This is a submission for the GitHub Finish-Up-A-Thon Challenge
## What I Built
SecurAI Sentinel is an enterprise-grade, local-first cybersecurity operations dashboard designed to combine AI-assisted threat analysis, deception technology, backend security utilities, and gamified training into one unified platform. It moves beyond disjointed security scripts to create a comprehensive command center built with React, TypeScript, and Vite on the frontend, powered by an asynchronous Node.js Express backend.
Instead of a traditional cloud-hosted approach that compromises sensitive network data, SecurAI Sentinel enforces a strict local-first data model. All scan histories, known local network devices, endpoint telemetry, and posture histories are stored securely in the user's browser using IndexedDB via Dexie. When raw threat data or configuration logs must be sent to the backend for analysis, the frontend serializes and encrypts the payload using AES-256 symmetric key encryption.
The architectural breakthrough of this project is its Orchestration Pivot. Originally built with an "AI-first" methodology, the platform was redesigned to a "tool result first, AI second" paradigm. The backend now uses isolated runner sandboxes and custom parsers to ingest real operational data. For example, the system includes a custom manual binary parser for PCAP and PCAPNG files that reads raw binary buffers, resolves byte order, and extracts Link, Network, and Transport layer protocols entirely locally without external dependencies. The backend also features active socket observers for unauthorized ghost port access and an ARP watchdog to instantly detect gateway spoofing.
Once this hard evidence is parsed and normalized, SecurAI Sentinel leverages its AI integration adapter—capable of routing to Gemini, OpenRouter, or NVIDIA—to explain the vulnerabilities, prioritize the impact, and generate actionable remediation scripts.
## Demo
Here's a complete video walkthrough of the platform and its key workflows:
https://drive.google.com/file/d/1mQ4NA1y1zoLlRVf6kGM0MoU4lD_v-vl8/view?usp=sharing
*Repository Link: *
https://github.com/TinFox213/SecurAI-Sentinel.git
## The Comeback Story
SecurAI Sentinel initially suffered from feature creep and fragmented execution. The platform was a loose collection of "analysis tools" where the user was still responsible for doing all the heavy lifting and interpretation. This "AI-first, tool-second" approach stalled out, and the project sat as a collection of disjointed scripts.
When the Finish-Up-A-Thon started, the pivot was clear: Orchestration. I decided to complete the "bridge" between low-level system execution and high-level AI interpretation. I threw out the old "functional grouping" UI and implemented a completely new architecture focused on Cybersecurity Team Workflow.
The breakthrough was moving from "AI guessing at risk" to "Real Tools providing evidence that AI prioritizes." I re-engineered the backend to support asynchronous real-tool execution (using Nmap and specialized parsers), normalized all findings into a consistent schema, and finally squashed the bugs that kept the live-alerts and forensics timeline from communicating in real-time. Moving from a messy, simulated local prototype to an integrated full-stack dashboard with intentional cross-module handoffs was the "finish up" sprint this project needed.
## Key Features & Team Workflows
Command Center - Home Dashboard for global visibility, Security Posture Score tracking organizational trends, Scan History and Reports for PDF exports, and real-time AI Provider Status routing.
Red Team (Offensive) - Features an AI Red Team Agent for guided mission planning, Port Scanner Analysis, Vulnerability Analysis, and the MITRE ATT&CK Mapper to categorize attack vectors. It also includes WebSec Ops and Cyber Dojo Auto-Pentest capabilities.
Blue Team (Defensive) - Centralized Network Watchtower for device inventory, simulated Fleet EDR endpoint telemetry, Live Alerts, and General Log Analysis.
DFIR (Response) - Equipped with Packet Capture Analyzer for network forensics, Malware Analysis, Keylogger Detection, and CryptoVault for code/file scanning. All incidents funnel into a chronological Forensics Timeline and generate trackable Incident Response Playbooks.
Threat Intelligence - Integrates a CVE Intelligence Hub (with NVD search and IaC patching) alongside a Dark Web Monitor using HIBP/AbuseIPDB to track exposure.
Deception Engineering - Utilizes the Canary Factory to generate honey tokens and trap files, working in tandem with the Watchtower's Ghost Ports to provide early-warning tripwires.
AppSec & Governance - Features a Zero Trust Policy Builder that outputs AI-validated hardening plans, code analysis via CryptoVault, and continuous WebSec Ops configuration checks.
Training & Utilities - The Cyber Dojo offers interactive, gamified security training, while the Utility Belt provides standalone analyst tools like an EXIF cleaner, Web3 auditor, and data decoders. A global AI Chat Assistant provides contextual help across all screens.
## My Experience with GitHub Copilot
Participating in this sprint required a "vibe coding" mindset: maintaining maximum speed and focus on logical flow. Copilot took the friction out of boilerplate. It was invaluable for rapidly prototyping new data normalization functions, assisting in the complex manual parsing of PCAP binary headers, and generating context-aware UI transitions that unified the modular React interface. It allowed me to focus on architecture and orchestration rather than getting bogged down in syntax errors.
Top comments (0)