diff --git a/Readme.md b/Readme.md index d1ee2c3..5e69048 100644 --- a/Readme.md +++ b/Readme.md @@ -1,101 +1,285 @@ -# Stellaris Hackathon +link: https://frontend-seven-steel-14.vercel.app +# ๐Ÿ” Kubernetes Attack Path Visualizer -> **Organized by:** ElixirTech Community -> **Repository:** [ElixirTechCommunity/Stellaris-Hackathon](https://github.com/ElixirTechCommunity/Stellaris-Hackathon) +A full-stack security analysis engine that models Kubernetes RBAC as a graph and detects attack paths, privilege escalation, and vulnerabilities using graph algorithms. +--- + +## ๐Ÿš€ Overview -## How to Submit Your Project +The Kubernetes Attack Path Visualizer is designed to help security engineers understand how an attacker can move inside a Kubernetes cluster. -Follow these steps **carefully** to upload your project to this repository. +It converts Kubernetes resources into a graph structure, enriches it with vulnerability data (CVEs), and applies graph algorithms to detect potential attack paths from entry points to critical assets like secrets and databases. --- -### Step 1 โ€“ Fork This Repository +## ๐Ÿง  Key Features + +### ๐Ÿ”ฅ Attack Path Detection -Click the **Fork** button at the top-right of this page to create your own copy of this repo. +* Identifies all possible paths from **entry points โ†’ crown jewels** +* Helps visualize how an attacker can compromise sensitive resources --- -### Step 2 โ€“ Clone Your Fork Locally -```bash -git clone https://github.com//Stellaris-Hackathon.git -cd Stellaris-Hackathon -``` +### ๐Ÿ“Š Risk Scoring System + +* Assigns a risk score (0โ€“10) to nodes and paths +* Based on: + + * CVEs + * RBAC permissions + * Access to sensitive resources + +--- + +### โšก Shortest Attack Path (Dijkstra) + +* Finds the most efficient attack route +* Simulates attacker behavior (least resistance path) + +--- + +### ๐ŸŒ All Attack Paths (BFS) + +* Explores all possible attack routes +* Ensures no hidden vulnerabilities are missed + +--- + +### ๐Ÿ’ฅ Blast Radius Analysis + +* Shows how far an attacker can spread from a compromised node +* Helps measure impact of a breach + +--- + +### ๐Ÿ” Privilege Escalation Detection + +* Detects loops where attacker gains increasing privileges +* Example: + + ``` + Pod โ†’ ServiceAccount โ†’ Role โ†’ Pod (higher privilege) + ``` --- -### Step 3 โ€“ Create Your Project Folder +### ๐ŸŽฏ Critical Node Detection + +* Identifies chokepoints in the graph +* Securing these nodes blocks multiple attack paths + +--- + +### ๐Ÿงช Attack Simulation + +* Simulates removing or securing a node +* Shows: + + * Attack paths eliminated + * Security improvement % + +--- + +### โš ๏ธ Vulnerability Analysis + +* Lists risky nodes with: + + * CVEs + * Risk score + * Explanation of risk + +--- + +### ๐Ÿงพ Human-Readable Explanations + +* Converts technical graph paths into simple attack stories +* Example: + + ``` + Attacker enters via service โ†’ accesses pod โ†’ uses service account โ†’ reads secret + ``` + +--- + +### ๐Ÿ“„ Report Generation + +* Generates a complete security report including: + + * Attack paths + * Shortest paths + * Blast radius + * Cycles + * Critical nodes + +--- + +## ๐Ÿ”„ Data Flow -Inside the repo, create a new folder using the format: ``` -submissions/TeamName_ProjectName/ +Kubernetes Cluster / Mock Data + โ†“ +Fetch (kubectl / JSON) + โ†“ +Transform โ†’ Graph (Nodes + Edges) + โ†“ +CVE Enrichment + โ†“ +Validation (Zod Schema) + โ†“ +cluster-graph.json + โ†“ +Neo4j Database + โ†“ +GDS Graph Projection + โ†“ +Graph Algorithms (BFS, DFS, Dijkstra) + โ†“ +API / CLI / Reports ``` -**Example:** +--- + +## ๐Ÿ—๏ธ Project Architecture + ``` -submissions/TeamNova_SmartBridge/ +src/ +โ”‚ +โ”œโ”€โ”€ cli/ # CLI commands (scan, ingest, report) +โ”œโ”€โ”€ core/ # Core logic (fetch, transform, CVE, attack-path) +โ”œโ”€โ”€ db/ # Neo4j + GDS integration +โ”œโ”€โ”€ services/ # Business logic (ingestion, reporting) +โ”œโ”€โ”€ server/ # Express API +โ”œโ”€โ”€ schemas/ # Validation schemas +โ”œโ”€โ”€ data/ # Mock dataset ``` -Place all your project files inside this folder. +--- + +## ๐Ÿงช Technologies Used + +* **TypeScript / Node.js** +* **Neo4j (Graph Database)** +* **Neo4j Graph Data Science (GDS)** +* **Express.js** +* **Zod** +* **Axios** --- -### Step 4 โ€“ Add a `README.md` Inside Your Folder +## โš™๏ธ Installation & Setup + +### 1. Clone the repository + +```bash +git clone +cd project +``` + +--- + +### 2. Install dependencies + +```bash +npm install +``` + +--- + +### 3. Start Neo4j (Docker) + +```bash +cd docker +docker-compose up -d +``` -Your submission folder **must** include a `README.md` with the following structure: -```markdown -# Project Name +--- -## ๐Ÿ‘ฅ Team Name - +### 4. Run the project -## ๐Ÿง‘โ€๐Ÿ’ป Team Members -| Name | Role | GitHub | -|------|------|--------| -| Name 1 | Frontend | @username | -| Name 2 | Backend | @username | +#### Scan (local pipeline) -## ๐Ÿ’ก Problem Statement - +```bash +npx ts-node src/cli/index.ts scan --mock +``` -## ๐Ÿ› ๏ธ Tech Stack - +#### Full ingestion -## ๐Ÿ”— Links -- **Live Demo:** [link] -- **Video Demo:** [link](if applicable) -- **Presentation (PPT/PDF):** [link] +```bash +npx ts-node src/cli/index.ts ingest --source mock +``` -## ๐Ÿ“ธ Screenshots - +#### Generate report -## ๐Ÿš€ How to Run Locally - +```bash +npx ts-node src/cli/index.ts report ``` --- -### Step 5 โ€“ Commit and Push Your Changes +### 5. Start API server + ```bash -git add . -git commit -m "Add submission: TeamName_ProjectName" -git push origin main +npx ts-node src/server/server.ts ``` --- -### Step 6 โ€“ Open a Pull Request (PR) +## ๐ŸŒ API Endpoints + +| Endpoint | Description | +| ------------------------ | ------------------ | +| POST /api/ingest | Run full pipeline | +| GET /api/graph | Retrieve graph | +| GET /api/paths | Attack paths | +| GET /api/vulnerabilities | Vulnerable nodes | +| GET /api/blast-radius | Reachability | +| GET /api/cycles | Privilege cycles | +| GET /api/critical-node | Critical nodes | +| POST /api/simulate | What-if simulation | +| GET /api/report | Full report | + +--- + +## ๐ŸŽฏ Real-World Use Cases -1. Go to your forked repo on GitHub -2. Click **"Compare & pull request"** -3. Use this PR title format: - `[Submission] TeamName โ€“ ProjectName` -4. Fill in the PR description and click **"Create Pull Request"** +* Kubernetes security auditing +* DevSecOps pipelines +* Threat modeling +* Penetration testing +* Cloud security analysis -> โš ๏ธ **Only PRs following the correct format will be reviewed.** +--- +## ๐Ÿง  Interview Explanation +> This project converts Kubernetes RBAC into a graph and uses graph algorithms like BFS, DFS, and Dijkstra to detect attack paths, privilege escalation, and vulnerabilities. It enriches data with CVEs and generates human-readable security reports. --- -

Made with โค๏ธ by ElixirTech Community

+## ๐Ÿš€ Future Improvements + +* Frontend graph visualization +* Real-time monitoring +* AI-based risk prediction +* Multi-cluster support + +--- + +## ๐Ÿ‘จโ€๐Ÿ’ป Author + +**Vardan Singhal** + +--- + +## โญ Final Note + +This project demonstrates: + +* Graph theory +* System design +* Security analysis +* Backend engineering + +A strong real-world project combining **DevOps + Security + Algorithms**. diff --git a/submissions/labyrinth_vectornetes/engine b/submissions/labyrinth_vectornetes/engine new file mode 160000 index 0000000..a676d75 --- /dev/null +++ b/submissions/labyrinth_vectornetes/engine @@ -0,0 +1 @@ +Subproject commit a676d752b2d0ecd1fe68374fe77d4384efa3c83a diff --git a/submissions/labyrinth_vectornetes/frontend b/submissions/labyrinth_vectornetes/frontend new file mode 160000 index 0000000..56f9414 --- /dev/null +++ b/submissions/labyrinth_vectornetes/frontend @@ -0,0 +1 @@ +Subproject commit 56f941405cc205d91b5e881254baab77ce6ac930