@profullstack/threatcrush
v0.1.16
Published
All-in-one security agent daemon — monitor, detect, scan, and protect servers in real-time
Readme
ThreatCrush is a security daemon that runs on your server, monitoring every connection on every port. It detects live attacks, scans your codebase, pentests your APIs, and alerts you in real-time.
$ threatcrush monitor
[12:03:41] ✓ Monitoring all ports · nginx · sshd · postgres
[12:03:42] ✓ Loaded 1,247 attack signatures
[12:03:45] ⚠ SQLi attempt — :443 185.43.21.8 → /api/users?id=1 OR 1=1
[12:03:47] ✗ SSH brute force — :22 91.232.105.3 → 47 failed attempts
[12:03:50] ⚠ Port scan — 45.33.32.156 scanning :21-:8080 (SYN flood)
[12:03:52] ⚠ DNS tunneling — :53 suspicious TXT queries from 103.44.8.2
[12:04:01] ✓ 3,891 connections analyzed · 4 threats · 1 blockedInstall
Preferred install:
curl -fsSL https://threatcrush.com/install.sh | shThe installer detects whether the machine is a server or desktop, uses your existing package manager when available, and can bootstrap Node.js with mise on bare machines.
- Linux server → installs the CLI
- Linux desktop → installs the CLI + desktop app
- Windows desktop → installs the desktop app to connect to a ThreatCrush server elsewhere
- macOS desktop → desktop-oriented install for connecting to a ThreatCrush server
After install, the supported lifecycle commands are:
threatcrush update # upgrades the installed bundle
threatcrush remove # removes the installed bundleManual package-manager installs still work:
npm i -g @profullstack/threatcrush
pnpm add -g @profullstack/threatcrush
yarn global add @profullstack/threatcrush
bun add -g @profullstack/threatcrushUsage
threatcrush # Get started
threatcrush monitor # Real-time security monitoring (all ports)
threatcrush tui # Interactive dashboard (htop for security)
threatcrush scan ./src # Scan code for vulnerabilities & secrets
threatcrush pentest URL # Penetration test a URL/API
threatcrush init # Auto-detect services, generate config
threatcrush status # Show daemon status & loaded modules
threatcrush modules # Manage security modules
threatcrush store # Browse the module marketplace
threatcrush update # Upgrade the CLI using the supported pathFeatures
| Feature | Description | |---------|-------------| | 🔍 Live Attack Detection | Monitors all inbound connections on every port. Detects SQLi, XSS, brute force, SSH attacks, port scans, DNS tunneling. | | 🛡️ Code Security Scanner | Scan your codebase for vulnerabilities, hardcoded secrets, and misconfigurations. | | 💥 Pentest Engine | Automated penetration testing on your URLs and APIs. | | 🔀 Network Monitor | Watches all TCP/UDP traffic across every port — HTTP, SSH, DNS, FTP, databases. | | 🔔 Real-time Alerts | Slack, email, webhook notifications the instant a threat is detected. | | ⚙️ systemd Daemon | Runs as a background service on your server. Auto-starts on boot, monitors 24/7. | | 📊 TUI Dashboard | Interactive terminal dashboard — htop for security. |
Modules
ThreatCrush uses a pluggable module system. Install from the marketplace or build your own:
threatcrush modules list # List installed
threatcrush modules install ssh-guard # Install a module
threatcrush modules install docker-monitor
threatcrush store search "firewall" # Search marketplace
threatcrush store publish ./my-module # Publish your ownCore Modules (included)
| Module | What it monitors |
|--------|-----------------|
| network-monitor | All TCP/UDP traffic, port scans, SYN floods |
| log-watcher | nginx, Apache, syslog, journald |
| ssh-guard | Failed logins, brute force, tunneling |
| code-scanner | Vulnerabilities, secrets, dependency CVEs |
| pentest-engine | SQLi, XSS, SSRF, API fuzzing |
| dns-monitor | DNS tunneling, DGA detection |
| firewall-rules | Auto-blocks via iptables/nftables |
| alert-system | Slack, Discord, email, webhook, PagerDuty |
Community Modules
Build and sell your own modules on the ThreatCrush marketplace:
docker-monitor— Container escape detectionk8s-watcher— Kubernetes cluster securityhoneypot— Deploy decoy servicesgeo-blocker— Block traffic by country/ASNcompliance-reporter— SOC2, HIPAA, PCI-DSS reports
Configuration
threatcrush init # Auto-detect & generate configConfig lives at /etc/threatcrush/threatcrushd.conf with module configs in /etc/threatcrush/threatcrushd.conf.d/.
Pricing
| Tier | Price | |------|-------| | Lifetime Access | $499 one-time | | With Referral | Friend pays $399 · You earn $100 cash per referral |
Pay once, access forever. All core modules, CLI, daemon, API, and lifetime updates included.
👉 Get lifetime access at threatcrush.com
Browser Extension
Monitor security from your browser:
- Chrome — Chrome Web Store (coming soon)
- Firefox — Firefox Add-ons (coming soon)
- Safari — Coming soon
Features: scan any site, real-time alerts, security headers check, dashboard popup.
Links
- 🌐 Website: threatcrush.com
- 📦 npm: @profullstack/threatcrush
- 🐙 GitHub: profullstack/threatcrush
- 🐛 Issues: GitHub Issues
License
MIT © Profullstack, Inc.