I got tired of grepping auth.log — so I built a live SSH attack dashboard in Go + Vue 3

#go #security #showdev #vue

Your VPS is being attacked right now. Thousands of SSH brute-force
attempts per day, and all you get is this:

Mar 02 03:14:07 sshd: Failed password for root from 185.220.101.45 port 54321

So... I built PewPew to turn that noise into signal.

## What it looks like

One binary. Drop it on your server, open localhost:9090, and you get:

Live attack map — animated arcs from attacker's country to your server, WebSocket-powered
Top attackers — leaderboard with attempt count, country, one-click UFW ban
Open ports — exposed services with risk assessment
Hardening recommendations — based on your actual server state
System status — firewall backend, DB size, uptime

The embed.FS trick (my favorite part)

The entire Vue 3 SPA is embedded inside the Go binary:

//go:embed static/dist
var staticFiles embed.FS

Single file. ~20MB. No Node in production. No docker-compose.
No config files. Just:

./bin/pewpew start

How the SSH tailer works

Most tools load the entire log file into memory. PewPew uses a
streaming reader that:

Opens auth.log and seeks to EOF — only reads new lines
Detects logrotate: if the file shrinks or inode changes, reopens the new file without missing a line
Batches events every 500ms before writing to SQLite — avoids write amplification on small VPS

The parser uses regex to extract: event type, IP, username,
port from each line. Handles Failed password, Invalid user,
Accepted publickey, kex errors and disconnects.