A complete automated solution to receive the most important cybersecurity updates and news via WhatsApp, with a beautiful web dashboard to view all threats in one place.
- Real-Time Security Alerts: Critical CVEs, vulnerabilities, and breaches
- Top Security News: From Bleeping Computer, Dark Reading, Krebs on Security
- WhatsApp Notifications: Get instant alerts on your phone via Twilio
- Beautiful Dashboard: Modern web UI to view and manage all security intel
- Auto-Scheduling: Automatic news fetching every 2 hours + daily digest
- Severity Filtering: View critical, high, medium, or low priority items
- One-Click Alerts: Send any news item as a WhatsApp alert
- No Manual Work: Fully automated, runs in background
Security Sources (NVD, CISA, RSS)
β
News Scraper
β
SQLite Database
β β
WhatsApp Web Dashboard
Alerts (Port 5000)
- Ubuntu/Debian server with Python 3.8+
- Twilio account (free)
- 5 minutes for setup
# 1. SSH into server and navigate
ssh root@68.183.176.66
cd /opt/cyber-intel
# 2. Copy files from this repo
# (Use SCP or git clone)
# 3. Run setup script
chmod +x setup.sh
./setup.shFull detailed guide: See DEPLOYMENT.md
cyber-intel-system/
βββ app.py # Flask web server
βββ scraper.py # News & CVE scraper
βββ whatsapp_sender.py # WhatsApp notifications
βββ scheduler.py # Background job scheduler
βββ database.py # SQLAlchemy models
βββ requirements.txt # Python dependencies
βββ .env.example # Configuration template
βββ cyber-intel.service # Systemd service file
βββ templates/
β βββ dashboard.html # Web dashboard UI
βββ static/
β βββ style.css # Dashboard styling
βββ data/
β βββ security.db # SQLite database
βββ DEPLOYMENT.md # Setup instructions
βββ README.md # This file
Visit Twilio Console:
- Account SID: Your account identifier
- Auth Token: Your authentication token
- WhatsApp Number: Twilio-provided sandbox number
- Recipient Number: Your phone (e.g., +1234567890)
cp .env.example .env
nano .envFill in your Twilio credentials:
TWILIO_ACCOUNT_SID=ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
TWILIO_AUTH_TOKEN=your_auth_token_here
TWILIO_WHATSAPP_NUMBER=+14155552671
RECIPIENT_WHATSAPP_NUMBER=+1234567890You'll receive alerts like this:
π¨ CRITICAL
Critical Vulnerability in Apache Log4j Found
π https://example.com/full-article
- π¨ Critical: Zero-days, active exploits, ransomware
β οΈ High: Major vulnerabilities, breaches- β‘ Medium: Important updates, security warnings
- βΉοΈ Low: General security news
Access at: http://your-server-ip:5000
Features:
- Real-time security news feed
- Filter by severity level
- Manual news refresh
- Send WhatsApp alerts
- Statistics dashboard
- Dark theme UI
By default, the system:
- Every 2 hours: Scrapes latest news from all sources
- Daily at 9 AM: Sends a digest of critical/high alerts
- Real-time: Updates database as new items arrive
To customize schedules, edit scheduler.py:
# Change scrape interval
scheduler.add_job(
func=run_scraper,
trigger="interval",
hours=2, # Change to 1, 3, 4, etc.
)
# Change daily digest time
scheduler.add_job(
func=lambda: WhatsAppSender().send_daily_digest(),
trigger="cron",
hour=9, # Change to 6, 12, 15, etc. (24-hour format)
minute=0,
)The system monitors:
- Bleeping Computer - Enterprise security & ransomware news
- Dark Reading - Cybersecurity analysis & trends
- Krebs on Security - In-depth security investigations
- NVD/CVE Database - Critical vulnerabilities
- CISA Alerts - Government security warnings
All sources are automatically fetched and deduplicated.
GET / # Dashboard UI
GET /api/news # Get all news (JSON)
GET /api/stats # Get statistics
GET /api/refresh # Trigger scraper
POST /api/send-alert # Send WhatsApp alert
Example API call:
curl http://your-server:5000/api/stats
# Response:
{
"critical": 3,
"high": 12,
"medium": 45,
"low": 128,
"total": 188,
"today": 8
}- Database: SQLite stored locally (password-protected if needed)
- WhatsApp: Uses Twilio's encrypted API
- Environment Variables: Credentials stored in .env (not in code)
- Dashboard: No authentication (add if exposing publicly)
For production, consider:
- Adding basic authentication to dashboard
- Using HTTPS/SSL certificate
- Running behind Nginx reverse proxy
- Restricting API access
sudo journalctl -u cyber-intel -fsudo systemctl restart cyber-intelcp data/security.db data/security.db.backupcd /opt/cyber-intel
# Pull latest changes
git pull origin main
sudo systemctl restart cyber-intelid INTEGER PRIMARY KEY
title VARCHAR(500) -- Article title
source VARCHAR(100) -- News source
url VARCHAR(500) -- Unique article URL
description TEXT -- Article summary
severity VARCHAR(20) -- critical/high/medium/low
published_date DATETIME -- When article was published
added_date DATETIME -- When added to system
category VARCHAR(100) -- vulnerability/breach/news/alert
sent_to_whatsapp BOOLEAN -- If sent as WhatsApp alert- Check
.envfile has correct credentials - Verify phone number format:
+1234567890(with + and country code) - Check Twilio sandbox - must send "join" first
- View logs:
sudo journalctl -u cyber-intel | grep -i whatsapp
- Check service:
sudo systemctl status cyber-intel - Check port:
netstat -tlnp | grep 5000 - Restart:
sudo systemctl restart cyber-intel
- Manually trigger scraper:
curl http://localhost:5000/api/refresh - Check database:
python3 check_db.py - View error logs:
sudo journalctl -u cyber-intel -n 100
- Memory: ~100-150 MB
- Storage: ~10 MB per 1000 news items
- Response Time: <500ms for dashboard
- Concurrent Users: Suitable for 10+ simultaneous users
Open source - modify and use freely.
- Slack/Discord integration
- Email alerts
- Custom keyword filtering
- Threat intelligence integration
- Machine learning severity classification
- API key authentication
- Multi-user dashboard
- Dark/light mode toggle
For issues:
- Check
DEPLOYMENT.mdfor setup issues - Review logs:
sudo journalctl -u cyber-intel - Test manually:
curl http://localhost:5000/api/stats
Made with β€οΈ for cybersecurity professionals
Happy threat hunting! π