dfbd2a2196
Add tabbed dashboard at /dashboard/ with three D3.js visualizations: - Vendor treemap (devices grouped by type and vendor) - SSID social graph (force-directed, shared probed SSIDs as edges) - Fingerprint clusters (packed circles by device behavior) Intelligence API endpoints at /api/v1/intelligence/ with param validation. Dashboard built on htmx + Pico CSS dark theme + D3 v7, all vendored locally (make vendor). 13 new tests (59 total).
3.6 KiB
3.6 KiB
ESP32-Web TODO
API
- Pagination for all list endpoints (with total count)
- Request logging middleware
- Data retention policy (auto-cleanup old records)
- Filter by date range
- Sort options
- Rate limiting (flask-limiter)
- API authentication (JWT or API keys)
OSINT
- Device fingerprinting by advertisement patterns
- SSID categorization (home, corporate, mobile hotspot)
- MAC randomization detection (correlate probe bursts, RSSI, timing)
- Device reputation scoring (randomized MAC, probe hygiene, visit frequency)
- Organizational mapping (group devices by vendor + behavior)
Collector
- CSI data storage (optional, high volume)
Fleet Management
- Bulk commands (multi-sensor OTA/config)
Deployment
- Podman quadlet (systemd integration)
- PostgreSQL configuration
- Nginx reverse proxy config
- TLS setup guide
- Backup/restore scripts
Testing
- API endpoint tests (all routes)
- Collector parser tests (edge cases)
- Integration tests with mock sensors
- Load testing
Visualizations
Spatial / RF (D3.js)
- RSSI heatmap — triangulate device positions from multi-sensor readings, animate over time
- Sensor coverage Voronoi — show reach/overlap/blind spots
- Channel utilization spectrogram — waterfall display per sensor
Device Intelligence
- Device fingerprint clusters — group by behavior (probes, BLE company, cadence)
- SSID social graph — devices as nodes, shared probed SSIDs as edges (reveals co-location history)
- Probe request worldmap — map probed SSIDs to geolocations via WiGLE
- Vendor treemap — OUI + BLE company breakdown, anomaly spotting
Temporal
- Presence timeline / Gantt — per-device strips showing enter/leave range (routines, anomalies)
- First-seen drift — highlight novel devices vs. known regulars
- Dwell time distributions — histogram, bimodal = passers-by vs. occupants
Purple Team
- Deauth attack timeline — overlay alerts with source/target, correlate with device disappearances
- Evil twin detection — flag when probed SSID appears as local AP
- Flood intensity gauge — real-time deauth rate + historical sparklines
- Attack surface dashboard — broadcast probes (evil twin targets), static MACs (trackable), deauth-vulnerable
- Kill chain tracker — map events to MITRE ATT&CK for WiFi
Experimental
- CSI radar — amplitude/phase matrix as real-time presence radar (if CSI enabled)
- Mesh consensus view — sensor agreement graph, fork/resolve visualization
- Temporal knowledge graph — devices/SSIDs/sensors/alerts with timestamped edges
- Adversarial simulation replay — VCR-style event playback with what-if scenarios
- Entropy dashboard — single ambient metric (new devices/hr, probe diversity, alert rate)
Priority picks (high value, low-medium effort)
Presence timeline (low effort, high value)— next upDeauth attack timeline (low effort, high value)— next upSSID social graph (medium effort, high value)— done v0.1.4Device fingerprint clusters (medium effort, high value)— done v0.1.4- RSSI heatmap / triangulation (high effort, very high value)
Tech notes
- D3.js v7 + htmx + Pico CSS served locally from
static/vendor/ - Dashboard at
/dashboard/with htmx tab switching - Intelligence API at
/api/v1/intelligence/*
Ideas
- WebSocket for live updates
- SSE (Server-Sent Events) alternative
- Webhook callbacks for alerts
- Slack/Discord notifications
- Home Assistant MQTT integration
- Grafana dashboard templates
- ML device classification