>_ cybergrind.org / orange-book

CyberGrind Architecture

How the site is built — from static content to live threat intelligence. Every layer, every connection, every data flow.

Content & Deploy
Cloudflare Edge
CTI Pipeline
External APIs & Feeds
Automation
Browser / Visitor
Site Deploy Pipeline
Developer
Local Dev Machine
Hugo v0.158.0 extended · PaperMod theme (git submodule) · Content authored in Markdown · Local preview at localhost:1313
hugo server zsh / fish / git bash macOS · CachyOS · Windows
git push → main
Version Control
GitHub — thestrad031487/cybergrind
Single branch strategy. PaperMod as git submodule. Daily news bot auto-commits to main — always pull before pushing to avoid conflicts.
main branch git submodule auto-commit (news bot)
webhook on push
Static Hosting
Cloudflare Pages
Build command: hugo --minify. Output directory: public/. Deploys globally to Cloudflare CDN within ~90 seconds of a push. HTTP headers (CSP, HSTS, X-Frame-Options) served from static/_headers.
auto-deploy global CDN static/_headers www → apex redirect
serves cybergrind.org
Visitor
Browser
Static pages served instantly from CDN edge. Tool pages make JS fetch() calls to Cloudflare Workers and the CTI pipeline API at runtime — no page rebuild required for fresh data.
cybergrind.org Fuse.js search live JS fetch
Cloudflare Workers — API Proxy Layer
Workers sit between the browser and upstream APIs. They hold API keys in Cloudflare Secrets (never in code), cache responses at the edge, and enforce rate limit boundaries. Every Worker URL must be added to connect-src in static/_headers or the browser will silently block requests.
EPSS Worker
Upstream
FIRST EPSS API + NVD CVE API
Cache
Per request
Used in
CVE Research, EPSS Scanner
Auth
None (public APIs)
IP Reputation Worker
Upstream
AbuseIPDB
Cache
None (live lookup)
Used in
IP Reputation Check
Auth
API key (Worker Secret)
KEV Worker
Upstream
CISA KEV Catalog
Cache
1 hour
Used in
KEV Checker, Blue Team
Auth
None (public feed)
Threat Map Worker
Upstream
AbuseIPDB Blacklist
Cache
6 hours
Used in
Global Threat Map
Auth
API key (Worker Secret)
OSINT Feeds Worker
Upstream
IPsum + Emerging Threats + Feodo Tracker
Cache
1 hour
Used in
Threat Map (OSINT tab)
Auth
None (public feeds)
Recent KEV Worker
Upstream
CISA KEV (10 most recent)
Cache
1 hour
Used in
Blue Team widget
Auth
None (public feed)
Self-Hosted CTI Pipeline
Feed
CISA KEV
Public JSON. No auth required.
every 24h
Feed
URLhaus (abuse.ch)
Public CSV export. Malware distribution URLs.
every 1h
Feed
RSS Feeds
Krebs · BleepingComputer · THN · CISA · SANS ISC
every 2h
Feed
MalwareBazaar
Sample metadata. Free API key required.
every 6h
Python collectors (APScheduler)
Containerized Backend
Docker Compose — Windows Workstation
FastAPI + uvicorn serves the REST API. APScheduler runs collectors on their respective schedules. SQLite database stored in a Docker volume (gitignored). CORS configured for cybergrind.org and localhost:1313.
FastAPI SQLite APScheduler Docker Compose /api/health
outbound tunnel (no port forwarding)
Cloudflare Tunnel
cloudflared → api.cybergrind.org
Outbound connection from workstation to Cloudflare edge. No firewall ports opened. No public IP exposed. Runs as a Windows service (auto-starts on boot). Requires --protocol http2 when behind a VPN that blocks UDP/QUIC.
cloudflared Windows service http2 protocol HTTPS termination at edge
JS fetch() on page load
Tool
Live CVEs
Filterable CISA KEV table. Overdue deadlines highlighted.
Tool
Threat Intel Feeds
Tabbed view: security news + live IOCs.
Tool
VT Hash Lookup
VirusTotal reports proxied via pipeline. MalwareBazaar samples.
Daily News Automation
Pipeline — fires daily at 11am CT via cron
📰
NewsAPI
Fetch cybersecurity headlines
🤖
Ollama
Llama 3.2 (local) generates commentary from headlines only
📝
Hugo Post
Markdown file written with frontmatter
🔀
Git Push
Auto-commit + push to main
🚀
Deploy
Cloudflare Pages builds + deploys (~90s)
Design System
Color Palette
Cyber Orange
#FF8C00 — primary accent
Amber Glow
#FFAD33 — secondary highlight
Deep Charcoal
#1A1C1E — page background
Steel Gray
#8E9297 — body text
Typography
Display
Syne — geometric, authoritative
Monospace
Space Mono — terminal aesthetic
System
-apple-system stack for body text in tool pages
Hugo Config
Theme
PaperMod (git submodule)
env
production — enables OG/Schema tags
Search
Fuse.js (JSON index output)
Raw HTML
goldmark unsafe = true
Infographic System
HTML files
static/infographics/
Hugo stubs
content/orange-book/ with layout: infographic
Rendering
iframe (auto-height via scrollHeight)
Styling
Self-contained, PaperMod CSS vars matched
Full Article
How We Built CyberGrind
Mid-level technical walkthrough covering every layer of this architecture — design decisions, code snippets, and gotchas learned in production.
READ THE ARTICLE →