# cc24-hub

Der neue Hub für CC24. Ein Framework für diverse Forensik-Tools und Übersicht über die verfügbaren Anwendungen auf der Plattform.
DISCLAIMER: Vibe-Coding von Anthropic Claude 4 Sonnet.

## Features

- **Performance**: Sub-2 second load times, sub-500ms filtering
- **YAML-Driven Content**: Easy tool management through simple file edits
- **Dark/Light Themes**: Automatic system detection with manual override
- **Service Monitoring**: Real-time status via Uptime Kuma integration
- **Mobile Responsive**: Works on all device sizes
- **Zero Dependencies**: No external CDNs or cloud services

## Quick Start

### Prerequisites

- Node.js 16+ 
- npm or yarn

### Installation

1. **Clone the repository**
   ```bash
   git clone https://git.cc24.dev/mstoeck3/cc24-hub
   cd cc24-hub
   ```

2. **Install dependencies**
   ```bash
   npm install
   ```

3. **Start development server**
   ```bash
   npm start
   ```

4. **Build for production**
   ```bash
   npm run build
   ```

The site will be available at `http://localhost:8080` and files will be generated in `_site/`.

## Project Structure

```
dfir-tools-hub/
├── src/
│   ├── _data/                 # YAML data files
│   │   ├── tools.yaml         # Tools database
│   │   └── services.yaml      # Service monitoring config
│   ├── _includes/             # Shared template components
│   ├── _layouts/              # Page layout templates
│   │   └── base.njk           # Base layout
│   ├── js/                    # Client-side JavaScript
│   │   ├── search.js          # Search and filtering
│   │   ├── theme.js           # Theme management
│   │   ├── modal.js           # Tool detail modal
│   │   └── status.js          # Status page logic
│   ├── scss/                  # Sass stylesheets
│   │   └── main.scss          # Main stylesheet
│   ├── about/
│   │   └── index.njk          # About page
│   ├── privacy/
│   │   └── index.njk          # Privacy page
│   ├── status/
│   │   └── index.njk          # Status page
│   └── index.njk              # Home page
├── .eleventy.js               # Eleventy configuration
├── package.json               # Dependencies and scripts
└── README.md                  # This file
```

## Content Management

### Adding Tools

Edit `src/_data/tools.yaml` to add or modify tools:

```yaml
tools:
  - id: new-tool                    # Unique identifier
    name: "Tool Name"               # Display name
    description: "Brief description of the tool"
    domains:                        # Forensic domains
      - "Filesystem Forensics"
      - "Network Forensics"
    phases:                         # DFIR phases
      - "Datensammlung"
      - "Analyse"
    platforms:                      # Supported platforms
      - "Linux"
      - "Windows"
      - "macOS"
    skillLevel: "Intermediate"      # Beginner|Intermediate|Advanced
    accessType: "CLI"               # CLI|GUI|Web|SaaS
    url: "https://example.com"      # Project homepage
    tags:                           # Search tags
      - "tag1"
      - "tag2"
    type: "FOSS"                    # FOSS|SaaS
```

### Configuring Services

Edit `src/_data/services.yaml` for service monitoring:

```yaml
# Uptime Kuma Configuration
uptimeKuma:
  enabled: true                     # Enable/disable integration
  apiUrl: "https://status.lab.local/api"
  apiKey: "your-api-key"           # Optional API key
  refreshInterval: 30000           # Refresh every 30 seconds

# Static service definitions
services:
  - id: service-id
    name: "Service Name"
    description: "Service description"
    url: "https://service.lab.local"
    category: "Analyse Tools"
    status: "operational"           # operational|degraded|maintenance|down
    uptime: "99.9%"
    responseTime: "245ms"
```

## DFIR Methodology

Tools are organized according to the standard DFIR framework:

### Domains
- **Filesystem Forensics**: File system Analyse and recovery
- **Network Forensics**: Network traffic and protocol Analyse  
- **Memory Forensics**: RAM and memory artifact Analyse
- **Live Forensics**: Real-time system Analyse
- **Malware Analyse**: Malicious software Auswertung
- **Cryptocurrency**: Blockchain and crypto investigations

### Phases
- **Datensammlung**: Evidence acquisition and preservation
- **Auswertung**: Data extraction and parsing
- **Analyse**: Evidence correlation and interpretation
- **Bericht & Präsentation**: Documentation and timeline creation

## Service Status Integration

### Uptime Kuma Setup

1. **Install Uptime Kuma** on your network

2. **Configure monitors** for your DFIR services

3. **Enable API access** in Uptime Kuma settings

4. **Update configuration** in `src/_data/services.yaml`:
   ```yaml
   uptimeKuma:
     enabled: true
     apiUrl: "https://your-uptime-kuma.local/api"
     apiKey: "your-api-key"
   ```

## Development

### Available Scripts

- `npm start` - Start development server with live reload
- `npm run build` - Build production site
- `npm run debug` - Build with debug information
- `npm run clean` - Clean build directory

### Customization

#### Themes
- Modify color variables in `src/scss/main.scss`
- Supports CSS custom properties for dynamic theming
- Automatic dark mode detection with manual override

#### Search and Filtering
- Client-side search for instant results
- Multi-criteria filtering (domain + phase + search term)
- Matrix view for comprehensive tool overview

#### Performance Optimization
- Static site generation for fast loading
- Minimal JavaScript footprint
- Local asset bundling (no CDNs)
- Optimized CSS with utility classes

## Deployment

### Static Hosting

Build and deploy to any static host:

```bash
npm run build
# Upload _site/ contents to your web server
```

### Docker

Create a `Dockerfile`:

```dockerfile
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

FROM nginx:alpine
COPY --from=builder /app/_site /usr/share/nginx/html
EXPOSE 80
```

### Self-Hosted Services

For lab environments, consider deploying alongside:

- **Timesketch**: Timeline Analyse platform
- **MISP**: Threat intelligence sharing
- **Neo4j**: Graph database for relationships

## Browser Support

Features gracefully degrade in older browsers.

## Contributing

### Tool Submissions

1. Fork the repository
2. Add tool information to `src/_data/tools.yaml`
3. Test locally with `npm start`
4. Submit a pull request

### Issue Bericht & Präsentation

Report bugs or suggest features via GitHub Issues.

### Development Guidelines

- Maintain sub-500ms search performance
- Test across major browsers
- Follow existing code style
- Update documentation for changes

## License

BSD-3-Clause License - see LICENSE file for details.

## Acknowledgments

- NIST SP 800-86 for DFIR methodology framework
- Eleventy static site generator
- Uptime Kuma for service monitoring
- Open source DFIR community

## Troubleshooting

### Common Issues

**Build fails with Sass errors**
```bash
npm install --save-dev sass@latest
```

**Search not working**
- Check browser console for JavaScript errors
- Ensure `window.toolsData` is populated
- Verify YAML syntax in tools.yaml

**Uptime Kuma integration failing**
- Check network connectivity to API endpoint
- Verify API key permissions
- Review browser network tab for CORS issues

**Performance issues**
- Ensure tools.yaml isn't excessively large (>1000 tools)
- Check for JavaScript errors blocking execution
- Verify efficient CSS selectors

### Getting Help

1. Check the troubleshooting section above
2. Review GitHub Issues for similar problems
3. Open a new issue with:
   - Browser and version
   - Error messages
   - Steps to reproduce