Listen to this Post

Introduction:
Human error remains the most pervasive and exploitable vulnerability in modern cybersecurity defenses, accounting for over 80% of successful breaches. Inspired by this critical gap, cybersecurity enthusiast Ebenezer Aning developed the Human Risk Scanner—a web-based dashboard that quantifies and visualizes individual risk based on phishing susceptibility, training compliance, and MFA adoption. This project underscores a pivotal shift towards data-driven human risk management, leveraging Python, FastAPI, and interactive charts to transform behavioral data into actionable security insights.
Learning Objectives:
- Understand the key human risk factors (phishing, training, MFA) that contribute to organizational vulnerability and how to quantify them.
- Learn to deploy and configure an open-source human risk scoring dashboard using modern Python web frameworks.
- Master techniques for integrating risk data with existing security tools and automating response protocols.
You Should Know:
1. Deconstructing Human Risk: Metrics That Matter
The Human Risk Scanner calculates a composite score from multiple behavioral indicators. The core concept is that risk is not binary but a spectrum influenced by observable actions. The dashboard assigns weights to factors like phishing click-rates, completion of security training modules, and the use of multi-factor authentication.
Step‑by‑step guide explaining what this does and how to use it:
– Step 1: Define Risk Parameters. In the project’s configuration, risk scores are typically defined in a Python dictionary or database table. For example, you might set: PHISHING_CLICK_WEIGHT = 0.4, TRAINING_INCOMPLETE_WEIGHT = 0.3, MFA_NOT_ENABLED_WEIGHT = 0.3.
– Step 2: Data Collection. The tool aggregates data from CSV imports or API feeds. You can simulate this by creating a `users.csv` file with columns: user_id, phishing_clicks, training_score, mfa_enabled.
– Step 3: Calculate Score. The algorithm runs a query or Python function. Here’s a simplified Python snippet from a hypothetical risk_calculator.py:
def calculate_risk_score(user_data): score = 0 score += user_data['phishing_clicks'] PHISHING_CLICK_WEIGHT score += (100 - user_data['training_score']) TRAINING_INCOMPLETE_WEIGHT if not user_data['mfa_enabled']: score += 100 MFA_NOT_ENABLED_WEIGHT return min(score, 100) Cap at 100
– Step 4: Implementation. Run the script periodically via a cron job (Linux) or Task Scheduler (Windows) to update scores. For Linux: `crontab -e` and add 0 /usr/bin/python3 /path/to/risk_calculator.py.
- Deploying the Dashboard: From Code to Live Application
The project is built with FastAPI for the backend, SQLite for storage, and Jinja2/Chart.js for frontend rendering. Deployment involves setting up a secure web server.
Step‑by‑step guide explaining what this does and how to use it:
– Step 1: Clone the Repository. Access the source code from the provided GitHub URL (https://lnkd.in/dkhgK78C). Use Git to clone: `git clone https://github.com/username/human-risk-scanner.git` (note: the LinkedIn link redirects to GitHub; use the actual GitHub URL when available).
– Step 2: Environment Setup. Create a virtual environment and install dependencies. On Linux/Mac:
cd human-risk-scanner python3 -m venv venv source venv/bin/activate pip install -r requirements.txt Assumes a requirements file exists
On Windows Command
cd human-risk-scanner py -m venv venv venv\Scripts\activate pip install -r requirements.txt
– Step 3: Database Initialization. Use SQLAlchemy to create tables. Run: `python init_db.pyor similar script provided.uvicorn main:app –reload –host 0.0.0.0 –port 8000
- Step 4: Launch the Application. Start the FastAPI server:. Access the dashboard at `http://localhost:8000`., then run:
- Step 5: Production Hardening. For a live deployment, use Gunicorn (Linux) and Nginx. Install Gunicorn: `pip install gunicorngunicorn -w 4 -k uvicorn.workers.UvicornWorker main:app. Configure Nginx as a reverse proxy with SSL using Let’s Encrypt.
- Integrating Phishing Simulation Data for Real-Time Risk Scoring
To move beyond manual data entry, integrate the dashboard with open-source phishing simulation tools like GoPhish or commercial APIs. This automates the ingestion of phishing click events.
Step‑by‑step guide explaining what this does and how to use it:
– Step 1: Set Up GoPhish. On a Linux server, download and configure GoPhish for phishing campaigns. Use commands:
wget https://github.com/gophish/gophish/releases/download/v0.12.0/gophish-v0.12.0-linux-64bit.zip unzip gophish-.zip cd gophish chmod +x gophish ./gophish
– Step 2: Configure API Endpoint. In the Human Risk Scanner, create an API endpoint to receive webhook data from GoPhish. In main.py, add a FastAPI route:
from fastapi import FastAPI, Request
app = FastAPI()
@app.post("/webhook/gophish")
async def receive_phishing_data(request: Request):
data = await request.json()
user_email = data['email']
click_status = data['clicked']
Update database with phishing event
Logic to update risk score
– Step 3: Configure GoPhish Webhook. In GoPhish admin UI (https://your-gophish-server:3333), navigate to “Webhooks” and set the URL to `http://your-risk-scanner:8000/webhook/gophish`.
– Step 4: Test Integration. Run a simulated phishing campaign and verify that the dashboard updates risk scores automatically.
- Automating User Import with Active Directory and PowerShell
For organizations using Windows Active Directory, automate the import of user data and MFA status using PowerShell scripts scheduled to run daily.
Step‑by‑step guide explaining what this does and how to use it:
– Step 1: Query AD for User Details. On a Windows Server with AD module, open PowerShell ISE as Administrator and run:
Get-ADUser -Filter -Properties EmailAddress, LastLogonDate, Enabled | Select-Object SamAccountName, EmailAddress, LastLogonDate, Enabled | Export-Csv -Path C:\risk_data\users.csv -NoTypeInformation
– Step 2: Check MFA Status (for Azure AD). If using Azure AD Connect, use MSOnline module:
Connect-MsolService Get-MsolUser -All | Select-Object UserPrincipalName, StrongAuthenticationMethods | Export-Csv C:\risk_data\mfa_status.csv -NoTypeInformation
– Step 3: Create a Python Script to Merge CSVs. Write a script that reads the CSV files, calculates initial risk scores, and imports them into the SQLite database via SQLAlchemy or the dashboard API.
– Step 4: Schedule the Task. Use Task Scheduler to run the PowerShell and Python scripts daily. Create a basic task that triggers `powershell.exe -File C:\scripts\export_ad.ps1` followed by python C:\scripts\import_data.py.
- Building Interactive Visualizations with Chart.js and Risk Thresholds
The dashboard uses Chart.js to render bar charts, pie charts, and trend lines. Customizing these visuals helps identify high-risk cohorts.
Step‑by‑step guide explaining what this does and how to use it:
– Step 1: Understand the Data Structure. The backend API endpoint (e.g., /api/risk-scores) returns JSON like {"users": [{"name": "John", "score": 65}, ...]}.
– Step 2: Customize Chart.js in the Frontend. In templates/dashboard.html, add JavaScript to fetch data and create a chart. Example for a risk distribution chart:
fetch('/api/risk-scores')
.then(response => response.json())
.then(data => {
const ctx = document.getElementById('riskChart').getContext('2d');
new Chart(ctx, {
type: 'bar',
data: {
labels: data.users.map(u => u.name),
datasets: [{
label: 'Risk Score',
data: data.users.map(u => u.score),
backgroundColor: data.users.map(u => u.score > 70 ? 'red' : u.score > 40 ? 'yellow' : 'green')
}]
}
});
});
– Step 3: Set Risk Thresholds. Define thresholds in the backend configuration: HIGH_RISK = 70, MEDIUM_RISK = 40. Use these to color-code dashboard elements and trigger alerts.
– Step 4: Add Export Functionality. Implement a button to export high-risk users to a CSV for your SIEM or SOAR platform. Use Python’s `csv` module to generate the file.
- Securing the Dashboard: API Hardening and Cloud Configuration
As a security tool itself, the dashboard must be hardened against unauthorized access and injection attacks.
Step‑by‑step guide explaining what this does and how to use it:
– Step 1: Implement Authentication. FastAPI supports OAuth2. Add dependency injection for protected routes. In main.py:
from fastapi.security import OAuth2PasswordBearer
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
@app.get("/dashboard")
async def read_dashboard(token: str = Depends(oauth2_scheme)):
Verify token
return dashboard_data
– Step 2: Use Environment Variables for Secrets. Store database passwords and API keys in a `.env` file. Use `python-dotenv` to load them. In Linux, set variables: export DB_PASSWORD="securepass".
– Step 3: Cloud Hardening on AWS. If deploying on AWS EC2, configure security groups to allow only HTTPS (port 443) from your corporate IP range. Use AWS WAF to block SQL injection and XSS patterns. Commands to update security groups via AWS CLI:
aws ec2 authorize-security-group-ingress --group-id sg-123abc --protocol tcp --port 443 --cidr 192.168.1.0/24
– Step 4: Database Encryption. Enable SQLite encryption using `sqlcipher` or switch to PostgreSQL with SSL. For SQLite, modify the connection string: engine = create_engine('sqlite:///risk.db?key=encryptionkey').
- From Dashboard to Action: Automating Remediation with SOAR Playbooks
Integrate the risk scores with Security Orchestration, Automation, and Response (SOAR) platforms like Shuffle or Splunk Phantom to automate responses, such as forcing additional training for high-risk users.
Step‑by‑step guide explaining what this does and how to use it:
– Step 1: Expose a REST API for High-Risk Users. Create an endpoint `/api/high-risk-users` that returns a list of users with scores above 70. Use FastAPI’s response model.
– Step 2: Build a SOAR Webhook Connector. In Shuffle, create a workflow that triggers on a scheduled basis, calling the dashboard API. Use the HTTP app to make a GET request to `http://dashboard/api/high-risk-users`.
– Step 3: Automate Training Enrollment. Upon receiving the list, the SOAR workflow can use the Microsoft Graph API to enroll users in a mandatory training course. Example Graph API call via PowerShell:
$accessToken = "ya29.token" $userId = "[email protected]" $body = @{courseId="security-course-101"} | ConvertTo-Json Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/users/$userId/assignTraining" -Method Post -Body $body -Headers @{Authorization="Bearer $accessToken"}
– Step 4: Log Actions. Ensure all automated actions are logged to a SIEM for audit trails. Use syslog on Linux: `logger -p local0.info “SOAR triggered training for high-risk user $userId”`.
What Undercode Say:
- Key Takeaway 1: Human risk quantification is no longer optional; it’s a critical component of a layered defense strategy. Tools like the Human Risk Scanner provide the visibility needed to shift from reactive to proactive security postures.
- Key Takeaway 2: Open-source projects that integrate with existing IT infrastructure (like AD and phishing tools) lower the barrier to entry for organizations seeking to implement human risk management, but they require careful hardening to avoid becoming attack vectors themselves.
Analysis: The Human Risk Scanner project highlights a growing trend in cybersecurity: treating human behavior as a measurable and manageable attack surface. By leveraging lightweight web technologies, it democratizes access to risk analytics that were once confined to expensive commercial platforms. However, the real value lies in its integration capabilities—tying risk scores to automated remediation workflows bridges the gap between awareness and action. This approach aligns with frameworks like NIST CSF, where identifying and protecting against human vulnerabilities is paramount. Yet, practitioners must remember that such dashboards are only as good as the data fed into them; continuous validation against real-world incidents is essential to refine risk models.
Prediction:
Within the next two years, human risk scoring dashboards will become as ubiquitous as vulnerability scanners in enterprise environments. Driven by regulatory pressures and insurance requirements, organizations will increasingly adopt these tools, leading to tighter integration with Identity and Access Management (IAM) platforms and AI-driven behavioral analytics. We will see the emergence of standardized risk score exchanges (similar to STIX/TAXII for threat intelligence) allowing seamless sharing of anonymized human risk data across industries to benchmark and predict emerging social engineering trends. However, this will also attract adversarial AI designed to manipulate risk algorithms, sparking an arms race in human-factor security modeling. Ultimately, the future of cybersecurity will hinge not just on defending machines, but on understanding and securing the human element with the same rigor applied to technical systems.
▶️ Related Video (70% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Ebenezer Aning – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


