Welcome to DEFEX-ENGINE v2.0, a unified defensive security platform. This guide explains how to deploy the system, run a test assessment, and understand the licensing and legal restrictions associated with the software.
The DEFEX-ENGINE platform integrates four specialised modules to provide a comprehensive view of your security posture, and Shadow_sentinel is a module developed as part DEFEX-ENGINE.
| Module | Purpose |
|---|---|
| SENTINEL‑CORE | Real‑time log and request analysis with behavioural and signature‑based threat detection |
| VULN‑SCRAPER | Automated CVE intelligence collector that maps CVEs to defensive mitigations |
| CRYPTO‑SHIELD | Password audit engine computing entropy, pattern detection and crack‑time estimates |
| APT‑HUNTER | Threat intelligence module that profiles advanced persistent threat actors and generates hunting recommendations |
This version of the codebase was generated by the PantherAI hybrid model and is licensed under Reza Mirfayzi. PantherAI is a proprietary hybrid artificial-intelligence framework developed by Reza Mirfayzi partly and PantherAI (self-developmet). It is intended for authorised defensive and research use only. Each source file includes a header noting these restrictions and the terms and conditions below.
Disclaimer: Use by authorised personnel only. The authors and licensor assume no responsibility for misuse. By using this software you agree to the terms and conditions specified herein.
Terms and Conditions
- “As‑is” software. This software is provided without warranty of any kind. All risks of use remain with you.
- Authorised use. Only individuals or organisations with explicit authorisation may use this software for defensive security and research purposes.
- No redistribution. Redistribution or commercial use is prohibited without express written permission from Reza Mirfayzi.
- Legal compliance. You must ensure compliance with all applicable laws and regulations when using this software.
- Python 3.8 or later
- Standard library only (no external dependencies)
- The remote version writes reports into a
shadow_sentinel_outputdirectory in the current working directory. The server version writes to/tmp/shadow_sentinel_output.
To see the platform in action, run the demonstration script. It loads the modules, analyses example logs, evaluates sample passwords, reviews a CVE watch list, and exports a JSON report.
cd shadow_sentinel_remote
python3 shadow_sentinel_master.pyYou will see console output similar to the following (truncated for brevity):
🔥 DEFEX-ENGINE v2.0 - INITIALIZING
[✓] All modules loaded successfully
[MISSION] Initiating Full Security Assessment
…
Risk Level: CRITICAL
Urgent Actions Required: 3
Risk Factors:
• High‑severity threats present
• 2 weak passwords identified
• Critical CVEs require immediate patching
[Priority 2] Identity Security
Action: Implement password rotation for weak accounts
Details: 2 accounts require immediate password change
[Priority 3] Vulnerability Management
Action: Patch critical CVEs within 24 hours
Details: 9 critical patches pending
[Priority 4] Threat Intelligence
Action: Deploy APT detection rules
Details: Implement behavioural detection for known APT TTPs
[✓] Report exported to: ./shadow_sentinel_output/shadow_sentinel_report_SS-<timestamp>.json
The exported JSON file contains a full breakdown of detected alerts, vulnerabilities, password audit results and APT intelligence. You can customise the inputs by calling full_security_assessment with your own log lines, password samples and CVE watch lists.
The server version (shadow_sentinel_server) is structured the same as the remote version but defaults to writing reports into /tmp/shadow_sentinel_output. To run the demonstration on a Linux server:
cd shadow_sentinel_server
python3 shadow_sentinel_master.pyThis tool is designed to help defenders identify malicious behaviour on systems they own or are authorised to assess. It must not be used to probe or analyse systems without permission. Misuse could be illegal and is strictly disallowed under the licence.
After extraction, the directory contains:
| File | Description |
|---|---|
sentinel_core.py |
Log and behavioural analysis engine |
vuln_scraper.py |
CVE intelligence extraction engine |
crypto_shield.py |
Password strength analysis engine |
apt_hunter.py |
APT threat intelligence engine |
shadow_sentinel_master.py |
Master orchestrator with full_security_assessment and a demo runner |
README.md |
This guide |
Each module includes the PantherAI/Reza Mirfayzi header and the licence terms shown above.
You can use each module independently within your own scripts:
from sentinel_core import ThreatDetectionEngine
from vuln_scraper import VulnerabilityIntelligenceEngine
from crypto_shield import CryptoShield
from apt_hunter import APTIntelligenceEngine
# Threat detection example
detector = ThreatDetectionEngine()
alerts = detector.process_log_stream(your_log_lines)
# Vulnerability analysis example
vuln = VulnerabilityIntelligenceEngine()
strategy = vuln.generate_defensive_strategy(["CVE-2024-43639"])
# Password audit example
shield = CryptoShield()
p_report = shield.analyze("correct-horse-battery-staple-2023!")
# APT intelligence example
apt = APTIntelligenceEngine()
apt_report = apt.generate_threat_report()Combine these results or use the ShadowSentinel class for a unified view.
To see the platform in action, run the demonstration script. It loads the modules, analyses example logs, evaluates sample passwords, reviews a CVE watch list, and exports a JSON report.
cd shadow_sentinel_server
python3 shadow_sentinel_master.pyYou will see console output similar to the following (truncated for brevity):
🔥 DEFEX-ENGINE v2.0 v2.0 - INITIALIZING
[✓] All modules loaded successfully
[MISSION] Initiating Full Security Assessment
…
Risk Level: CRITICAL
Urgent Actions Required: 3
Risk Factors:
• High‑severity threats present
• 2 weak passwords identified
• Critical CVEs require immediate patching
[Priority 2] Identity Security
Action: Implement password rotation for weak accounts
Details: 2 accounts require immediate password change
[Priority 3] Vulnerability Management
Action: Patch critical CVEs within 24 hours
Details: 9 critical patches pending
[Priority 4] Threat Intelligence
Action: Deploy APT detection rules
Details: Implement behavioural detection for known APT TTPs
[✓] Report exported to: /tmp/shadow_sentinel_output/shadow_sentinel_report_SS-<timestamp>.json
The exported JSON file contains a full breakdown of detected alerts, vulnerabilities, password audit results and APT intelligence. You can customise the inputs by calling full_security_assessment with your own log lines, password samples and CVE watch lists.
The remote version (shadow_sentinel_remote) is structured the same as the server version but defaults to writing reports into a shadow_sentinel_output directory in the working directory. To run the demonstration locally:
cd shadow_sentinel_remote
python3 shadow_sentinel_master.pyThe console output and JSON report format are identical, but the report is written to ./shadow_sentinel_output/.
This tool is designed to help defenders identify malicious behaviour on systems they own or are authorised to assess. It must not be used to probe or analyse systems without permission. Misuse could be illegal and is strictly disallowed under the licence.
After extraction, the directory contains:
| File | Description |
|---|---|
sentinel_core.py |
Log and behavioural analysis engine |
vuln_scraper.py |
CVE intelligence extraction engine |
crypto_shield.py |
Password strength analysis engine |
apt_hunter.py |
APT threat intelligence engine |
shadow_sentinel_master.py |
Master orchestrator with full_security_assessment and a demo runner |
README.md |
This guide |
Each module includes the PantherAI/Reza Mirfayzi header and the licence terms shown above.
You can use each module independently within your own scripts:
from sentinel_core import ThreatDetectionEngine
from vuln_scraper import VulnerabilityIntelligenceEngine
from crypto_shield import CryptoShield
from apt_hunter import APTIntelligenceEngine
# Threat detection example
detector = ThreatDetectionEngine()
alerts = detector.process_log_stream(your_log_lines)
# Vulnerability analysis example
vuln = VulnerabilityIntelligenceEngine()
strategy = vuln.generate_defensive_strategy(["CVE-2024-43639"])
# Password audit example
shield = CryptoShield()
p_report = shield.analyze("correct-horse-battery-staple-2023!")
# APT intelligence example
apt = APTIntelligenceEngine()
apt_report = apt.generate_threat_report()Combine these results or use the ShadowSentinel class for a unified view.