Spaces:
Paused
Paused
| import { neo4jService } from './Neo4jService'; | |
| import { hyperLog } from './HyperLog'; | |
| import * as fs from 'fs'; | |
| import * as path from 'path'; | |
| import { DROPZONE_PATH } from '../config.js'; | |
| // Typer for Threat Intel | |
| interface ThreatIntel { | |
| ip: string; | |
| riskScore: number; | |
| country: string; | |
| isp: string; | |
| knownVulnerabilities: string[]; | |
| } | |
| export class OmniHarvester { | |
| private static instance: OmniHarvester; | |
| private dropZonePath: string; | |
| private constructor() { | |
| // Vi gemmer høstet data fysisk for sporbarhed | |
| this.dropZonePath = path.join(DROPZONE_PATH, 'harvested'); | |
| if (!fs.existsSync(this.dropZonePath)) { | |
| fs.mkdirSync(this.dropZonePath, { recursive: true }); | |
| } | |
| console.log('🕷️ [OmniHarvester] Hunter-Killer system initialized.'); | |
| } | |
| public static getInstance(): OmniHarvester { | |
| if (!OmniHarvester.instance) { | |
| OmniHarvester.instance = new OmniHarvester(); | |
| } | |
| return OmniHarvester.instance; | |
| } | |
| /** | |
| * 🛡️ ACTIVE DEFENSE: Undersøger en fjendtlig IP | |
| * Kaldes automatisk når NeuralStream detekterer et angreb. | |
| */ | |
| public async investigateThreat(ip: string, payload: string): Promise<ThreatIntel> { | |
| console.log(`🛡️ [OmniHarvester] ALERT: Hunting threat actor at ${ip}...`); | |
| // 1. External Recon (Simuleret API kald til AbuseIPDB/GeoIP) | |
| const intel = await this.mockThreatLookup(ip); | |
| // 2. Payload Analysis (Hvad prøver de på?) | |
| const attackType = this.analyzePayload(payload); | |
| // 3. Graph Synthesis (Gem fjenden i Neo4j) | |
| await this.persistThreatToGraph(intel, attackType, payload); | |
| // 4. Memory Injection (Husk dette til fremtiden) | |
| await hyperLog.logEvent( | |
| 'THREAT_NEUTRALIZED', | |
| { | |
| ip, | |
| attackType, | |
| riskScore: intel.riskScore, | |
| severity: 'HIGH' | |
| } | |
| ); | |
| return intel; | |
| } | |
| /** | |
| * 🧠 KNOWLEDGE EXPANSION: Henter viden fra nettet | |
| * Kaldes når brugerens spørgsmål ikke kan besvares af den interne graf. | |
| */ | |
| public async harvestKnowledge(topic: string): Promise<string> { | |
| console.log(`🧠 [OmniHarvester] Scouting external web for: "${topic}"...`); | |
| try { | |
| // 1. "DuckDuckGo" Simulation (I prod ville vi bruge en rigtig search API) | |
| // For nu scraper vi en dummy URL eller bruger en specifik kilde hvis angivet | |
| const content = await this.performWebScrape(topic); | |
| // 2. Gem som fil i DropZone (Så GraphIngestor kan tage den senere hvis nødvendigt) | |
| const filename = `harvest_${topic.replace(/[^a-z0-9]/gi, '_').toLowerCase()}_${Date.now()}.md`; | |
| const filePath = path.join(this.dropZonePath, filename); | |
| const fileContent = `# Harvested Intelligence: ${topic}\n\nDate: ${new Date().toISOString()}\nSource: Web Scrape\n\n## Content\n${content}`; | |
| fs.writeFileSync(filePath, fileContent); | |
| // 3. Direkte Graph Injection (Så vi ikke skal vente på fil-scanning) | |
| await neo4jService.write( | |
| ` | |
| MERGE (t:Topic {name: $topic}) | |
| CREATE (d:Document { | |
| title: 'Harvested: ' + $topic, | |
| path: $path, | |
| content: $content, | |
| type: 'EXTERNAL_KNOWLEDGE', | |
| ingestedAt: datetime() | |
| }) | |
| MERGE (d)-[:ABOUT]->(t) | |
| `, | |
| { topic, path: filePath, content } | |
| ); | |
| return content; | |
| } catch (error) { | |
| console.error('❌ [OmniHarvester] Failed to harvest knowledge:', error); | |
| throw error; | |
| } | |
| } | |
| // --- Private Helpers & Intelligence Logic --- | |
| private analyzePayload(payload: string): string { | |
| const p = payload.toLowerCase(); | |
| if (p.includes('union select') || p.includes('1=1')) return 'SQL Injection'; | |
| if (p.includes('<script>') || p.includes('alert(')) return 'XSS (Cross-Site Scripting)'; | |
| if (p.includes('../') || p.includes('/etc/passwd')) return 'Path Traversal'; | |
| return 'Unknown Anomaly'; | |
| } | |
| private async persistThreatToGraph(intel: ThreatIntel, attackType: string, payload: string) { | |
| const cypher = ` | |
| MERGE (a:ThreatActor {ip: $ip}) | |
| SET a.country = $country, | |
| a.riskScore = $riskScore, | |
| a.isp = $isp, | |
| a.lastSeen = datetime() | |
| CREATE (e:SecurityEvent { | |
| type: 'CYBER_ATTACK', | |
| attackMethod: $attackType, | |
| payload: $payload, | |
| timestamp: datetime() | |
| }) | |
| MERGE (a)-[:PERPETRATED]->(e) | |
| `; | |
| await neo4jService.write(cypher, { | |
| ip: intel.ip, | |
| country: intel.country, | |
| riskScore: intel.riskScore, | |
| isp: intel.isp, | |
| attackType, | |
| payload, | |
| }); | |
| } | |
| private async mockThreatLookup(ip: string): Promise<ThreatIntel> { | |
| // Simuleret API latency | |
| await new Promise(r => setTimeout(r, 800)); | |
| // Deterministisk "random" data baseret på IP | |
| const isHighRisk = ip.endsWith('.1') || ip.endsWith('.99'); | |
| return { | |
| ip, | |
| riskScore: isHighRisk ? 95 : 45, | |
| country: isHighRisk ? 'Unknown (Proxy)' : 'Denmark', | |
| isp: isHighRisk ? 'Malicious Networks Ltd' : 'TDC Erhverv', | |
| knownVulnerabilities: isHighRisk ? ['CVE-2023-SQLi'] : [], | |
| }; | |
| } | |
| private async performWebScrape(query: string): Promise<string> { | |
| // Her ville vi normalt bruge axios.get() mod Google/Bing | |
| // For prototypen returnerer vi genereret viden | |
| await new Promise(r => setTimeout(r, 1500)); | |
| return `Dette er automatisk høstet viden om "${query}". | |
| Ifølge eksterne kilder er ${query} et kritisk emne inden for moderne systemarkitektur. | |
| Data indikerer en stigende interesse for ${query} i enterprise miljøer. | |
| [Autogenereret af OmniHarvester v1.0]`; | |
| } | |
| } | |
| export const omniHarvester = OmniHarvester.getInstance(); | |