Real-time 3D cyber attack visualization powered by honeypot data
CyberMap visualizes cyber attacks on an interactive 3D globe in real time. It pulls attacker IPs from AbuseIPDB or T-Pot honeypots, resolves geolocations, and streams events to the browser over WebSocket. Built-in demo mode works without any external dependencies.
git clone https://github.com/Qeyron/cybermap.git
cd cybermap
cp .env.example .env
docker compose up┌───────────┐ ┌──────────┐ ┌──────────────┐ ┌──────────────┐
│ AbuseIPDB │────▶│ │ │ │ │ React + │
│ / T-Pot │ │ FastAPI │────▶│ WebSocket │────▶│ MapLibre GL │
│ │ │ Backend │ │ Stream │ │ (3D Globe) │
└───────────┘ └──────────┘ └──────────────┘ └──────────────┘
Frontend: React 18 + TypeScript + Vite + Tailwind CSS + MapLibre GL
Backend: Python 3.11 + FastAPI + Uvicorn + AbuseIPDB + geoip2
Infrastructure: Docker Compose + Nginx reverse proxy
- AbuseIPDB - real-time attacker IP blacklist
- T-Pot honeypot (alternative) - attack telemetry via Elasticsearch
- MaxMind GeoLite2 - IP geolocation
- GreyNoise (optional) - noise/malicious classification
# Frontend
cd frontend && npm install && npm run dev
# Backend
cd backend && pip install -r requirements.txt
uvicorn app.main:app --reload
# Both via Docker
docker compose -f docker-compose.dev.yml up| Endpoint | Method | Description |
|---|---|---|
/api/health |
GET | Health check |
/api/attacks |
GET | Recent attacks (query: limit) |
/api/stats |
GET | Aggregated statistics |
/ws/attacks |
WS | Real-time attack stream |
MIT