A comprehensive network security platform that integrates automated vulnerability scanning, CVE detection, and remote firewall management. Built for seamless user interaction via AI assistants (Puch AI), with a web dashboard for audit logs and a Discord bot for instant port blocking.
Guardian Ops empowers users to scan their networks, detect threats, and respond in real-time—without leaving their chat interface.
Guardian Ops provides end-to-end security operations through a conversational AI interface:
- User Interaction: Connect via Puch AI (e.g., WhatsApp) and provide your IP/hostname. Choose a scan type (quick/full/port check/vuln/network discovery).
- Scanning & Detection: The MCP server performs Nmap-based scans, detects open ports/services, and chains CVE searches across CIRCL, NVD, and Vulners APIs.
- Reporting: Instant reports with open ports, services, and potential vulns. If vulnerabilities are found, alerts the user.
- Dashboard Access: View scan history and details via a secure web dashboard.
- Remediation: For detected vulns on open ports, get a direct link to authorize and use the Discord bot to block risky ports remotely.
- Conversational Scanning: Natural language commands like "OG quick scan on my-ip.com" via Puch AI.
- Multi-API CVE Chaining: Aggregates vulns from CIRCL (free), NVD (key optional), and Vulners (key optional) with deduplication.
- Audit Logging: Per-user SQLite database tracks all scans with timestamps and results.
- Web Dashboard: Dark-themed UI for viewing/deleting logs and scan details.
- Remote Port Management: Discord bot blocks/unblocks TCP ports using iptables (persistent via netfilter-persistent).
- Security-First: Bearer auth for MCP, env-based secrets, input validation, and single-user Discord authorization.
- Background Processing: CVE checks run asynchronously to keep scans fast.
- Scans log to a dashboard for audit trails.
- Port blocking uses UFW-compatible iptables chains.
- No sensitive data exposed in responses.
- Rate-limited concurrent requests to avoid API abuse.
- MCP Server (
mcp_server.py): FastMCP-based server for Puch AI integration. Handles scans with Nmap, CVE queries via httpx, and logging to SQLite. - Dashboard (
dashboard.py): FastAPI app with Jinja2 templates for user-facing logs and details. - Discord Bot (
bot.py): discord.py bot for port management, executing shell scripts. - Shell Scripts (
scripts/):block_port.shandunblock_port.shfor iptables rules. - System Service (
services/capstonebot.service): Systemd for bot auto-start. - Database: SQLite (
guardian_scans.db) for scan logs.
User (Puch AI) → MCP Server (Scan Request) → Nmap Scan + CVE APIs → Report + Vuln Alert
↓
Dashboard (Logs) ← SQLite ← Scan Results
↓ (If Vulns)
User → Discord Bot (Authorize) → Shell Scripts → iptables → Persistent Rules
- Backend: Python 3.8+, FastMCP, FastAPI, discord.py, Nmap, httpx.
- Database: SQLAlchemy + SQLite.
- APIs: CIRCL CVE, NVD, Vulners.
- Frontend: Jinja2, HTML/CSS (dark theme, Poppins font).
- OS: Ubuntu 20.04+ (iptables, netfilter-persistent).
- Ubuntu Server 20.04+.
- Python 3.8+.
- Nmap installed (
sudo apt install nmap). - netfilter-persistent for rule persistence (
sudo apt install iptables-persistent). - Discord Bot Token (create at Discord Developer Portal).
- Optional: NVD/Vulners API keys for enhanced CVE searches.
- sudo privileges for iptables.
git clone <your-repo-url>
cd guardian-opsCreate .env in the root:
# MCP Server
AUTH_TOKEN=your_mcp_auth_token_here
MY_NUMBER=your_phone_number_here # e.g., 919876543210
VULNERS_API_KEY=your_vulners_key_optional
NVD_API_KEY=your_nvd_key_optional
DASHBOARD_URL=http://your-server-ip:8000 # Update with your dashboard URL
# Discord Bot
DISCORD_TOKEN=your_discord_bot_token_here
AUTHORIZED_USER_ID=your_discord_user_id_here # Numeric user IDLoad env: source .env (or use python-dotenv).
# MCP Server & Dashboard
pip install -r requirements-mcp.txt # Includes fastmcp, nmap, httpx, sqlalchemy, fastapi, etc.
# Discord Bot
cd discord-bot
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt # discord.py, python-dotenvThe SQLite DB auto-creates on first scan. Run migrations if needed:
python -c "from mcp_server import engine, Base; Base.metadata.create_all(engine)"cd discord-bot/scripts
chmod +x block_port.sh unblock_port.shFor Discord Bot:
sudo cp discord-bot/services/capstonebot.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable capstonebot.service
sudo systemctl start capstonebot.serviceFor MCP Server & Dashboard: Run manually or via systemd (see below).
- MCP Server:
python mcp_server.py(runs on :8086). - Dashboard:
python dashboard.py(runs on :8000). - Test:
sudo journalctl -u capstonebot.service -ffor bot logs.
- Message "hi" to Guardian Ops (OG) for the menu.
- e.g., "OG quick scan on 192.168.1.100" → Gets scan report.
- If vulns found: Report includes "Go to Discord bot: https://discord.com/oauth2/authorize?client_id=1436272504128929852" to authorize and block ports.
- View history: Use dashboard link in reports (e.g., http://your-server:8000).
| Command | Example | Description |
|---|---|---|
| Quick Scan | OG quick scan on scanme.nmap.org |
Fast common ports + basic vulns. |
| Full Scan | OG full scan on example.com |
Thorough OS/service/vuln scan. |
| Port Check | OG port check on example.com port 80 |
Specific port status + service. |
| Vuln Scan | OG vuln scan apache 2.4 |
CVE search for service/version. |
| Network Discovery | OG network discovery 192.168.1.0/24 |
Find active hosts in subnet. |
Invite bot: https://discord.com/oauth2/authorize?client_id=1436272504128929852
(Authorize only once; commands restricted to your user ID.)
| Command | Usage | Description |
|---|---|---|
!ping |
!ping |
Bot responsiveness. |
!blockport |
!blockport 8080 |
Block TCP port (persistent). |
!unblockport |
!unblockport 8080 |
Unblock port. |
!helpme |
!helpme |
Command list. |
Example:
User: !blockport 8080
Bot: Blocked TCP port 8080.
- Access: http://your-server:8000
- Login: Enter Puch User ID.
- Features: View/delete logs, scan details.
- Auth: MCP uses bearer tokens; Discord limits to one user ID.
- Validation: IP/port/service inputs sanitized; scans limited (e.g., max 256 hosts).
- Persistence: iptables rules saved via netfilter-persistent.
- APIs: Fallback to free CIRCL if keys invalid.
- Logs: No sensitive data stored; user-owned DB.
Warning: Scans may trigger IDS/IPS. Use responsibly on authorized networks. Port blocking requires sudo—test in safe env.
guardian-ops/
├── nmap_puch_mcp.py # Puch AI MCP server
├── dashboard.py # FastAPI dashboard
├── requirements.txt # MCP + dashboard deps
├── templates/ # HTML: login.html, dashboard.html, scan_detail.html
├── discord-bot/
│ ├── bot.py # Discord bot
│ ├── requirements.txt # Bot deps
│ ├── .env # Bot env (or root)
│ ├── scripts/
│ │ ├── block_port.sh
│ │ └── unblock_port.sh
│ └── services/
│ └── capstonebot.service
└── guardian_scans.db # Auto-generated SQLite
- MCP Won't Start: Check AUTH_TOKEN/MY_NUMBER; verify Nmap (
nmap --version). - Scans Timeout: Increase timeouts or use faster targets (e.g., scanme.nmap.org).
- Bot Unauthorized: Confirm AUTHORIZED_USER_ID (numeric, via Discord dev tools).
- Dashboard No Logs: Ensure Puch User ID matches; check SQLite.
- Vulns Not Found: Add API keys; CIRCL is default fallback.
- Logs:
journalctl -u capstonebot(bot); console for MCP/dashboard.
- Add Scans: Extend
@mcp.toolinmcp_server.py; updateguardian_opsparser. - UDP Support: Modify shell scripts:
iptables -I ufw-before-input -p udp --dport $PORT -j DROP. - Dashboard: Add auth (e.g., JWT) or export logs.
- Alerts: Integrate email/SMS for high-CVSS vulns.
Educational capstone project—MIT License. Use responsibly.
- Issues: Check troubleshooting; verify prereqs/permissions.
- Community: Discord bot for testing; Puch AI for scans.
- Enhancements: PRs welcome!
Note: Guardian Ops handles powerful security tools. Always comply with laws and obtain permission for scans. Test on isolated networks first.