diff --git a/README b/README
new file mode 100644
index 0000000..e22dc67
--- /dev/null
+++ b/README
@@ -0,0 +1,8 @@
+## 🛡️ Defense Mode (NEW)
+
+HackMaster-Pi now includes a Defense Mode for educational IoT security analysis.
+This mode detects common Wi-Fi and RFID security weaknesses without performing attacks.
+
+✔ Legal
+✔ Ethical
+✔ Blue Team Learning
diff --git a/defense_manager.py b/defense_manager.py
new file mode 100644
index 0000000..1418689
--- /dev/null
+++ b/defense_manager.py
@@ -0,0 +1,31 @@
+# scripts/defense/defense_manager.py
+
+from .wifi_defense import WifiDefense
+from .rfid_defense import RFIDDefense
+from .threat_score import calculate_threat_score
+
+class DefenseManager:
+    def __init__(self, iface="wlan0"):
+        self.wifi = WifiDefense(iface)
+        self.rfid = RFIDDefense()
+
+    def run_wifi_defense(self):
+        aps = self.wifi.scan()
+        issues = self.wifi.analyze(aps)
+        score = calculate_threat_score(issues)
+
+        return {
+            "module": "Wi-Fi Defense",
+            "issues": issues,
+            "threat": score
+        }
+
+    def run_rfid_defense(self, card_info):
+        issues = self.rfid.analyze(card_info)
+        score = calculate_threat_score(issues)
+
+        return {
+            "module": "RFID Defense",
+            "issues": issues,
+            "threat": score
+        }
diff --git a/rfid_defense.py b/rfid_defense.py
new file mode 100644
index 0000000..fd01f14
--- /dev/null
+++ b/rfid_defense.py
@@ -0,0 +1,28 @@
+# scripts/defense/rfid_defense.py
+
+class RFIDDefense:
+    def analyze(self, card_info):
+        issues = []
+
+        if card_info.get("uid_only", False):
+            issues.append({
+                "type": "UID_ONLY_CARD",
+                "risk": "HIGH",
+                "recommendation": "Use secure RFID with authentication"
+            })
+
+        if not card_info.get("auth_enabled", True):
+            issues.append({
+                "type": "NO_AUTHENTICATION",
+                "risk": "CRITICAL",
+                "recommendation": "Enable password or crypto authentication"
+            })
+
+        if card_info.get("static_uid", False):
+            issues.append({
+                "type": "STATIC_UID",
+                "risk": "MEDIUM",
+                "recommendation": "Use random UID capable cards"
+            })
+
+        return issues
diff --git a/threat_score.py b/threat_score.py
new file mode 100644
index 0000000..6c63079
--- /dev/null
+++ b/threat_score.py
@@ -0,0 +1,30 @@
+# scripts/defense/threat_score.py
+
+def calculate_threat_score(issues):
+    score = 0
+
+    for issue in issues:
+        level = issue.get("risk", "LOW")
+        if level == "LOW":
+            score += 10
+        elif level == "MEDIUM":
+            score += 25
+        elif level == "HIGH":
+            score += 40
+        elif level == "CRITICAL":
+            score += 60
+
+    if score > 100:
+        score = 100
+
+    if score <= 30:
+        status = "SAFE"
+    elif score <= 60:
+        status = "WARNING"
+    else:
+        status = "CRITICAL"
+
+    return {
+        "score": score,
+        "status": status
+    }
diff --git a/wifi_defense.py b/wifi_defense.py
new file mode 100644
index 0000000..e9a4d37
--- /dev/null
+++ b/wifi_defense.py
@@ -0,0 +1,67 @@
+# scripts/defense/wifi_defense.py
+
+import subprocess
+import re
+
+class WifiDefense:
+    def __init__(self, iface="wlan0"):
+        self.iface = iface
+
+    def scan(self):
+        try:
+            output = subprocess.check_output(
+                ["iw", "dev", self.iface, "scan"],
+                stderr=subprocess.DEVNULL
+            ).decode(errors="ignore")
+        except Exception:
+            return []
+
+        aps = []
+        current = {}
+
+        for line in output.splitlines():
+            line = line.strip()
+
+            if line.startswith("BSS"):
+                if current:
+                    aps.append(current)
+                current = {"bssid": line.split()[1]}
+            elif "SSID:" in line:
+                current["ssid"] = line.split("SSID:")[1].strip()
+            elif "signal:" in line:
+                current["signal"] = line.split("signal:")[1].strip()
+            elif "RSN:" in line:
+                current["encryption"] = "WPA/WPA2/WPA3"
+
+        if current:
+            aps.append(current)
+
+        return aps
+
+    def analyze(self, aps):
+        issues = []
+        ssid_map = {}
+
+        for ap in aps:
+            ssid = ap.get("ssid", "<hidden>")
+            ssid_map.setdefault(ssid, []).append(ap.get("bssid"))
+
+            if ap.get("encryption") is None:
+                issues.append({
+                    "type": "OPEN_NETWORK",
+                    "ssid": ssid,
+                    "risk": "HIGH",
+                    "recommendation": "Enable WPA2/WPA3 encryption"
+                })
+
+        for ssid, bssids in ssid_map.items():
+            if len(bssids) > 1 and ssid != "<hidden>":
+                issues.append({
+                    "type": "EVIL_TWIN",
+                    "ssid": ssid,
+                    "bssids": bssids,
+                    "risk": "CRITICAL",
+                    "recommendation": "Verify BSSID, disable auto-connect"
+                })
+
+        return issues