qognio-templates/pia-phishing-pruefer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

init: extract pia-phishing-pruefer from qognio-bot-widget-template@d2c816f

Browse source 
Source files (src/) and rendered bundle (www/) extracted on 2026-04-29T01:35:48+02:00.
Adds nginx:alpine Dockerfile + docker-compose.yml (Caddy-labels) so the bot
runs stand-alone or as a per-customer template clone.

Parent monorepo commit: d2c816f3edbc9760802a11b29ff4151c7aad4b46
Bot version: 2026-04-25
This commit is contained in:
Qognio Bot Extract 2026-04-29 01:35:49 +02:00
commit 3a237a52dc
16 changed files with 3510 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.dockerignore Normal file
View file

@ -0,0 +1,7 @@
.git
.gitignore
README.md
bot.json
src/
docker-compose.yml
*.md

4
.gitignore vendored Normal file
View file

@ -0,0 +1,4 @@
.DS_Store
*.log
*.tmp
node_modules/

13
Dockerfile Normal file
View file

@ -0,0 +1,13 @@
# Static-bundle bot — nginx:alpine serves www/ on port 80.
FROM nginx:1.27-alpine
# nginx config: gzip + cache headers + index.html no-store
COPY nginx.conf /etc/nginx/conf.d/default.conf
# Static bundle
COPY www/ /usr/share/nginx/html/
# Run as non-root via nginx's built-in unprivileged image features
EXPOSE 80
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD wget -q --spider http://127.0.0.1/index.html || exit 1

67
README.md Normal file
View file

@ -0,0 +1,67 @@
# Pia — Phishing-Prüferin & Awareness-Coach
Pia — die Phishing-Prüferin und Awareness-Coach für KMU ohne SOC. Live-Mail-Bewertung, CEO-Fraud, QR-Phishing, BEC, Deepfake-Voice. Im deutschen Bunker.
```
slug : pia-phishing-pruefer
version : 2026-04-25
accent : #dc2626
runtime : nginx:alpine (static bundle)
template : qognio-bot-template-core (former qognio-bot-widget-template)
```
## Layout
```
.
├── src/ source — config.yaml, welcome.html, curricula.json, etc.
├── www/ rendered, directly servable static bundle
├── Dockerfile nginx:alpine + www/ → port 80
├── docker-compose.yml bot-host pattern (Caddy-labels, restart unless-stopped)
├── nginx.conf gzip + cache + SPA fallback
└── bot.json metadata + parent_core_commit
```
## Run locally
```bash
docker compose up --build
# → http://localhost (you'll need to tweak ports for local-only use)
```
## Re-render after upstream core changes
This repo only stores src + rendered output; the rendering engine lives in
`qognio-bot-template-core`. To pull in core changes:
```bash
cd /path/to/qognio-bot-template-core
./scripts/render.sh pia-phishing-pruefer --bot-repo /path/to/this/repo
git -C /path/to/this/repo commit -am "render: refresh from core@<sha>"
```
## Per-customer copy (template usage)
This repo is a **template**. To clone for a customer:
```bash
git clone <this-repo> my-customer-pia-phishing-pruefer
cd my-customer-pia-phishing-pruefer
# tweak src/config.yaml (slug, bot_key_value, accent), src/welcome.html, src/curricula.json
docker compose -f docker-compose.yml up --build
```
## Deploy to qognio bot-host (.42 LXC pattern — legacy)
The bot-manager spawns LXC containers named after the slug. Push www/ via:
```bash
ssh fmh@46.243.203.42
sudo lxc file push /tmp/www/* pia-phishing-pruefer/var/www/html/
```
(Or run the docker-compose pattern on a Docker host — same network as Caddy.)
---
Generated by `qognio-bot-template-core/scripts/extract-to-repo.sh` on 2026-04-29T01:35:48+02:00.

14
bot.json Normal file
View file

@ -0,0 +1,14 @@
{
"slug": "pia-phishing-pruefer",
"name": "Pia",
"title": "Phishing-Prüferin & Awareness-Coach",
"tagline": "Phishing-Prüferin",
"description": "Pia — die Phishing-Prüferin und Awareness-Coach für KMU ohne SOC. Live-Mail-Bewertung, CEO-Fraud, QR-Phishing, BEC, Deepfake-Voice. Im deutschen Bunker.",
"version": "2026-04-25",
"accent": "#dc2626",
"extracted_from": "qognio-bot-widget-template",
"parent_core_commit": "d2c816f3edbc9760802a11b29ff4151c7aad4b46",
"extracted_at": "2026-04-29T01:35:48+02:00",
"runtime": "nginx:alpine",
"default_port": 80
}

20
docker-compose.yml Normal file
View file

@ -0,0 +1,20 @@
# Stand-alone bot container.
# Designed for the "caddy" external network on the bot host (qognio pattern).
# Override the hostname via SLUG env var if you reuse this template per customer.
services:
bot:
build: .
image: qognio/bot-pia-phishing-pruefer:${TAG:-latest}
container_name: bot-pia-phishing-pruefer
restart: unless-stopped
networks:
- caddy
labels:
caddy: "pia-phishing-pruefer.on.qognio.com"
caddy.reverse_proxy: "{{upstreams 80}}"
qognio.bot.slug: "pia-phishing-pruefer"
qognio.bot.version: "2026-04-25"
networks:
caddy:
external: true

27
nginx.conf Normal file
View file

@ -0,0 +1,27 @@
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
# gzip
gzip on;
gzip_vary on;
gzip_types text/css application/javascript application/json image/svg+xml text/plain;
gzip_min_length 512;
# index.html: never cache (so welcome screen / wiring updates land instantly)
location = /index.html {
add_header Cache-Control "no-store, must-revalidate" always;
}
# static assets: cache 1h
location ~* \.(?:css|js|json|svg|png|jpe?g|webp|gif|ico|woff2?)$ {
add_header Cache-Control "public, max-age=3600" always;
try_files $uri =404;
}
location / {
try_files $uri $uri/ /index.html;
}
}

18
src/check-badges.js Normal file
View file

@ -0,0 +1,18 @@
// Erste Mail-Prüfung — 1 Quiz im Absender-Tricks-Modul (Pattern)
if ((state.moduleCorrect && state.moduleCorrect['absender-tricks'] >= 1)) unlockBadge('erste_pruefung');
// CEO-Fraud-Spotter — 5 Quiz korrekt im CEO-Grundlagen-Modul
if ((state.moduleCorrect && state.moduleCorrect['ceo-grundlagen'] >= 5)) unlockBadge('ceo_fraud_spotter');
// BEC-Profi — 5 Quiz korrekt im BEC-Grundlagen-Modul
if ((state.moduleCorrect && state.moduleCorrect['bec-grundlagen'] >= 5)) unlockBadge('bec_profi');
// QR-Detektiv:in — 3 Quiz korrekt im Quishing-Modul
if ((state.moduleCorrect && state.moduleCorrect['quishing'] >= 3)) unlockBadge('qr_detektiv');
// Incident-Response — Erste-60-Min-Modul Flashcards bestanden
if ((state.modulePassedFlash && state.modulePassedFlash['ersten-60-min'])) unlockBadge('incident_response');
// Awareness-Champion — 12 von 15 Modulen mit ≥80% Quiz-Score abgeschlossen (80% Master-Coverage)
if ((state.completedCurricula || []).length >= 12) unlockBadge('awareness_champion');
// Streak 14 — 14-Tage-Disziplin (Awareness ist Übungssache)
if (state.maxStreak >= 14) unlockBadge('streak_14');
// Night Owl & Early Bird (beibehalten)
const h = new Date().getHours();
if (h >= 22) unlockBadge('night_owl');
if (h < 7) unlockBadge('early_bird');

33
src/config.yaml Normal file
View file

@ -0,0 +1,33 @@
slug: pia-phishing-pruefer
bot_name: Pia
bot_title: Phishing-Prüferin & Awareness-Coach
brand_letter: P
title: "Pia · Phishing-Prüferin & Awareness-Coach"
tagline: "Verdächtige Mail? Pia prüft sie in 2 Minuten."
tagline_short: Phishing-Prüferin
meta_description: "Pia — die Phishing-Prüferin und Awareness-Coach für KMU ohne SOC. Live-Mail-Bewertung, CEO-Fraud, QR-Phishing, BEC, Deepfake-Voice. Im deutschen Bunker."
bot_key_var: __PIA_KEY__
bot_key_value: qb_imoewxtymsmf
ls_prefix: pia
bot_version: "2026-04-25"
# Color theme — alarm-rot mit cool-blau Untertönen (Security-Pia)
accent: "#dc2626"
accent_2: "#ef4444"
accent_dark: "#991b1b"
accent_rgb: "220, 38, 38"
accent_rgb_compact: "220,38,38"
success_color: "#22c55e"
msg_strong_color: "#fecaca"
# UI Labels
tab_flash_label: Karten
tab_curriculum_label: Module
curriculum_long_label: Awareness-Library
# Bot-personality strings
quiz_intro_hint: "Wähle ein Modul — Pia generiert realistische Phishing-Szenarien zum Üben."
quiz_verb: erstellt
quiz_noun: "Phishing-Szenarien"
flash_intro_hint: "Karteikarten zu Phishing-Pattern, BEC, QR-Phishing, Deepfake — Spaced-Repetition."
flash_verb: generiert

181
src/curricula.json Normal file
View file

@ -0,0 +1,181 @@
{
"version": "2026-04-25",
"updated": "2026-04-25",
"curricula": [
{
"id": "pattern",
"title": "1 · Phishing-Pattern erkennen",
"short": "Sender-Tricks, Domain-Spoofing, Urgency, Authority",
"icon": "shield",
"color": "#dc2626",
"description": "Die klassischen Pattern: gefälschte Absender, ähnliche Domains, künstliche Dringlichkeit, gefakte Autorität. Wie man sie technisch und sozial erkennt.",
"source_md": "00-pattern.md",
"modules": [
{
"id": "absender-tricks",
"title": "Absender-Tricks (Spoofing, Display-Name)",
"objectives": ["From-Header von Reply-To unterscheiden","Display-Name vs. echte Adresse","SPF/DKIM/DMARC-Status lesen"],
"topics": ["From","Reply-To","Display-Name","SPF","DKIM","DMARC"],
"difficulty": "mittel",
"source_heading": "Absender-Tricks"
},
{
"id": "domain-spoofing",
"title": "Domain-Spoofing & Look-Alikes",
"objectives": ["Homoglyph-Attacks erkennen (rn vs. m, 0 vs. O)","Subdomain-Spoofing (paypal.security-update.tld)","Punycode (xn--)"],
"topics": ["Homoglyph","Punycode","Subdomain"],
"difficulty": "schwer",
"source_heading": "Domain-Spoofing"
},
{
"id": "urgency-authority",
"title": "Urgency & Authority — Social Engineering",
"objectives": ["Urgency-Marker erkennen (heute, sofort, letzte Mahnung)","Authority-Marker (CEO, Anwalt, Behörde)","Cognitive-Bias-Trigger"],
"topics": ["Urgency","Authority","Reciprocity","Scarcity"],
"difficulty": "einfach",
"source_heading": "Social Engineering"
}
]
},
{
"id": "ceo-fraud",
"title": "2 · CEO-Fraud & Authority-Attacks",
"short": "Wie der vermeintliche CEO Geld überweisen lässt",
"icon": "alert",
"color": "#dc2626",
"description": "Eine der teuersten Phishing-Varianten: gefälschte Mails vom Geschäftsführer an die Buchhaltung, oft mit Druck und Geheimhaltungs-Bitte.",
"source_md": "01-ceo-fraud.md",
"modules": [
{
"id": "ceo-grundlagen",
"title": "CEO-Fraud — wie es läuft",
"objectives": ["Typischer Ablauf (Recherche → Mail → Druck → Überweisung)","Pre-Texting via LinkedIn","Targeting der Buchhaltung"],
"topics": ["Recherche","Pre-Texting","LinkedIn-OSINT"],
"difficulty": "mittel",
"source_heading": "CEO-Fraud-Ablauf"
},
{
"id": "ceo-erkennung",
"title": "Erkennungs-Marker",
"objectives": ["Geheimhaltungs-Bitte als Red-Flag","Domain-Mikroskopie (CEO@firma-de.com vs. .de)","Erste-Mail-Pattern (kein Vor-Mail-Verlauf)"],
"topics": ["Geheimhaltung","Domain-Check","Vor-Mail-Verlauf"],
"difficulty": "mittel",
"source_heading": "Erkennung"
},
{
"id": "ceo-prozess",
"title": "Prozess-Schutz: 4-Augen + Voice-Callback",
"objectives": ["Voice-Callback per bekannter Nummer","4-Augen-Prinzip ab Schwellen-Betrag","Abweichungs-Doku & Eskalation"],
"topics": ["4-Augen","Voice-Callback","Schwellen-Betrag"],
"difficulty": "schwer",
"source_heading": "Prozess-Schutz"
}
]
},
{
"id": "bec",
"title": "3 · Business Email Compromise (BEC)",
"short": "Wenn der Account selbst übernommen wurde",
"icon": "alert",
"color": "#dc2626",
"description": "BEC = der Angreifer hat Zugriff auf einen echten Account und schreibt FROM diesem Account. Schwerste Variante, da SPF/DKIM grün sind.",
"source_md": "02-bec.md",
"modules": [
{
"id": "bec-grundlagen",
"title": "BEC — was es ist, warum so gefährlich",
"objectives": ["BEC vs. Phishing abgrenzen","Conversation-Hijacking erkennen","Vendor-Email-Compromise (VEC)"],
"topics": ["BEC","VEC","Conversation-Hijacking"],
"difficulty": "schwer",
"source_heading": "BEC-Grundlagen"
},
{
"id": "bec-bankdaten",
"title": "Bankdaten-Änderungs-Trick",
"objectives": ["Last-Minute-IBAN-Änderung als Red-Flag","Verifikation via 2. Kanal","Vertragliche Klauseln gegen IBAN-Änderung"],
"topics": ["IBAN-Änderung","2. Kanal","Vertragsklausel"],
"difficulty": "mittel",
"source_heading": "Bankdaten-Trick"
},
{
"id": "bec-mfa",
"title": "MFA-Bypass & Token-Diebstahl",
"objectives": ["AiTM-Angriffe (EvilProxy, Modlishka)","Session-Cookie-Diebstahl","Phishing-resistente MFA (FIDO2)"],
"topics": ["AiTM","Session-Cookie","FIDO2"],
"difficulty": "schwer",
"source_heading": "MFA-Bypass"
}
]
},
{
"id": "qr-deepfake",
"title": "4 · QR-Phishing & Deepfake-Voice",
"short": "Die neuen Vektoren — Bilder-QR und KI-Stimmen",
"icon": "eye",
"color": "#dc2626",
"description": "Quishing (QR-Phishing in Mails/Postern) und Vishing (Voice-Phishing) inkl. Deepfake-Stimmen — die wachsenden Angriffsflächen 2025/2026.",
"source_md": "03-qr-deepfake.md",
"modules": [
{
"id": "quishing",
"title": "Quishing — QR-Phishing",
"objectives": ["QR-Codes vor Scan auf Ziel-URL prüfen","Mobile-Filter umgehen","Awareness in Konferenzräumen/Büro-Aushängen"],
"topics": ["QR","Mobile-Filter","Office-Awareness"],
"difficulty": "mittel",
"source_heading": "Quishing"
},
{
"id": "voice-vishing",
"title": "Vishing — Voice-Phishing",
"objectives": ["Helpdesk-Impersonation","Identifikations-Verfahren am Telefon","Code-Words / Safe-Phrases"],
"topics": ["Helpdesk","Identifikation","Safe-Phrase"],
"difficulty": "mittel",
"source_heading": "Vishing"
},
{
"id": "deepfake",
"title": "Deepfake-Voice (CEO-Anruf)",
"objectives": ["Wie KI-Stimm-Klone heute klingen","Verifikations-Frage-Pattern","Eskalations-Workflow bei Verdacht"],
"topics": ["Voice-Cloning","Verifikations-Frage","Eskalation"],
"difficulty": "schwer",
"source_heading": "Deepfake-Voice"
}
]
},
{
"id": "incident-response",
"title": "5 · Incident-Response (Wenn's passiert ist)",
"short": "Erste 60 Minuten, NIS2-Meldepflicht, Kommunikation",
"icon": "search",
"color": "#dc2626",
"description": "Wenn jemand geklickt hat: Sofort-Maßnahmen, Forensik-Schutz, NIS2-Meldepflicht, Kommunikation an Betroffene und Behörden.",
"source_md": "04-incident-response.md",
"modules": [
{
"id": "ersten-60-min",
"title": "Die ersten 60 Minuten",
"objectives": ["Account isolieren (nicht löschen)","Passwörter zentral resetten","Audit-Logs sichern"],
"topics": ["Isolation","Reset","Audit-Logs"],
"difficulty": "mittel",
"source_heading": "Erste 60 Min"
},
{
"id": "meldepflichten",
"title": "Meldepflichten (NIS2 / DSGVO)",
"objectives": ["NIS2 24h-Frühwarnung, 72h-Meldung, 30-Tage-Bericht","DSGVO 72h Datenpannen-Meldung","Wer ist zuständige Behörde"],
"topics": ["NIS2","Art. 33 DSGVO","BSI"],
"difficulty": "schwer",
"source_heading": "Meldepflichten"
},
{
"id": "kommunikation",
"title": "Kommunikation an Team & Kund:innen",
"objectives": ["Holistic Communication-Plan","Was darf öffentlich gesagt werden","Reputations-Schutz vs. Transparenz"],
"topics": ["Communication-Plan","Public-Statement","Reputation"],
"difficulty": "mittel",
"source_heading": "Kommunikation"
}
]
}
]
}

4
src/levels-fallback.js Normal file
View file

@ -0,0 +1,4 @@
{ min: 0, title: 'Phishing-Anfänger:in' }, { min: 50, title: 'Aufmerksame:r Klicker:in' },
{ min: 200, title: 'Awareness-Profi' }, { min: 500, title: 'Phishing-Detektiv:in' },
{ min: 1250, title: 'Awareness-Multiplikator:in' }, { min: 2500, title: 'IT-Awareness-Lead' },
{ min: 5000, title: 'Cyber-Awareness-Champion' }

29
src/welcome.html Normal file
View file

@ -0,0 +1,29 @@
<h2>Hi, ich bin Pia.</h2>
<p>Ich bin deine <strong>Phishing-Prüferin</strong> und Awareness-Coach. Verdächtige Mail im Postfach? Kopier den Header oder beschreib mir, was schräg wirkt — ich gebe dir <strong>Ampel + Begründung im Chat</strong>. Daneben trainiere ich dich gegen CEO-Fraud, BEC, QR-Phishing und Deepfake-Voice. Sag mir, was dich grad nervös macht — eine konkrete Mail oder allgemeines Awareness-Training?</p>
<div class="mode-grid">
<button class="mode-card" data-goto="chat">
<strong>Mail prüfen</strong>
<span>Kopier den Mail-Inhalt rein — Pia liefert Ampel + Erklärung.</span>
</button>
<button class="mode-card" data-goto="quiz">
<strong>Quiz</strong>
<span>Realistische Phishing-Szenarien — kannst du sie erkennen?</span>
</button>
<button class="mode-card" data-goto="flash">
<strong>Flashcards</strong>
<span>Pattern, BEC, QR-Phishing, Deepfake — Spaced-Repetition.</span>
</button>
<button class="mode-card" data-goto="progress">
<strong>Fortschritt</strong>
<span>XP, Streaks, Badges — vom Phishing-Anfänger:in bis Awareness-Champion.</span>
</button>
<button class="mode-card" data-goto="curriculum">
<strong>Module</strong>
<span>5 Module: Pattern · CEO-Fraud · BEC · QR & Deepfake · Incident-Response.</span>
</button>
<button class="mode-card" data-prompt="MAIL_CHECK_REQUEST: [Mail-Header + Body hier einfügen]">
<strong>Mail-Scanner</strong>
<span><code>MAIL_CHECK_REQUEST</code> + Header/Body → Ampel + Begründung + Handlungsempfehlung als Karte.</span>
</button>
</div>
<p style="font-size:.82rem;color:var(--text-mute)">In 3 Sätzen: Mail prüfen → Pattern lernen → Im Team teilen. Pia ersetzt KEIN SOC, aber sie ist 24/7 da, wenn der IT-Admin gerade keine Zeit hat.</p>

1749
www/app.js Normal file
View file

File diff suppressed because it is too large Load diff

181
www/curricula.json Normal file
View file

@ -0,0 +1,181 @@
{
"version": "2026-04-25",
"updated": "2026-04-25",
"curricula": [
{
"id": "pattern",
"title": "1 · Phishing-Pattern erkennen",
"short": "Sender-Tricks, Domain-Spoofing, Urgency, Authority",
"icon": "shield",
"color": "#dc2626",
"description": "Die klassischen Pattern: gefälschte Absender, ähnliche Domains, künstliche Dringlichkeit, gefakte Autorität. Wie man sie technisch und sozial erkennt.",
"source_md": "00-pattern.md",
"modules": [
{
"id": "absender-tricks",
"title": "Absender-Tricks (Spoofing, Display-Name)",
"objectives": ["From-Header von Reply-To unterscheiden","Display-Name vs. echte Adresse","SPF/DKIM/DMARC-Status lesen"],
"topics": ["From","Reply-To","Display-Name","SPF","DKIM","DMARC"],
"difficulty": "mittel",
"source_heading": "Absender-Tricks"
},
{
"id": "domain-spoofing",
"title": "Domain-Spoofing & Look-Alikes",
"objectives": ["Homoglyph-Attacks erkennen (rn vs. m, 0 vs. O)","Subdomain-Spoofing (paypal.security-update.tld)","Punycode (xn--)"],
"topics": ["Homoglyph","Punycode","Subdomain"],
"difficulty": "schwer",
"source_heading": "Domain-Spoofing"
},
{
"id": "urgency-authority",
"title": "Urgency & Authority — Social Engineering",
"objectives": ["Urgency-Marker erkennen (heute, sofort, letzte Mahnung)","Authority-Marker (CEO, Anwalt, Behörde)","Cognitive-Bias-Trigger"],
"topics": ["Urgency","Authority","Reciprocity","Scarcity"],
"difficulty": "einfach",
"source_heading": "Social Engineering"
}
]
},
{
"id": "ceo-fraud",
"title": "2 · CEO-Fraud & Authority-Attacks",
"short": "Wie der vermeintliche CEO Geld überweisen lässt",
"icon": "alert",
"color": "#dc2626",
"description": "Eine der teuersten Phishing-Varianten: gefälschte Mails vom Geschäftsführer an die Buchhaltung, oft mit Druck und Geheimhaltungs-Bitte.",
"source_md": "01-ceo-fraud.md",
"modules": [
{
"id": "ceo-grundlagen",
"title": "CEO-Fraud — wie es läuft",
"objectives": ["Typischer Ablauf (Recherche → Mail → Druck → Überweisung)","Pre-Texting via LinkedIn","Targeting der Buchhaltung"],
"topics": ["Recherche","Pre-Texting","LinkedIn-OSINT"],
"difficulty": "mittel",
"source_heading": "CEO-Fraud-Ablauf"
},
{
"id": "ceo-erkennung",
"title": "Erkennungs-Marker",
"objectives": ["Geheimhaltungs-Bitte als Red-Flag","Domain-Mikroskopie (CEO@firma-de.com vs. .de)","Erste-Mail-Pattern (kein Vor-Mail-Verlauf)"],
"topics": ["Geheimhaltung","Domain-Check","Vor-Mail-Verlauf"],
"difficulty": "mittel",
"source_heading": "Erkennung"
},
{
"id": "ceo-prozess",
"title": "Prozess-Schutz: 4-Augen + Voice-Callback",
"objectives": ["Voice-Callback per bekannter Nummer","4-Augen-Prinzip ab Schwellen-Betrag","Abweichungs-Doku & Eskalation"],
"topics": ["4-Augen","Voice-Callback","Schwellen-Betrag"],
"difficulty": "schwer",
"source_heading": "Prozess-Schutz"
}
]
},
{
"id": "bec",
"title": "3 · Business Email Compromise (BEC)",
"short": "Wenn der Account selbst übernommen wurde",
"icon": "alert",
"color": "#dc2626",
"description": "BEC = der Angreifer hat Zugriff auf einen echten Account und schreibt FROM diesem Account. Schwerste Variante, da SPF/DKIM grün sind.",
"source_md": "02-bec.md",
"modules": [
{
"id": "bec-grundlagen",
"title": "BEC — was es ist, warum so gefährlich",
"objectives": ["BEC vs. Phishing abgrenzen","Conversation-Hijacking erkennen","Vendor-Email-Compromise (VEC)"],
"topics": ["BEC","VEC","Conversation-Hijacking"],
"difficulty": "schwer",
"source_heading": "BEC-Grundlagen"
},
{
"id": "bec-bankdaten",
"title": "Bankdaten-Änderungs-Trick",
"objectives": ["Last-Minute-IBAN-Änderung als Red-Flag","Verifikation via 2. Kanal","Vertragliche Klauseln gegen IBAN-Änderung"],
"topics": ["IBAN-Änderung","2. Kanal","Vertragsklausel"],
"difficulty": "mittel",
"source_heading": "Bankdaten-Trick"
},
{
"id": "bec-mfa",
"title": "MFA-Bypass & Token-Diebstahl",
"objectives": ["AiTM-Angriffe (EvilProxy, Modlishka)","Session-Cookie-Diebstahl","Phishing-resistente MFA (FIDO2)"],
"topics": ["AiTM","Session-Cookie","FIDO2"],
"difficulty": "schwer",
"source_heading": "MFA-Bypass"
}
]
},
{
"id": "qr-deepfake",
"title": "4 · QR-Phishing & Deepfake-Voice",
"short": "Die neuen Vektoren — Bilder-QR und KI-Stimmen",
"icon": "eye",
"color": "#dc2626",
"description": "Quishing (QR-Phishing in Mails/Postern) und Vishing (Voice-Phishing) inkl. Deepfake-Stimmen — die wachsenden Angriffsflächen 2025/2026.",
"source_md": "03-qr-deepfake.md",
"modules": [
{
"id": "quishing",
"title": "Quishing — QR-Phishing",
"objectives": ["QR-Codes vor Scan auf Ziel-URL prüfen","Mobile-Filter umgehen","Awareness in Konferenzräumen/Büro-Aushängen"],
"topics": ["QR","Mobile-Filter","Office-Awareness"],
"difficulty": "mittel",
"source_heading": "Quishing"
},
{
"id": "voice-vishing",
"title": "Vishing — Voice-Phishing",
"objectives": ["Helpdesk-Impersonation","Identifikations-Verfahren am Telefon","Code-Words / Safe-Phrases"],
"topics": ["Helpdesk","Identifikation","Safe-Phrase"],
"difficulty": "mittel",
"source_heading": "Vishing"
},
{
"id": "deepfake",
"title": "Deepfake-Voice (CEO-Anruf)",
"objectives": ["Wie KI-Stimm-Klone heute klingen","Verifikations-Frage-Pattern","Eskalations-Workflow bei Verdacht"],
"topics": ["Voice-Cloning","Verifikations-Frage","Eskalation"],
"difficulty": "schwer",
"source_heading": "Deepfake-Voice"
}
]
},
{
"id": "incident-response",
"title": "5 · Incident-Response (Wenn's passiert ist)",
"short": "Erste 60 Minuten, NIS2-Meldepflicht, Kommunikation",
"icon": "search",
"color": "#dc2626",
"description": "Wenn jemand geklickt hat: Sofort-Maßnahmen, Forensik-Schutz, NIS2-Meldepflicht, Kommunikation an Betroffene und Behörden.",
"source_md": "04-incident-response.md",
"modules": [
{
"id": "ersten-60-min",
"title": "Die ersten 60 Minuten",
"objectives": ["Account isolieren (nicht löschen)","Passwörter zentral resetten","Audit-Logs sichern"],
"topics": ["Isolation","Reset","Audit-Logs"],
"difficulty": "mittel",
"source_heading": "Erste 60 Min"
},
{
"id": "meldepflichten",
"title": "Meldepflichten (NIS2 / DSGVO)",
"objectives": ["NIS2 24h-Frühwarnung, 72h-Meldung, 30-Tage-Bericht","DSGVO 72h Datenpannen-Meldung","Wer ist zuständige Behörde"],
"topics": ["NIS2","Art. 33 DSGVO","BSI"],
"difficulty": "schwer",
"source_heading": "Meldepflichten"
},
{
"id": "kommunikation",
"title": "Kommunikation an Team & Kund:innen",
"objectives": ["Holistic Communication-Plan","Was darf öffentlich gesagt werden","Reputations-Schutz vs. Transparenz"],
"topics": ["Communication-Plan","Public-Statement","Reputation"],
"difficulty": "mittel",
"source_heading": "Kommunikation"
}
]
}
]
}

125
www/index.html Normal file
View file

@ -0,0 +1,125 @@
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="utf-8">
<title>Pia · Phishing-Prüferin & Awareness-Coach</title>
<meta name="viewport" content="width=device-width,initial-scale=1,viewport-fit=cover">
<meta name="theme-color" content="#0a0a0f">
<meta name="description" content="Pia — die Phishing-Prüferin und Awareness-Coach für KMU ohne SOC. Live-Mail-Bewertung, CEO-Fraud, QR-Phishing, BEC, Deepfake-Voice. Im deutschen Bunker.">
<link rel="stylesheet" href="styles.css">
<script>window.__PIA_KEY__ = 'qb_imoewxtymsmf';</script>
</head>
<body>
<div class="app" role="application" aria-label="Pia Verdächtige Mail? Pia prüft sie in 2 Minuten.">
<header class="topbar">
<div class="brand">
<span class="brand-icon" aria-hidden="true">P</span>
<span>Pia <small>Phishing-Prüferin</small></span>
</div>
<div class="spacer"></div>
<span class="status" role="status" aria-live="polite">Online</span>
</header>
<nav class="tabbar" role="tablist" aria-label="Modi">
<button class="tab" role="tab" aria-selected="true" aria-controls="view-chat" data-mode="chat">
Chat
<span class="tab-kbd">⌃1</span>
</button>
<button class="tab" role="tab" aria-selected="false" aria-controls="view-quiz" data-mode="quiz">
Quiz
<span class="tab-kbd">⌃2</span>
</button>
<button class="tab" role="tab" aria-selected="false" aria-controls="view-flash" data-mode="flash">
Karten
<span class="tab-kbd">⌃3</span>
</button>
<button class="tab" role="tab" aria-selected="false" aria-controls="view-progress" data-mode="progress">
Fortschritt
<span class="tab-kbd">⌃4</span>
</button>
<button class="tab" role="tab" aria-selected="false" aria-controls="view-curriculum" data-mode="curriculum">
Module
<span class="tab-kbd">⌃5</span>
</button>
</nav>
<main class="main">
<!-- CHAT -->
<section id="view-chat" class="view" role="tabpanel" aria-labelledby="tab-chat" data-active="true">
<div id="welcome-screen" class="welcome hidden" aria-hidden="true">
<h2>Hi, ich bin Pia.</h2>
<p>Ich bin deine <strong>Phishing-Prüferin</strong> und Awareness-Coach. Verdächtige Mail im Postfach? Kopier den Header oder beschreib mir, was schräg wirkt — ich gebe dir <strong>Ampel + Begründung im Chat</strong>. Daneben trainiere ich dich gegen CEO-Fraud, BEC, QR-Phishing und Deepfake-Voice. Sag mir, was dich grad nervös macht — eine konkrete Mail oder allgemeines Awareness-Training?</p>
<div class="mode-grid">
<button class="mode-card" data-goto="chat">
<strong>Mail prüfen</strong>
<span>Kopier den Mail-Inhalt rein — Pia liefert Ampel + Erklärung.</span>
</button>
<button class="mode-card" data-goto="quiz">
<strong>Quiz</strong>
<span>Realistische Phishing-Szenarien — kannst du sie erkennen?</span>
</button>
<button class="mode-card" data-goto="flash">
<strong>Flashcards</strong>
<span>Pattern, BEC, QR-Phishing, Deepfake — Spaced-Repetition.</span>
</button>
<button class="mode-card" data-goto="progress">
<strong>Fortschritt</strong>
<span>XP, Streaks, Badges — vom Phishing-Anfänger:in bis Awareness-Champion.</span>
</button>
<button class="mode-card" data-goto="curriculum">
<strong>Module</strong>
<span>5 Module: Pattern · CEO-Fraud · BEC · QR & Deepfake · Incident-Response.</span>
</button>
<button class="mode-card" data-prompt="MAIL_CHECK_REQUEST: [Mail-Header + Body hier einfügen]">
<strong>Mail-Scanner</strong>
<span><code>MAIL_CHECK_REQUEST</code> + Header/Body → Ampel + Begründung + Handlungsempfehlung als Karte.</span>
</button>
</div>
<p style="font-size:.82rem;color:var(--text-mute)">In 3 Sätzen: Mail prüfen → Pattern lernen → Im Team teilen. Pia ersetzt KEIN SOC, aber sie ist 24/7 da, wenn der IT-Admin gerade keine Zeit hat.</p>
</div>
<div id="chat-box" class="chat-box" aria-live="polite" aria-label="Gespräch"></div>
</section>
<!-- QUIZ -->
<section id="view-quiz" class="view" role="tabpanel" aria-labelledby="tab-quiz">
<div id="quiz-host"></div>
</section>
<!-- FLASHCARDS -->
<section id="view-flash" class="view" role="tabpanel" aria-labelledby="tab-flash">
<div id="flash-host"></div>
</section>
<!-- PROGRESS -->
<section id="view-progress" class="view" role="tabpanel" aria-labelledby="tab-progress">
<div id="progress-host"></div>
</section>
<!-- CURRICULUM -->
<section id="view-curriculum" class="view" role="tabpanel" aria-labelledby="tab-curr">
<div id="curr-host"></div>
</section>
</main>
<form id="composer-form" class="composer" aria-label="Nachricht verfassen">
<div id="attach-strip" class="attach-strip" aria-live="polite"></div>
<div class="composer-row">
<button type="button" class="btn-attach" id="composer-attach" aria-label="Datei anhängen" title="Datei anhängen (PDF, Bild, Text — max 5 Dateien, 8 MB)">📎</button>
<input type="file" id="composer-file" multiple accept=".pdf,.txt,.md,.csv,.json,.xml,.yaml,.yml,.log,.png,.jpg,.jpeg,.webp,.gif" hidden>
<textarea id="composer" rows="1" placeholder="Frag Pia — Enter zum Senden, Shift+Enter für Zeilenumbruch" aria-label="Nachricht"></textarea>
<button type="submit" class="btn-primary" id="composer-send">Senden</button>
</div>
</form>
<footer class="footer">
Sovereign AI · Deutscher Bunker · <a href="https://qognio.com">Qognio</a> &nbsp;·&nbsp; DSGVO-konform · Keine externen Fonts · Keine Cookies
</footer>
</div>
<div id="toast-stack" class="toast-stack" aria-live="polite"></div>
<script src="app.js"></script>
</body>
</html>

1038
www/styles.css Normal file
View file

File diff suppressed because it is too large Load diff