Advanced IP Analysis & Threat Attribution Platform
TICE is a full-stack cybersecurity threat intelligence platform that correlates data from multiple OSINT sources to provide comprehensive IP address analysis, risk scoring, and AI-powered threat attribution reports.
- โ Multi-Source OSINT Integration: AbuseIPDB, Shodan, IPInfo
- โ Risk Scoring Engine: Intelligent 0-100 risk calculation with rationale
- โ Threat Correlation: Unified threat profile from multiple sources
- โ AI Attribution Reports: Comprehensive threat analysis with recommendations
- โ 3D Geolocation Visualization: Interactive Three.js globe with IP location markers
- โ Professional SOC Dashboard: Dark cyber-themed UI with glassmorphism design
- โ Evidence Analysis: Tabbed view of all OSINT data sources
- โ Export Capabilities: Download threat reports in markdown format
- Backend: FastAPI with async/await for high-performance API handling
- Frontend: React 19 with Three.js, Tailwind CSS, and Shadcn UI components
- Database: MongoDB for storing analysis history
- Design: Cybersecurity SOC theme with neon green/purple accents
tice/
โโโ backend/
โ โโโ server.py # Main FastAPI application
โ โโโ core/
โ โ โโโ correlate.py # Multi-source data correlation engine
โ โ โโโ risk.py # Risk scoring algorithms
โ โ โโโ report.py # AI report generation
โ โโโ sources/
โ โ โโโ abuseipdb.py # AbuseIPDB API integration
โ โ โโโ shodan_api.py # Shodan API integration
โ โ โโโ ipinfo_api.py # IPInfo API integration
โ โโโ models/ # Placeholder for future ML models
โ โโโ requirements.txt # Python dependencies
โ โโโ .env # API keys and configuration
โ
โโโ frontend/
โ โโโ src/
โ โ โโโ App.js # Main React app
โ โ โโโ pages/
โ โ โ โโโ Dashboard.jsx # Main dashboard page
โ โ โโโ components/
โ โ โโโ ThreatScoreGauge.jsx # Risk score visualization
โ โ โโโ ThreatCard.jsx # Threat profile card
โ โ โโโ Map3D.jsx # Three.js globe
โ โ โโโ EvidenceTabs.jsx # OSINT data tabs
โ โ โโโ AiReportPanel.jsx # AI report display
โ โ โโโ JsonDrawer.jsx # Raw JSON viewer
โ โโโ package.json
โ
โโโ README.md
- Node.js 20+ / Python 3.11+
- MongoDB
- Optional: API keys for AbuseIPDB, Shodan, IPInfo
cd backend
# Install dependencies
pip install -r requirements.txt
# Configure environment variables
cp .env.example .env
# Edit .env and add your API keys (optional for demo mode)
# Run the server
uvicorn server:app --host 0.0.0.0 --port 8001 --reloadcd frontend
# Install dependencies
yarn install
# Run the development server
yarn startThe application will be available at:
- Frontend: http://localhost:3000
- Backend API: http://localhost:8001
- API Docs: http://localhost:8001/docs
Edit /app/backend/.env and add your API keys:
# OSINT API Keys (optional - works in mock mode without keys)
ABUSEIPDB_API_KEY=""
SHODAN_API_KEY=""
IPINFO_API_KEY=""
# AI API Key (optional - for enhanced threat reports)
GEMINI_API_KEY=""Note: The system works in demo/mock mode without API keys, using realistic sample data.
GET /api/health
POST /api/analyze
Content-Type: application/json
{
"ip": "1.2.3.4"
}
Response: Complete threat intelligence profile including:
- Risk score (0-100) with label and confidence
- Context (location, organization, ASN)
- Threat categories
- Related artifacts
- Evidence from all sources
- AI-generated threat report
- Timestamp
- Primary Background: Dark gradient (#0a0a0f โ #1a0f2e)
- Accent Green: Neon green (#00ff41) for success/safe indicators
- Accent Purple: #a855f7 for important highlights
- Danger: #ef4444 for critical threats
- Warning: #f97316 for medium threats
- Headers: Space Grotesk (cybersecurity tech aesthetic)
- Body: Inter (clean readability)
- Glassmorphism cards with backdrop blur
- Neon glow effects on interactive elements
- Smooth animations for state transitions
- Responsive grid layout for all screen sizes
curl -X POST http://localhost:8001/api/analyze \
-H "Content-Type: application/json" \
-d '{"ip":"8.8.8.8"}'- Open http://localhost:3000
- Enter an IP address (e.g., 8.8.8.8)
- Click "Analyze Threat"
- Verify all components render:
- Risk Score Gauge
- Threat Profile Card
- 3D Globe with location marker
- Evidence Tabs (AbuseIPDB, Shodan, IPInfo)
- AI Threat Report
- JSON Drawer
- ML Anomaly Detection: Internal signals from ML models
- LangChain AI Agent: Enhanced attribution with WatsonX/OpenAI integration
- Bulk IP Scanning: Analyze multiple IPs in batch
- Historical Analysis: Trend analysis and time-series data
- Automated Alerting: Email/Slack notifications for critical threats
- PDF Report Export: Professional report generation
- Real-time Monitoring: WebSocket-based live updates
- User Authentication: Multi-tenant support
/app/backend/models/: Add ML model files/app/backend/core/report.py: Integrate Gemini 2.5 Pro for AI reports- Database queries for historical analysis
This project is specifically designed for cybersecurity hackathons:
โ
Professional Architecture: Clean separation of concerns, modular design
โ
Impressive Visuals: 3D globe, animated UI, SOC dashboard aesthetic
โ
Real-world Application: Solves actual threat intelligence problems
โ
Scalable Foundation: Easy to add ML models, new data sources, AI agents
โ
Demo-ready: Works with mock data, no API keys required
โ
Well-documented: Clear code structure, comments, README
MIT License - feel free to use for hackathons, educational purposes, or commercial projects.
Contributions welcome! Please open issues or submit pull requests.
Built with โค๏ธ for the cybersecurity community
TICE - Threat Intelligence Correlation Engine