Zentinel 11 is a comprehensive, enterprise-grade security and scam prevention plugin. It provides real-time threat protection, an intelligent firewall with active IP blocking, AI chat & AI-powered security analysis, automated content scanning, brute force lockout enforcement, rate limiting, geo-blocking, complete audit logging, and more — all with zero database footprint using a self-contained JSON storage engine.
Screenshots:
## Features
1. Real-Time Security Middleware
- Active IP Blocking: Blocks blacklisted IPs and CIDR ranges in real-time before Sngine processes the request
- Brute Force Lockout: Enforces progressive lockout periods on IPs flagged by the brute force guard
- Rate Limiting: Per-minute and per-hour request throttling with configurable thresholds and IP whitelisting
- Geo-Blocking: Country-level allow/block rules using IP-to-country geolocation (ip-api.com, cached)
- Request Logging: Sampled activity logging for traffic analysis and anomaly detection
- Fail-Safe Design: Middleware fails silently if the plugin is removed, causing zero impact on Sngine
2. Security Protection
- HTTP Security Headers: Manage and enforce CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy
- Intelligent Firewall: IP blocking with CIDR support, whitelisting, rate limiting, geo-blocking, and auto-expiry rules
- XSS Protection: 32+ regex pattern detection for script injection, event handlers, and encoded payloads
- SQL Injection Protection: 34+ pattern detection for UNION, DROP, SLEEP, hex encoding, and INFORMATION_SCHEMA attacks
- CSRF Protection: Token generation, validation, and Sngine AJAX endpoint scanning
- Brute Force Guard: Progressive lockout system (5 min to 24 hr) with configurable attempt thresholds
- Session Security: Multi-IP detection, impossible travel analysis, and session hijacking prevention
- SSL/TLS Monitoring: Certificate status tracking, expiry warnings, and protocol version checks
- Password Auditor: Strength analysis with HIBP Pwned Passwords breach checking (k-Anonymity model)
- Two-Factor Auth Monitoring: 2FA adoption tracking and enforcement recommendations
- File Integrity Monitoring: SHA-256 baseline hashing with real-time change detection
- Dependency Checker: Composer and npm vulnerability scanning
3. Scam Prevention
- Content Analyzer: Scam keyword detection, urgency scoring, and cryptocurrency address recognition
- User Profiler: Fake account detection with multi-factor risk scoring
- Link Scanner: Phishing and malicious URL detection via PhishTank and URLhaus APIs
- Email Validator: Disposable and fake email domain detection (200+ domain database)
- Bot Detector: Good bot / bad bot classification using user-agent signatures and behavior patterns
- Spam Filter: Bayesian-style scoring across 6 keyword categories (financial, urgency, lottery, phishing, crypto, romance)
- Behavior Analyzer: Detects rapid-fire posting, mass messaging, suspicious timing, and bot-like patterns
- Image Scanner: Profile image analysis with perceptual hashing and stock photo detection
- Network Analyzer: Multi-account and sock puppet detection via IP sharing, coordinated behavior, and closed circle analysis
4. AI Chat & AI-Powered Analysis
- Zentinel AI Chat: Conversational security assistant & chat with a polished interface
- Multi-Provider Support: Google Gemini, Groq, OpenRouter, or any custom OpenAI-compatible endpoint
- Security Context Engine: Automatically builds real-time context from your site’s security data; auto-refreshes after every scan
- Quick Questions: One-click preset questions: Security Overview, Recent Threats, User Analysis, Recommendations, Improve Score
- Chat History: Persistent conversation logs with session management
- Daily Usage Limits: Configurable daily query cap with real-time usage tracking
5. Monitoring & Reporting
- Real-Time Dashboard: Security score, threat counters, activity feed, and system status
- Activity Monitor: Complete admin action tracking and audit trail
- Threat Map: Geographic threat visualization with country-level analytics
- Comprehensive Audit Log: Searchable, filterable, and exportable log viewer with XSS-safe rendering and detail modals
- Performance Monitor: Plugin response times, storage usage, and system health checks
- Automated Reports: Daily digest and weekly summary emails with threat breakdowns
- CSV/JSON Export: Export scan history, threat distribution, and full data archives
- Monthly Comparison: Side-by-side monthly metrics with trend indicators
6. Site-Wide Scanner
- Full Scan: Comprehensive analysis across all 13 security and scam modules
- Quick Scan: Essential checks (headers, firewall, SSL, sessions) in under a minute
- Custom Scan: Choose specific modules to scan
- Scan History: Compare past scans to track security improvements over time
- Security Score: Weighted 0-100 score with category breakdowns
7. Notifications
- Instant Alerts: Critical and high severity events trigger immediate email notifications
- Daily Digest: Summarized daily security report
- Weekly Report: Comprehensive weekly security and threat analysis
- Configurable Thresholds: Set custom alert levels for score drops, threat counts, and failed logins
- Templates: Professional HTML email templates
8. API Integrations (Completely Free)
- HIBP Pwned Passwords (Pre-Integrated): Check passwords against breach databases using the k-Anonymity model (no API key required)
- PhishTank: Real-time phishing URL verification (free API key from phishtank.org)
- URLhaus / abuse.ch (Pre-Integrated): Malicious URL and malware distribution site detection (no API key required)
9. Data Management
- Zero Database Footprint: All plugin data stored in JSON files
- Full Export/Import: Portable `.z11` archive format (ZIP) for backup, migration, and reinstallation
- Automatic Log Rotation: Daily-rotated log files with configurable retention periods
- AES-256-CBC Encryption: API keys encrypted at rest in storage
- Atomic Writes: All JSON file writes use temp-file + rename for crash safety
Link:
Note:
This is a third-party plugin developed by a different team and developer. As the Sngine team always encourages developers to add more and more features to our beloved Script “Sngine,” we welcome this plugin ❤️ 💐
