Skip to content

MegaZegan/VaultWatch-Terminal

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

VaultWatch Terminal

Retro vault-terminal defensive security triage for local logs.

This is a Fallout/Pip-Boy inspired portfolio project, but it is not a website and not a game. It is a safe blue-team terminal tool that analyzes local telemetry, ranks suspicious behavior, and exports an interview-friendly incident report.

Unofficial fan-inspired work. This project is not affiliated with Bethesda, Fallout, or Pip-Boy.

Why This Exists

I like the feeling of old terminals, vault computers, and Pip-Boy style interfaces. VaultWatch turns that aesthetic into something useful for cybersecurity interviews:

  • local-only SOC triage
  • readable detection logic
  • terminal dashboard output
  • JSON and Markdown reporting
  • tests and GitHub Actions
  • no live scanning, exploitation, credential testing, or external network calls

Demo

python -m pip install -e .
vaultwatch demo --no-color

Example output:

+----------------------------------------------------------------------------------------------+
| VAULTWATCH TERMINAL :: LOCAL DEFENSIVE TRIAGE                                                |
| EVENTS 014 | FINDINGS 08 | CRIT 1 | HIGH 3 | MED 4                                           |
+----------------------------------------------------------------------------------------------+
| CRITICAL 092  Successful login after repeated failures                                        |
|   overseer succeeded after 4 failed attempts within 20 minutes.                               |
| HIGH     084  Large outbound transfer                                                        |
|   vault-101 sent 62,000,000 bytes to 203.0.113.66.                                            |
+----------------------------------------------------------------------------------------------+

Commands

Analyze a JSONL, JSON, or CSV file:

vaultwatch scan samples/wasteland_telemetry.jsonl

Return JSON for automation:

vaultwatch scan samples/wasteland_telemetry.jsonl --format json

Write a Markdown report:

vaultwatch report samples/wasteland_telemetry.jsonl --output reports/vaultwatch-report.md

Detections

VaultWatch currently detects:

  • repeated failed authentication attempts
  • successful login after repeated failures
  • privileged role or admin changes
  • large outbound transfers
  • suspicious DNS labels and risky-looking domains
  • secret-shaped values in telemetry with masking
  • beacon-like outbound timing

Input Format

JSONL example:

{"timestamp":"2026-05-17T08:05:00Z","kind":"auth","actor":"overseer","host":"vault-101","action":"login","outcome":"success","src_ip":"198.51.100.44","message":"interactive session started"}

Supported fields include:

timestamp, source, kind, actor, host, target, action, outcome, src_ip, dest_ip, bytes_out, process, message

Project Structure

src/vaultwatch/
  analyzer.py    orchestrates detection and summary counts
  cli.py         command-line interface
  detectors.py   defensive detection rules
  io.py          JSONL/JSON/CSV loading
  models.py      Event and Finding dataclasses
  renderer.py    dashboard, JSON, and Markdown rendering
samples/         demo telemetry
tests/           pytest coverage

Testing

python -m pip install -e . pytest
pytest -q

Portfolio Notes

This project is designed to show both personality and engineering:

  • theme: retro vault/Pip-Boy terminal energy
  • cybersecurity: SOC-style log triage and defensive reporting
  • code quality: package structure, typed dataclasses, testable rules
  • safety: local files only, no offensive capability

About

Retro vault-terminal defensive security triage for local logs.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages