cyberzard 0.1.18

AI-assisted CyberPanel server scanner and remediation CLI

🛡️ Cyberzard & CyberPanel Cleanup

Modern incident triage for CyberPanel:

• 🧰 Legacy bash cleanup scripts (basic & advanced)
• 🤖 Cyberzard — an AI‑assisted, safety‑constrained CLI for scanning, explaining, and planning remediation

---

🔗 Quick Links

• 📚 Docs: https://elwizard33.github.io/Cyberzard/
• 🧪 Try Cyberzard: see “Install & Use” below
• 🗺️ Roadmap: ROADMAP.md
• 🐞 Issues Guide: ISSUE_GUIDE.md
• 📜 License: MIT

---

📖 Table of Contents

• Cyberzard — AI Security CLI
  • Features
  • Install & Use
  • Environment
  • Safety Model
• 🧰 Legacy Cleanup Scripts
  • Overview
  • Quick Start
  • Advanced vs Basic
  • Decrypt Helpers
• 🤝 Contributing
• ⚠️ Disclaimer

---

🤖 Cyberzard — AI Security CLI

Experimental preview. Interfaces may change until v0.1.

Features

Area	What you get
Multi‑source scanning	Files, processes, cron, services, users, SSH keys, encrypted files
Severity scoring	Critical/High/Medium/Low with rationale
Evidence preservation	Optional hashing/archiving prior to actions
Dry‑run planning	Generate remediation plan JSON first
AI reasoning (optional)	Summaries, prioritization, advice (OpenAI/Anthropic/xAI/none)
ReAct loop	Safe tool schema, sandboxed helpers
Output	Pretty tables + JSON
Chat mode	Interactive, permission‑aware assistant
TUI (optional)	Simple terminal UI for scan results
Email stack hardening	scan + AI summary + guided execution

Install & Use

Option 1: Install from PyPI (Recommended) 🐍

# Basic install
pip install cyberzard

# With AI provider extras
pip install cyberzard[openai]      # OpenAI support
pip install cyberzard[anthropic]   # Anthropic Claude support
pip install cyberzard[xai]         # xAI Grok support
pip install cyberzard[providers]   # All AI providers
pip install cyberzard[all]         # Everything (AI + TUI + MCP)

With pipx (recommended for CLI tools - isolated environment):

pipx install cyberzard
pipx install 'cyberzard[openai]'

With uv (fast modern package manager):

uv tool install cyberzard
# Or run without installing:
uvx cyberzard scan

Option 2: One-liner installer (Linux binary)

bash -c "$(curl -fsSL https://raw.githubusercontent.com/elwizard33/Cyberzard/main/scripts/install.sh)"

Upgrade later:

# PyPI upgrade
pip install --upgrade cyberzard

# Binary upgrade
cyberzard --upgrade                    # quick upgrade using global flag
cyberzard upgrade --channel stable     # explicit upgrade command

Option 3: Install from source (development)

git clone https://github.com/elwizard33/Cyberzard.git
cd Cyberzard
python3 -m venv .venv && source .venv/bin/activate
python -m pip install -U pip setuptools wheel
pip install -e .[openai]   # or .[anthropic] or .[dev]

Notes:

• PyPI: Available at https://pypi.org/project/cyberzard/
• Linux binaries: Pre-built binaries available on GitHub Releases
• macOS/Windows: Use PyPI install (pip install cyberzard)

Optional TUI (terminal UI):

pip install 'textual>=0.60'
cyberzard tui

Common commands:

# Scan and pretty print
cyberzard scan

# JSON findings
cyberzard scan --json > findings.json

# Advice (static + optional AI enrichment)
CYBERZARD_MODEL_PROVIDER=openai OPENAI_API_KEY=sk-... cyberzard advise

# Explain findings (AI)
OPENAI_API_KEY=sk-... cyberzard explain --provider openai

# Bounded reasoning loop (ReAct)
OPENAI_API_KEY=sk-... cyberzard agent "Top suspicious processes and rationale" --steps 4

# Interactive chat (permission‑aware)
cyberzard chat
cyberzard chat --auto-approve --max-probes 8

# Remediation (requires explicit flags)
cyberzard remediate --delete --kill --preserve

# n8n deployment assistant (generate + optional apply)
# Native (OpenLiteSpeed reverse-proxy):
cyberzard n8n-setup --domain example.com --subdomain n8n --mode native --basic-auth --out-dir ./out

# Cloudflare Tunnel (docker compose + cloudflared):
cyberzard n8n-setup --domain example.com --subdomain n8n --mode tunnel --out-dir ./out

# Write-only JSON summary (no apply):
cyberzard n8n-setup --domain example.com --mode native --write-only --out-dir ./out --overwrite

# Email security (scan + hardening preview)
cyberzard email-security --dry-run

# Execute guided (still dry-run by default until --no-dry-run)
cyberzard email-security --run --dry-run --max-risk medium

# Full remediation guide + optional execution
cyberzard email-fix --run --dry-run --max-risk low

# JSON output (no rich)
cyberzard email-security --json --run --dry-run

Troubleshooting

• Editable install error (missing build_editable hook): upgrade pip/setuptools/wheel in a venv, or use non‑editable install:
  • python -m pip install -U pip setuptools wheel
  • pip install .[openai] (or .[anthropic] or just .)

Environment

Var	Purpose	Default
CYBERZARD_PROVIDER	openai, anthropic, xai, none	none
OPENAI_API_KEY	API key when provider=openai	—
ANTHROPIC_API_KEY	API key when provider=anthropic	—
XAI_API_KEY	API key when provider=xai	—
CYBERZARD_EVIDENCE_DIR	Evidence dir	/var/lib/cyberzard/evidence
CYBERZARD_DRY_RUN	Global dry‑run	true

Check available providers:

cyberzard providers

Safety Model

• No raw shell; curated, allow‑listed tools only
• Dry‑run by default; explicit flags to delete/kill
• Reasoning step cap; sandboxed helpers
• AI optional; offline works fine

MCP Server (Model Context Protocol)

Cyberzard can act as an MCP server, exposing all its security tools to AI agents like Claude:

# Start MCP server (stdio transport for Claude Desktop)
cyberzard mcp

# Start with SSE transport for web clients
cyberzard mcp --transport sse --port 8080

# Start with streamable HTTP transport
cyberzard mcp --transport streamable-http --port 8080

Configure in Claude Desktop (claude_desktop_config.json):

{
  "mcpServers": {
    "cyberzard": {
      "command": "cyberzard",
      "args": ["mcp"],
      "env": {}
    }
  }
}

Available tools via MCP:

• scan_server - Full security scan
• read_file - Safe file reading
• propose_remediation - Generate remediation plans
• CyberPanel management (websites, databases, email, DNS, SSL, backups, firewall)

CyberPanel Integration

Cyberzard integrates with CyberPanel's REST API for server management:

# Set CyberPanel credentials
export CYBERPANEL_HOST=https://your-server:8090
export CYBERPANEL_USER=admin
export CYBERPANEL_PASS=your-password

# Use via chat mode
cyberzard chat
> List all websites on this server
> Create a new database called myapp_db

# Or programmatically in Python
from cyberzard.cyberpanel import CyberPanelClient
client = CyberPanelClient()
websites = await client.list_websites()

Supported operations:

• Websites: List, create, delete, suspend/unsuspend
• Databases: List, create, delete MySQL/MariaDB databases
• Email: Accounts, forwarders, DKIM
• DNS: Records management
• SSL: Issue/renew certificates
• Firewall: CSF rules, block/unblock IPs
• Backups: Create, restore, schedule

Enhanced TUI (Terminal UI)

The enhanced TUI provides a split-panel chat interface:

# Install TUI dependencies
pip install 'cyberzard[tui]'

# Run chat TUI
cyberzard chat --tui

# Or legacy scan TUI
cyberzard tui

Features:

• Split layout: Conversation on left, tools on right
• Real-time tool tracking: See tool calls as they execute
• Streaming responses: Watch AI responses as they generate
• Keyboard shortcuts: Ctrl+L (clear), Ctrl+T (toggle tools), q (quit)

---

🧰 Legacy Cleanup Scripts

Overview

Basic and Advanced bash scripts to triage and clean common artifacts from the November CyberPanel attacks.

Capability	Basic	Advanced
Diagnostics (files, processes, encrypted files)	✅	✅
Cleanup of artifacts	✅	✅
User + SSH key audit	—	✅
Interactive confirmations	—	✅
Extra post‑hardening tips	—	✅

Quick Start

Basic:

sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/elwizard33/Cyberzard/main/scripts/wizard_cleanup.sh)"

Advanced:

sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/elwizard33/Cyberzard/main/scripts/advanced_wizard_cleanup.sh)"

Decrypt Helpers

• .psaux files: 1-decrypt.sh
• .encryp files: encryp_dec.out

---

🤝 Contributing

Please read the Issue Guide before filing.

• Small, focused PRs with tests/docs updates are welcome
• Clearly document environment and reproduction steps

⚠️ Disclaimer

These tools are provided as‑is, without warranty. Validate outputs before acting in production. Maintain backups and snapshots.

---

Useful References

• ManagingWP CyberPanel RCE Auth Bypass
• ArrayIterator's Cleanup Gist
• Yoyosan's Cleanup Gist
• NothingCtrl's First Cleanup Gist
• NothingCtrl's Second Cleanup Gist
• Crosstyan's Cleanup Gist