Skip to content

J4FSec/In0ri

Repository files navigation

GitHub

In0ri is an automated, AI-powered website defacement detection system.

Introduction

In0ri acts as an intelligent watchdog for your web applications. Instead of relying on traditional source code monitoring, it simulates real-user behavior by periodically taking screenshots of your target websites. These images are then analyzed by a trained model which is trained to identify visual anomalies and defacement patterns. Upon detecting a compromised page, In0ri immediately alerts administrators via Email or Telegram, enabling rapid incident response.

Requirement

  • Python3 (version >=3.6)
  • Docker
  • Docker-compose

Installation

Cloning the repository

git clone https://github.com/J4FSec/In0ri.git
cd In0ri

Docker

You can also use In0ri via the official Docker container here.

Starting In0ri

docker-compose up --build -d

After running the In0ri, open an Internet browser to https://<serverIP>:8080/ to show WebUI.

Usage

There are two ways to deploy and using In0ri:

  • Running off Celery Beat by periodically visiting the url.
  • Internal agent running off the web server

First Method: URL Check

Visit the Dashboard tab on WebUI, click on "Add URLs" then fill in the form and submit it.

Second Method: Internal Agent

At the table listing all urls which were registered on WebUI, click on "Create Key" button at column Actions, the API Key will send to your email or click "Details" button to show it.

On the web server that you wants to be monitored by In0ri, download the Agent folder from Github repository

Installing the required packages for the internal Agent

python3 -m pip install -r requirements.txt

Edit the file config.json in the same folder as agent

nano config.json

A key is sent to your email after registering the Agent on the WebUI rootPath is the root directory of the web application that you want to be monitored exludePath are the subfolders that you wants excluded from the scans apiServer is the URL to the API server of In0ri serverIP is the IP of the API server of In0ri

{
    "id":"01",
    "key":"123123123",
    "rootPath":"/var/www/html",
    "excludePath":"",
    "apiServer":"http://<serverIP>:8080/checkdeface"
}

And run the Agent:

python3 agent.py

References

Authors

In0ri is built by Echidna with the help of Cu64 and Klone.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

License

GNU AGPLv3

About

Website defacement attack detection with deep learning

Topics

Resources

License

Stars

64 stars

Watchers

1 watching

Forks

Contributors