1px; border-bottom: 1px solid var(--border); }
267td { padding: 6px 12px; border-bottom: 1px solid rgba(26,37,64,0.5); font-family: var(--mono); font-size: 11px; }
268tr:last-child td { border-bottom: none; }
269tr:hover td { background: rgba(0,229,255,0.02); }
270
271/* Compact table for grid panels */
272.compact th { padding: 6px 10px; font-size: 9px; }
273.compact td { padding: 4px 10px; font-size: 10px; }
274
275/* Bars */
276.bar-container { display: flex; align-items: center; gap: 8px; }
277.bar { height: 4px; border-radius: 2px; min-width: 2px; }
278.bar.bar-red { background: linear-gradient(90deg, var(--red), var(--red-dim)); box-shadow: 0 0 8px rgba(255,23,68,0.2); }
279.bar.bar-amber { background: linear-gradient(90deg, var(--amber), var(--amber-dim)); box-shadow: 0 0 8px rgba(255,171,0,0.2); }
280.bar.bar-cyan { background: linear-gradient(90deg, var(--cyan), var(--cyan-dim)); box-shadow: 0 0 8px rgba(0,229,255,0.2); }
281.bar.bar-green { background: linear-gradient(90deg, var(--green), var(--green-dim)); box-shadow: 0 0 8px rgba(0,230,118,0.2); }
282
283/* Badges */
284.badge { display: inline-block; padding: 2px 6px; border-radius: 3px; font-family: var(--mono); font-size: 10px; font-weight: 600; letter-spacing: 0.5px; }
285.badge-cc { background: rgba(41,121,255,0.1); border: 1px solid rgba(41,121,255,0.2); color: var(--blue); }
286.badge-ip { background: rgba(0,229,255,0.05); color: var(--cyan); }
287.cred-pass { color: var(--red); }
288.cred-user { color: var(--amber); }
289.att-badge { font-family: var(--mono); font-size: 10px; padding: 1px 6px; border-radius: 2px; background: rgba(213,0,249,0.1); color: var(--purple); }
290.delay-badge { font-family: var(--mono); font-size: 10px; padding: 1px 6px; border-radius: 2px; }
291.delay-low { background: rgba(0,230,118,0.1); color: var(--green); }
292.delay-med { background: rgba(255,171,0,0.1); color: var(--amber); }
293.delay-high { background: rgba(255,23,68,0.1); color: var(--red); }
294
295.scroll { max-height: 400px; overflow-y: auto; }
296.scroll::-webkit-scrollbar { width: 6px; }
297.scroll::-webkit-scrollbar-track { background: var(--bg); }
298.scroll::-webkit-scrollbar-thumb { background: var(--border); border-radius: 3px; }
299.scroll::-webkit-scrollbar-thumb:hover { background: var(--border-glow); }
300
301.empty { color: var(--dim); text-align: center; padding: 40px 20px; font-family: var(--mono); font-size: 11px; letter-spacing: 1px; }
302.empty::before { content: '[ ]'; display: block; font-size: 20px; margin-bottom: 8px; color: var(--border); }
303
304/* GRID LAYOUTS */
305.grid-2 { display: grid; grid-template-columns: 1fr 1fr; gap: 12px; margin-bottom: 12px; }
306.grid-full { margin-bottom: 12px; }
307
308/* FEED */
309.feed-row { display: flex; align-items: center; gap: 10px; padding: 6px 12px; border-bottom: 1px solid rgba(26,37,64,0.5); font-family: var(--mono); font-size: 10px; transition: background 0.1s; }
310.feed-row:hover { background: rgba(0,229,255,0.02); }
311.feed-row:last-child { border-bottom: none; }
312.feed-dot { width: 5px; height: 5px; border-radius: 50%; background: var(--red); box-shadow: 0 0 6px var(--red); flex-shrink: 0; }
313.feed-time { color: var(--dim); min-width: 55px; }
314.feed-ip { color: var(--cyan); min-width: 110px; }
315.feed-user { color: var(--amber); }
316.feed-arrow { color: var(--dim); margin: 0 2px; }
317.feed-pass { color: var(--red); }
318
319/* FOOTER */
320.footer { display: flex; align-items: center; justify-content: space-between; padding: 12px 20px; margin-top: 8px; border-top: 1px solid var(--border); font-family: var(--mono); font-size: 10px; color: var(--dim); letter-spacing: 0.5px; }
321.footer-status { display: flex; align-items: center; gap: 6px; }
322.status-dot { width: 6px; height: 6px; border-radius: 50%; background: var(--green); box-shadow: 0 0 6px var(--green); animation: status-blink 3s ease-in-out infinite; }
323@keyframes status-blink { 0%,90%,100% { opacity:1; } 95% { opacity:0.3; } }
324
325/* Responsive */
326@media (max-width: 900px) {
327 .grid-2 { grid-template-columns: 1fr; }
328 .header { flex-direction: column; gap: 12px; align-items: flex-start; }
329 .header-right { width: 100%; justify-content: space-between; }
330}
331@media (max-width: 640px) {
332 .wrap { padding: 8px; }
333 .stats { grid-template-columns: 1fr 1fr; }
334}
335</style>
336</head>
337<body>
338<div class="wrap">
339
340<!-- HEADER -->
341<div class="header">
342 <div class="header-left">
343 <div class="header-icon"></div>
344 <div>
345 <div class="header-title">Threat Intelligence</div>
346 <div class="header-subtitle"><?php echo htmlspecialchars($site_name); ?> // HONEYPOT COMMAND</div>
347 </div>
348 </div>
349 <div class="header-right">
350 <div class="header-meta">
351 <div>ENTRIES <span class="val"><?php echo number_format(count($entries)); ?></span></div>
352 <div>LAST EVENT <span class="val"><?php echo $last_ago; ?></span></div>
353 </div>
354 <div class="threat-badge <?php echo $threat_class; ?>"><?php echo $threat_level; ?></div>
355 </div>
356</div>
357
358<!-- STATS -->
359<div class="stats">
360 <div class="stat red">
361 <div class="label">Login Attempts</div>
362 <div class="value"><?php echo number_format($total_attempts); ?></div>
363 <div class="meta"><?php echo $top_user !== '-' ? 'Top: ' . htmlspecialchars(substr($top_user, 0, 16)) : 'No data'; ?></div>
364 </div>
365 <div class="stat amber">
366 <div class="label">Recon Probes</div>
367 <div class="value"><?php echo number_format($total_recon); ?></div>
368 <div class="meta">Scan / enumeration</div>
369 </div>
370 <div class="stat cyan">
371 <div class="label">Unique Sources</div>
372 <div class="value"><?php echo number_format($unique_ips); ?></div>
373 <div class="meta">Distinct IP addresses</div>
374 </div>
375 <div class="stat green">
376 <div class="label">Countries</div>
377 <div class="value"><?php echo number_format(count($countries)); ?></div>
378 <div class="meta">Geographic origins</div>
379 </div>
380 <div class="stat purple">
381 <div class="label">Credentials</div>
382 <div class="value"><?php echo number_format(count($creds)); ?></div>
383 <div class="meta">Unique pairs captured</div>
384 </div>
385</div>
386
387<!-- NAV: 3 tabs -->
388<?php
389$token_param = $dashboard_token !== '' ? '&token=' . urlencode($_GET['token'] ?? '') : '';
390$tabs = ['overview' => 'Overview', 'intercepts' => 'Intercepts', 'intel' => 'Intel'];
391?>
392<nav>
393<?php foreach ($tabs as $k => $v): ?>
394<a href="?tab=<?php echo $k . $token_param; ?>" class="<?php echo $tab === $k ? 'active' : ''; ?>"><?php echo $v; ?></a>
395<?php endforeach; ?>
396</nav>
397
398<!-- ==================== OVERVIEW ==================== -->
399<?php if ($tab === 'overview'): ?>
400
401<!-- Row 1: Usernames + Passwords -->
402<div class="grid-2">
403<div class="panel">
404 <div class="panel-header">
405 <div class="panel-title">Target Usernames</div>
406 <div class="panel-count"><?php echo count($usernames); ?> unique</div>
407 </div>
408 <div class="panel-body">
409<?php if ($usernames): ?>
410<table class="compact"><tr><th>Username</th><th>Hits</th><th></th></tr>
411<?php $max = max($usernames); foreach (array_slice($usernames, 0, 10, true) as $u => $c): ?>
412<tr><td class="cred-user"><?php echo htmlspecialchars($u); ?></td><td><?php echo $c; ?></td><td><div class="bar-container"><div class="bar bar-amber" style="width:<?php echo round($c/$max*120); ?>px"></div></div></td></tr>
413<?php endforeach; ?>
414</table>
415<?php else: ?><div class="empty">Awaiting data</div><?php endif; ?>
416 </div>
417</div>
418
419<div class="panel">
420 <div class="panel-header">
421 <div class="panel-title">Captured Passwords</div>
422 <div class="panel-count"><?php echo count($passwords); ?> unique</div>
423 </div>
424 <div class="panel-body">
425<?php if ($passwords): ?>
426<table class="compact"><tr><th>Password</th><th>Hits</th><th></th></tr>
427<?php $max = max($passwords); foreach (array_slice($passwords, 0, 10, true) as $p => $c): ?>
428<tr><td class="cred-pass"><?php echo htmlspecialchars($p); ?></td><td><?php echo $c; ?></td><td><div class="bar-container"><div class="bar bar-red" style="width:<?php echo round($c/$max*120); ?>px"></div></div></td></tr>
429<?php endforeach; ?>
430</table>
431<?php else: ?><div class="empty">Awaiting data</div><?php endif; ?>
432 </div>
433</div>
434</div>
435
436<!-- Row 2: Top IPs + Countries/Timeline combo -->
437<div class="grid-2">
438<div class="panel">
439 <div class="panel-header">
440 <div class="panel-title">Top Sources</div>
441 <div class="panel-count"><?php echo $unique_ips; ?> IPs</div>
442 </div>
443 <div class="panel-body">
444<?php if ($ips): ?>
445<table class="compact"><tr><th>IP</th><th>CC</th><th>Hits</th><th></th></tr>
446<?php $max = max($ips); foreach (array_slice($ips, 0, 10, true) as $ip => $c):
447$d = $ip_details[$ip] ?? []; ?>
448<tr>
449 <td class="badge-ip"><?php echo htmlspecialchars($ip); ?></td>
450 <td><span class="badge badge-cc"><?php echo htmlspecialchars($d['country'] ?? '??'); ?></span></td>
451 <td><?php echo $c; ?></td>
452 <td><div class="bar-container"><div class="bar bar-cyan" style="width:<?php echo round($c/$max*100); ?>px"></div></div></td>
453</tr>
454<?php endforeach; ?>
455</table>
456<?php else: ?><div class="empty">Awaiting data</div><?php endif; ?>
457 </div>
458</div>
459
460<div class="panel">
461 <div class="panel-header">
462 <div class="panel-title">GeoINT</div>
463 <div class="panel-count"><?php echo count($countries); ?> countries</div>
464 </div>
465 <div class="panel-body">
466<?php if ($countries): ?>
467<table class="compact"><tr><th>Country</th><th>Events</th><th></th></tr>
468<?php $max = max($countries); foreach (array_slice($countries, 0, 6, true) as $cc => $c): ?>
469<tr><td><span class="badge badge-cc"><?php echo htmlspecialchars($cc); ?></span></td><td><?php echo $c; ?></td><td><div class="bar-container"><div class="bar bar-green" style="width:<?php echo round($c/$max*100); ?>px"></div></div></td></tr>
470<?php endforeach; ?>
471</table>
472<?php else: ?><div class="empty">No geo data</div><?php endif; ?>
473
474<div class="panel-divider"></div>
475
476<div class="panel-header" style="border-bottom:1px solid var(--border);">
477 <div class="panel-title">Timeline</div>
478 <div class="panel-count">Last <?php echo count($recent_hours); ?>h</div>
479</div>
480<?php if ($recent_hours): ?>
481<table class="compact"><tr><th>Hour</th><th>Events</th><th></th></tr>
482<?php $max = max($recent_hours); foreach ($recent_hours as $h => $c): ?>
483<tr><td><?php echo htmlspecialchars(substr($h, 5)); ?></td><td><?php echo $c; ?></td><td><div class="bar-container"><div class="bar bar-cyan" style="width:<?php echo round($c/$max*100); ?>px"></div></div></td></tr>
484<?php endforeach; ?>
485</table>
486<?php else: ?><div class="empty">No data</div><?php endif; ?>
487 </div>
488</div>
489</div>
490
491<!-- Recent Activity Feed -->
492<div class="grid-full">
493<div class="panel">
494 <div class="panel-header">
495 <div class="panel-title">Recent Activity</div>
496 <div class="panel-count">Last <?php echo min(15, count($creds)); ?> captures</div>
497 </div>
498 <div class="panel-body">
499<?php if ($creds):
500$recent = array_slice(array_reverse($creds), 0, 15);
501foreach ($recent as $c): ?>
502<div class="feed-row">
503 <div class="feed-dot"></div>
504 <div class="feed-time"><?php echo htmlspecialchars(substr($c['ts'], 11, 8)); ?></div>
505 <div class="feed-ip"><?php echo htmlspecialchars($c['ip']); ?></div>
506 <span class="badge badge-cc"><?php echo htmlspecialchars($c['cc']); ?></span>
507 <div class="feed-user"><?php echo htmlspecialchars($c['user']); ?></div>
508 <div class="feed-arrow">→</div>
509 <div class="feed-pass"><?php echo htmlspecialchars($c['pass']); ?></div>
510 <div style="margin-left:auto;">
511 <span class="att-badge">#<?php echo $c['att']; ?></span>
512 <span class="delay-badge <?php echo $c['delay'] >= 20 ? 'delay-high' : ($c['delay'] >= 10 ? 'delay-med' : 'delay-low'); ?>">+<?php echo $c['delay']; ?>s</span>
513 </div>
514</div>
515<?php endforeach;
516else: ?><div class="empty">Awaiting threat data</div><?php endif; ?>
517 </div>
518</div>
519</div>
520
521<!-- ==================== INTERCEPTS ==================== -->
522<?php elseif ($tab === 'intercepts'): ?>
523
524<div class="grid-full">
525<div class="panel">
526 <div class="panel-header">
527 <div class="panel-title">Credential Intercepts</div>
528 <div class="panel-count"><?php echo count($creds); ?> pairs captured</div>
529 </div>
530 <div class="panel-body">
531 <div class="scroll" style="max-height:700px;">
532<?php if ($creds): ?>
533<table><tr><th>Timestamp</th><th>Source IP</th><th>Origin</th><th>Username</th><th>Password</th><th>Attempt</th><th>Tarpit</th></tr>
534<?php foreach (array_reverse($creds) as $c): ?>
535<tr>
536 <td><?php echo htmlspecialchars($c['ts']); ?></td>
537 <td class="badge-ip"><?php echo htmlspecialchars($c['ip']); ?></td>
538 <td><span class="badge badge-cc"><?php echo htmlspecialchars($c['cc']); ?></span></td>
539 <td class="cred-user"><?php echo htmlspecialchars($c['user']); ?></td>
540 <td class="cred-pass"><?php echo htmlspecialchars($c['pass']); ?></td>
541 <td><span class="att-badge">#<?php echo $c['att']; ?></span></td>
542 <td><span class="delay-badge <?php echo $c['delay'] >= 20 ? 'delay-high' : ($c['delay'] >= 10 ? 'delay-med' : 'delay-low'); ?>">+<?php echo $c['delay']; ?>s</span></td>
543</tr>
544<?php endforeach; ?>
545</table>
546<?php else: ?><div class="empty">No credentials intercepted</div><?php endif; ?>
547 </div>
548 </div>
549</div>
550</div>
551
552<!-- ==================== INTEL ==================== -->
553<?php elseif ($tab === 'intel'): ?>
554
555<!-- Passwords + Usernames side by side -->
556<div class="grid-2">
557<div class="panel">
558 <div class="panel-header">
559 <div class="panel-title">Password Intelligence</div>
560 <div class="panel-count"><?php echo count($passwords); ?> unique</div>
561 </div>
562 <div class="panel-body">
563 <div class="scroll">
564<?php if ($passwords): ?>
565<table class="compact"><tr><th>Password</th><th>Freq</th><th></th></tr>
566<?php $max = max($passwords); foreach ($passwords as $p => $c): ?>
567<tr><td class="cred-pass"><?php echo htmlspecialchars($p); ?></td><td><?php echo $c; ?></td><td><div class="bar-container"><div class="bar bar-red" style="width:<?php echo round($c/$max*140); ?>px"></div></div></td></tr>
568<?php endforeach; ?>
569</table>
570<?php else: ?><div class="empty">No passwords</div><?php endif; ?>
571 </div>
572 </div>
573</div>
574
575<div class="panel">
576 <div class="panel-header">
577 <div class="panel-title">Username Enumeration</div>
578 <div class="panel-count"><?php echo count($usernames); ?> unique</div>
579 </div>
580 <div class="panel-body">
581 <div class="scroll">
582<?php if ($usernames): ?>
583<table class="compact"><tr><th>Username</th><th>Freq</th><th></th></tr>
584<?php $max = max($usernames); foreach ($usernames as $u => $c): ?>
585<tr><td class="cred-user"><?php echo htmlspecialchars($u); ?></td><td><?php echo $c; ?></td><td><div class="bar-container"><div class="bar bar-amber" style="width:<?php echo round($c/$max*140); ?>px"></div></div></td></tr>
586<?php endforeach; ?>
587</table>
588<?php else: ?><div class="empty">No usernames</div><?php endif; ?>
589 </div>
590 </div>
591</div>
592</div>
593
594<!-- Full IP table -->
595<div class="grid-full">
596<div class="panel">
597 <div class="panel-header">
598 <div class="panel-title">All Threat Sources</div>
599 <div class="panel-count"><?php echo $unique_ips; ?> IPs</div>
600 </div>
601 <div class="panel-body">
602 <div class="scroll">
603<?php if ($ips): ?>
604<table><tr><th>Source IP</th><th>Origin</th><th>Hits</th><th>First Contact</th><th>Last Contact</th><th>Activity</th></tr>
605<?php $max = max($ips); foreach ($ips as $ip => $c):
606$d = $ip_details[$ip] ?? []; ?>
607<tr>
608 <td class="badge-ip"><?php echo htmlspecialchars($ip); ?></td>
609 <td><span class="badge badge-cc"><?php echo htmlspecialchars($d['country'] ?? '??'); ?></span></td>
610 <td><?php echo $c; ?></td>
611 <td><?php echo htmlspecialchars(substr($d['first'] ?? '', 0, 16)); ?></td>
612 <td><?php echo htmlspecialchars(substr($d['last'] ?? '', 0, 16)); ?></td>
613 <td><div class="bar-container"><div class="bar bar-cyan" style="width:<?php echo round($c/$max*150); ?>px"></div></div></td>
614</tr>
615<?php endforeach; ?>
616</table>
617<?php else: ?><div class="empty">No sources</div><?php endif; ?>
618 </div>
619 </div>
620</div>
621</div>
622
623<!-- Countries + Timeline side by side -->
624<div class="grid-2">
625<div class="panel">
626 <div class="panel-header">
627 <div class="panel-title">Geographic Intelligence</div>
628 <div class="panel-count"><?php echo count($countries); ?> countries</div>
629 </div>
630 <div class="panel-body">
631 <div class="scroll">
632<?php if ($countries): ?>
633<table class="compact"><tr><th>Country</th><th>Events</th><th></th></tr>
634<?php $max = max($countries); foreach ($countries as $cc => $c): ?>
635<tr><td><span class="badge badge-cc"><?php echo htmlspecialchars($cc); ?></span></td><td><?php echo $c; ?></td><td><div class="bar-container"><div class="bar bar-green" style="width:<?php echo round($c/$max*140); ?>px"></div></div></td></tr>
636<?php endforeach; ?>
637</table>
638<?php else: ?><div class="empty">No geo data</div><?php endif; ?>
639 </div>
640 </div>
641</div>
642
643<div class="panel">
644 <div class="panel-header">
645 <div class="panel-title">Attack Timeline</div>
646 <div class="panel-count">Hourly distribution</div>
647 </div>
648 <div class="panel-body">
649 <div class="scroll">
650<?php if ($hours): ?>
651<table class="compact"><tr><th>Hour</th><th>Events</th><th></th></tr>
652<?php $max = max($hours); foreach ($hours as $h => $c): ?>
653<tr><td><?php echo htmlspecialchars($h); ?></td><td><?php echo $c; ?></td><td><div class="bar-container"><div class="bar bar-cyan" style="width:<?php echo round($c/$max*140); ?>px"></div></div></td></tr>
654<?php endforeach; ?>
655</table>
656<?php else: ?><div class="empty">No data</div><?php endif; ?>
657 </div>
658 </div>
659</div>
660</div>
661
662<?php endif; ?>
663
664<!-- FOOTER -->
665<div class="footer">
666 <div class="footer-status">
667 <div class="status-dot"></div>
668 TRAP ACTIVE // MONITORING
669 </div>
670 <div>pitcherplant // <?php echo date('Y-m-d H:i:s T'); ?></div>
671</div>
672
673</div>
674</body>
675</html>