Skip to content

ParthVala/secpulse

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

5 Commits
app
app
Β 
Β 
.env.example
.env.example
Β 
Β 
.gitignore
.gitignore
Β 
Β 
README.md
README.md
Β 
Β 
docker-compose.yml
docker-compose.yml
Β 
Β 

Repository files navigation

πŸ›‘οΈ SecPulse

SecPulse is a self-hosted AI-powered security intelligence pipeline that automatically fetches, ranks, deduplicates, and summarises the top 15 cybersecurity stories from 12 curated RSS feeds β€” delivered daily to your Telegram at a scheduled time.

Built by an MSc Cybersecurity student. Runs 24/7 on a VPS with zero manual effort.

πŸ“Έ Sample Output

πŸ›‘ SecPulse Daily Briefing
πŸ“… Tuesday, 21 April 2026
──────────────────────────────

1. SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
   A critical CVSS 9.8 vulnerability in SGLang allows remote code execution...
   πŸ”— Read more β†’ https://thehackernews.com/...

...

⚑ 15 stories · SecPulse · via Gemini

✨ Features

  • πŸ“‘ Fetches from 12 curated security RSS feeds (CISA, BleepingComputer, The Hacker News, NCSC, Dark Reading, and more)
  • 🧠 AI summarisation via Google Gemini (with Groq as automatic fallback)
  • πŸ—‚οΈ Category-aware ranking β€” 3 articles each across Vulnerabilities, Advisories, Breaches, Tools, General
  • πŸ” Smart deduplication β€” never sends the same story twice
  • 🚫 Promo filtering β€” automatically skips webinars, sponsored posts, product showcases
  • πŸ“¬ Telegram delivery with automatic message chunking for long digests
  • πŸ—„οΈ SQLite persistence β€” tracks sent articles across days
  • 🐳 Fully Dockerised β€” one command to run, restart-safe

πŸ—‚οΈ Project Structure

.
β”œβ”€β”€ app/
β”‚   β”œβ”€β”€ config.py          # Loads env vars and config
β”‚   β”œβ”€β”€ db.py              # SQLite database functions
β”‚   β”œβ”€β”€ Dockerfile         # Container definition
β”‚   β”œβ”€β”€ main.py            # Entry point, scheduler
β”‚   β”œβ”€β”€ models.py          # Article data model
β”‚   β”œβ”€β”€ ranker.py          # Scoring, categorisation, deduplication
β”‚   β”œβ”€β”€ requirements.txt   # Python dependencies
β”‚   β”œβ”€β”€ rss_reader.py      # RSS fetch and parse
β”‚   β”œβ”€β”€ sender.py          # Telegram delivery
β”‚   └── summariser.py      # Gemini / Groq AI summarisation
β”œβ”€β”€ data/
β”‚   └── secpulse.db        # SQLite DB (auto-created, gitignored)
β”œβ”€β”€ .env                   # Your secrets (gitignored)
β”œβ”€β”€ .env.example           # Template β€” copy this to .env
β”œβ”€β”€ .gitignore
β”œβ”€β”€ docker-compose.yml
└── README.md

βš™οΈ Prerequisites

Before you start, you need:

Requirement Free? Where to get it
Telegram Bot Token βœ… Free @BotFather on Telegram
Telegram Chat ID βœ… Free @userinfobot on Telegram
Google Gemini API Key βœ… Free tier available aistudio.google.com
Groq API Key (fallback) βœ… Free console.groq.com
Docker + Docker Compose βœ… Free docs.docker.com
A machine to run it 24/7 See below β€”

πŸ€– AI API Keys β€” Free vs Paid

SecPulse uses Google Gemini as the primary summariser with Groq as automatic fallback:

  • Gemini free tier works for testing but has strict rate limits (15 RPM, 1M tokens/day). For daily scheduled use it's usually fine, but heavy manual testing may hit limits.
  • Gemini paid ($0.10–$0.40 per million tokens) costs roughly Β£3–8/month for daily digests and is the recommended option for reliable production use. Get a key at aistudio.google.com.
  • Groq free tier (backup) is used automatically if Gemini fails. Get a key at console.groq.com. No charge needed.

πŸ–₯️ Where to Run It (24/7 Options)

SecPulse needs to run continuously to deliver scheduled digests. Choose one:

Option Cost Effort Notes
VPS β€” Hostinger, Hetzner, DigitalOcean ~Β£3–5/month Low Recommended. The author uses Hostinger KVM 2. SSH in, clone, done.
Raspberry Pi One-time ~Β£35–50 Medium Runs great on Pi 4/5. Needs Linux + Docker installed. Always-on at home.
Always-on PC/laptop Electricity cost Low Works, but not ideal β€” machine must never sleep or shut down.
Oracle Cloud Free Tier βœ… Free forever Medium ARM VM (4 CPU / 24 GB RAM). Requires account + card for verification. cloud.oracle.com
Google Cloud / AWS Free Tier βœ… Free (12 months) Medium t2.micro / e2-micro. Time-limited free tier.

The author runs SecPulse on a Hostinger KVM 2 VPS (Ubuntu 22.04, 2 vCPU, 8 GB RAM) which costs ~Β£4.99/month and handles Docker with no issues.

πŸš€ Setup Guide

Step 1 β€” Clone the Repository

git clone https://github.com/your-username/secpulse.git
cd secpulse

Step 2 β€” Create Your .env File

cp .env.example .env
nano .env

Fill in your values:

# Telegram
TELEGRAM_BOT_TOKEN=your_bot_token_here
TELEGRAM_CHAT_ID=your_chat_id_here

# AI β€” Primary (Google Gemini)
GEMINI_API_KEY=your_gemini_api_key_here

# AI β€” Fallback (Groq)
GROQ_API_KEY=your_groq_api_key_here

# Digest schedule (24h format, UTC or Europe/London)
DIGEST_CRON_HOUR=9
DIGEST_CRON_MINUTE=0

Tip: To get your Telegram Chat ID, start a chat with @userinfobot and it will reply with your ID.

Step 3 β€” Install Docker

If Docker isn't installed yet:

# Ubuntu / Debian
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER
newgrp docker

# Verify
docker --version
docker compose version

Step 4 β€” Build and Run

cd secpulse
sudo docker compose up -d --build

Check it started correctly:

sudo docker compose logs -f

You should see:

πŸ›‘ SecPulse starting up...
DB initialised OK
  βœ… Scheduler started β€” next digest at Wednesday 22 Apr 2026 at 09:00 BST
  πŸ’‘ Run manually anytime: python3 main.py --now
  Press Ctrl+C to stop

Step 5 β€” Test It Immediately

Run a manual digest right now to confirm everything works end-to-end:

sudo docker compose exec secpulse python3 main.py --now

You should receive a Telegram message within ~30 seconds.

πŸ”§ Day-to-Day Commands

# View live logs
sudo docker compose logs -f

# Run a manual digest (uses unsent articles, same as scheduled)
sudo docker compose exec secpulse python3 main.py --now

# Force re-send even if articles already sent (useful for testing)
sudo docker compose exec secpulse python3 main.py --now --force

# Restart the container (e.g. after editing a .py file)
sudo docker compose restart secpulse

# Stop completely
sudo docker compose down

# Rebuild after changing Dockerfile or requirements.txt
sudo docker compose build --no-cache
sudo docker compose up -d

Note: For .py file changes (like main.py, ranker.py), you only need docker compose restart secpulse β€” no rebuild required, since the app folder is volume-mounted.

✏️ Customisation

Change the Digest Schedule

Edit .env:

DIGEST_CRON_HOUR=8    # 8am
DIGEST_CRON_MINUTE=30 # 8:30am

Then restart: sudo docker compose restart secpulse

Add or Remove RSS Feeds

Edit app/rss_reader.py β€” find the RSS_SOURCES list and add/remove entries:

RSS_SOURCES = [
    {"name": "The Hacker News", "url": "https://feeds.feedburner.com/TheHackersNews"},
    {"name": "Your Feed",       "url": "https://example.com/feed.xml"},
    # ...
]

Change Number of Stories Per Day

Edit app/main.py:

DIGEST_SIZE = 15  # Change to any number

And update the per-category caps in app/ranker.py:

CATEGORY_CAPS = {
    "vulnerability": 3,
    "advisory":      3,
    "breach":        3,
    "tool":          3,
    "general":       3,
}

πŸ—„οΈ Database

SecPulse stores all articles in a SQLite database at ./data/secpulse.db (outside the container, persisted via volume mount).

Useful queries:

# Check sent status of recent articles
sudo docker compose exec secpulse python3 -c "
import sqlite3
conn = sqlite3.connect('/data/secpulse.db')
rows = conn.execute('SELECT sent, COUNT(*) FROM articles GROUP BY sent').fetchall()
for r in rows: print('sent=' + str(r[0]), '->', r[1], 'articles')
"

# View latest 10 articles
sudo docker compose exec secpulse python3 -c "
import sqlite3
conn = sqlite3.connect('/data/secpulse.db')
rows = conn.execute('SELECT title, category, score, sent FROM articles ORDER BY created_at DESC LIMIT 10').fetchall()
for r in rows: print(r)
"

Articles older than 30 days are automatically purged on each run.

πŸ› Troubleshooting

Problem Likely Cause Fix
No Telegram message received Wrong bot token or chat ID Check .env values. Test token with curl https://api.telegram.org/bot<TOKEN>/getMe
DB initialised OK but no digest No unsent articles in DB Run with --force flag to override
Gemini API error Rate limit or invalid key Check key at aistudio.google.com. Groq fallback should kick in automatically.
cannot open database file Wrong DB path Confirm ./data/ folder exists: ls -la ~/secpulse/data/
Fewer than 15 stories Ran manually before scheduled run Normal β€” manual runs consume unsent articles. Use --force for testing.
Container keeps restarting App crash on startup Check logs: sudo docker compose logs --tail=50

πŸ“¦ Tech Stack

  • Python 3.11
  • feedparser β€” RSS parsing
  • APScheduler β€” cron-based scheduling
  • Google Gemini API β€” AI summarisation (primary)
  • Groq API β€” AI summarisation (fallback)
  • python-telegram-bot β€” Telegram delivery
  • SQLite β€” article persistence
  • Docker + Docker Compose β€” containerised deployment

πŸ™Œ Contributing

PRs and issues welcome. Some ideas for extensions:

  • Web dashboard to browse past digests
  • Slack / Discord / email delivery alongside Telegram
  • Custom keyword alerting (get pinged instantly for specific CVEs)
  • CVSS score enrichment via NVD API
  • Weekly summary mode in addition to daily

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages