Skip to content

gaisma22/ciphra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

126 Commits
logs
logs
 
 
static
static
 
 
templates
templates
 
 
uploads
uploads
 
 
utils
utils
 
 
venv
venv
 
 
.env
.env
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
app.py
app.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Ciphra

Ciphra is a simple and educational web app built with Python (Flask) that helps users check if a file is safe and understand why verification matters.
It was designed for cybersecurity awareness, especially for people without a technical background.

🌐 Overview

Ciphra helps users:

  • Verify if downloaded files are authentic and safe.
  • Understand digital signatures and hashes in simple terms.
  • Check if their email has appeared in a data breach.
  • Use temporary emails safely for testing or sign-ups.

It combines real security tools with plain explanations to make everyday cybersecurity understandable.

⚙️ Features

  • SHA-256 Hash Generator: Creates a unique fingerprint for every uploaded file.
  • VirusTotal Check: Uses the file’s hash to check against global malware databases (API key required).
  • Signature Verification (.sig/.asc): Verifies developer-signed files using GPG.
  • Email Breach Check: Integrates Have I Been Pwned API (user-provided key) to show if an email was exposed.
  • Temporary Email Generator: Creates throwaway inboxes using 1secmail’s public API.
  • Local CSV Logs: Keeps simple, anonymized logs of checks for learning and tracking.
  • Privacy-first: Uploaded files are automatically deleted after processing.

🧩 Why It Matters

Most people download files without verifying where they come from.
Ciphra shows why these steps matter:

  • A hash proves a file hasn’t changed.
  • A signature proves who made it.
  • A VirusTotal check shows if it’s known unsafe.
  • A breach check warns about leaked data.
  • A temporary email prevents spam and phishing.

It’s not just a scanner — it’s a learning tool to help users build safe digital habits.

🖥️ How to Run Locally

Step 1. Clone the repository

git clone https://github.com/gaisma22/ciphra.git
cd ciphra

Step 2. Create a virtual environment

python3 -m venv venv
source venv/bin/activate

Step 3. Install dependencies

pip install -r requirements.txt

Step 4. Create a .env file (local use only)

  • Add your own API keys (never share these):
VT_API_KEY=your_virustotal_key_here
HIBP_API_KEY=your_hibp_key_here
  • Get your free VirusTotal key at virustotal.com
  • Get your Have I Been Pwned key at haveibeenpwned.com
  • Keep this file private. It’s already excluded in .gitignore

Step 5. 🔑 GPG Setup (for Signature Verification)

  • Ciphra uses the GnuPG (GPG) tool to verify digital signatures.
  • You must have gpg installed on your system.
Operating System Installation Command / Link Test Command
🐧 Linux sudo apt install gnupg gpg --version
🍎 macOS brew install gnupg gpg --version
🪟 Windows Install Gpg4win gpg --version

If GPG isn’t installed, the app will show:

"GPG failed: command not found. Please install GnuPG before using signature verification.”
To verify a developer’s signature, import their public key:

gpg --import developer_pubkey.asc

Step 5. Run the app

python app.py

Then open:

http://127.0.0.1:5000

🔍 How to Use

  1. Upload any file you want to verify (max 200 MB).
  2. (Optional) Upload its .sig or .asc signature file.
  3. (Optional) Enter your email to check for breaches.
  4. Click Run Verification.
  5. The page will show: SHA-256 hash VirusTotal scan result Signature verification result Breach check summary
  6. Files are deleted automatically after scanning.
  7. Logs are saved locally in logs/activity.csv

🔐 Privacy

  • Files are never uploaded to external servers — only their hash is sent.
  • All logs remain on your machine and use anonymized filenames.
  • Sensitive folders (uploads, logs, .env, venv) are ignored in GitHub.
  • No data is shared or stored online.

🚫 Limitations

  • VirusTotal free API has rate limits.
  • HIBP API requires your own key.
  • Signature verification depends on the public key you import.
  • The app is for learning and awareness, not commercial scanning.

📊 Dashboard

Vist:

http://127.0.0.1:5000/dashboard

The dashboard shows:

  • Total files checked.
  • Files flagged by VirusTotal.
  • Verified signatures. Future versions will include graphs and filters.

🚀 Future Scope

  • Visual Dashboard: Graphs and charts of scans and breaches.
  • File Encryption: Basic encryption/decryption tools with awareness content.
  • Cyber Awareness Feed: Real-time safety updates and global attack news.
  • Offline Verification: Compare hashes without internet access.
  • Report Exports: Download logs as CSV or JSON.
  • Containerized Deployments: Run with Docker for quick setup.
  • Automated Testing: Ensure hashing, GPG, and API checks work correctly.

🧱 Repository Hygiene

  • Never upload .env or API keys.
  • Keep logs and uploads local.
  • Always run in a virtual environment.
  • Clean temporary files regularly.

👤 Author

  • GitHub: gaisma22
  • Project: Ciphra
  • Created for academic and cybersecurity awareness purposes.

About

A simple web app to verify files and teach cybersecurity awareness.

Topics

python-flask digital-signatures malware-detection cybersecurity-tools file-verification gpg-signature-verification virustotal-integration

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages