NPS System - Complete Introduction

Overview

NPS (Network Penetration System) is an enterprise-grade network penetration solution designed to provide stable, secure, and efficient network connectivity between servers and clients. Built with Python, it offers comprehensive features for network tunneling, security, monitoring, and management.

127+

Python Files

55+

API Endpoints

30+

Metrics

10+

Protocols

20+

Security Features

45+

Core Modules

System Architecture

┌─────────────────────────────────────────────────────────────┐ │ API Gateway + Load Balancer + Deep Defense │ │ (4-Layer Security Protection) │ └────────────────────┬────────────────────────────────────────┘ │ ┌────────────────┼────────────────┐ │ │ │ ┌───▼───┐ ┌───▼───┐ ┌───▼───┐ │Node 1 │ │Node 2 │ │Node 3 │ │Master │ │Worker │ │Worker │ │ │ │ │ │ │ │Service│ │Service│ │Service│ │Registry│ │Registry│ │Registry│ │Failover│ │Failover│ │Failover│ └───┬───┘ └───┬───┘ └───┬───┘ │ │ │ └──────────────┼──────────────┘ │ ┌──────────────┼──────────────┐ │ │ │ ┌───▼───┐ ┌────▼────┐ ┌────▼────┐ │PostgreSQL│ │ Redis │ │Prometheus│ │ │ │(Queue) │ │ │ │ │ │(Cache) │ │ │ └─────────┘ └─────────┘ └──────────┘

Technology Stack

Backend

Python 3.9+
FastAPI (Web Framework)
SQLAlchemy + PostgreSQL
Redis (Cache & Queue)
WebSocket

Frontend

HTML/CSS/JavaScript
PyQt6 (Desktop Client)

Infrastructure

Docker & Docker Compose
Kubernetes
Prometheus & Grafana
GitHub Actions (CI/CD)

Core Features

1. Network Tunneling

Supported Protocols

TCP

Full-duplex TCP tunneling with bidirectional data transfer

UDP

UDP packet forwarding with dedicated proxy server

HTTP/HTTPS

HTTP reverse proxy with SSL/TLS support

WebSocket

Real-time bidirectional communication

SOCKS5

SOCKS5 proxy protocol support

FTP/SSH

File Transfer and Secure Shell tunneling

2. Client Management

Client registration with automatic ID/token generation
JWT-based authentication
Multi-server connection support
Intelligent server selection
Real-time status tracking
Client statistics and analytics

3. Domain & SSL Management

Custom domain binding
Automatic SSL certificate provisioning (Let's Encrypt)
Certificate renewal before expiration
HTTPS automatic configuration
Certificate information and monitoring

4. Connection Management

Persistent WebSocket connections
Automatic reconnection with exponential backoff
Heartbeat mechanism for connection health
Connection pooling for performance
Connection statistics and monitoring

Security Features

1. Multi-Layer Security Defense

Network Layer

IP whitelist/blacklist
CIDR notation support
Firewall rules

Application Layer

API rate limiting
Request throttling
Input validation

Data Layer

Data encryption
Data validation
Malicious content detection

Access Layer

JWT authentication
RBAC authorization
API key management

2. Advanced Security Features

DDoS protection with anomaly detection
Firewall management with rule-based configuration
Security auditing (10+ check items)
Compliance auditing (GDPR, SOC2, ISO27001)
Automatic key rotation
Audit logging (6 event types)
Encrypted backups (Fernet/AES-128)
Circuit breaker for fault tolerance

3. Compliance Support

GDPR

Data protection, access control, data retention, deletion capabilities

SOC 2

Access control, monitoring, change management

ISO 27001

Information security policy, risk management, incident management

Performance & Optimization

1. Connection Pool Optimization

Database connection pool (20 connections, 40 overflow)
HTTP connection pool (100 max connections)
Connection health checks (pool_pre_ping)
Connection recycling (1 hour)
DNS caching (5 minutes)

2. Query Optimization

Query time measurement
Slow query detection (1-second threshold)
Query plan analysis (EXPLAIN ANALYZE)
Index suggestions
Bulk operation optimization

3. Cache Strategy

LRU

Least Recently Used eviction

LFU

Least Frequently Used eviction

FIFO

First In First Out eviction

TTL

Time-based expiration

4. Async Processing

Async task scheduler with priority queue
Delayed task execution
Periodic task scheduling
Automatic retry with exponential backoff
Batch processing for bulk operations

Performance Benchmarks

Metric	Value
Concurrent Connections	10,000+
QPS (Queries Per Second)	1,000+
Response Time (P95)	< 100ms
Response Time (P99)	< 200ms
Throughput	1GB/s+
Availability	99.9%+
Failover Time	< 30 seconds

Monitoring & Observability

1. Prometheus Metrics (30+)

Connection Metrics

nps_connections_total
nps_connections_active

Tunnel Metrics

nps_tunnels_total
nps_tunnels_active

Traffic Metrics

nps_traffic_bytes_total

System Metrics

nps_system_cpu_percent
nps_system_memory_bytes
nps_system_disk_bytes

Security Metrics

nps_rate_limit_hits_total
nps_security_anomalies_total

Performance Metrics

nps_http_request_duration_seconds
nps_response_time_p95

2. Distributed Tracing

OpenTelemetry-style tracing
Cross-service trace support
Span management
Trace data export
Performance analysis

3. Smart Alerting

Condition-based alerting
Duration-based detection
Alert deduplication
Multiple severity levels
Alert statistics and history

4. Grafana Dashboards

Pre-configured dashboard with 10 panels:

Active Connections
HTTP Request Rate
Traffic Bytes
System CPU Usage
System Memory Usage
Error Rate
Active Tunnels
Rate Limit Hits
Circuit Breaker State
Security Anomalies

High Availability

1. Cluster Deployment

Multi-node support with automatic discovery
Heartbeat mechanism (30-second interval)
Node status monitoring
Load balancing (based on load and connections)
Master-worker node architecture
Redis-based session synchronization

2. Health Checking

Multi-dimensional health checks
Automatic recovery mechanism
Health status monitoring
Predefined check functions (database, Redis, API)
Health report generation

3. Failover Mechanism

Failover Strategies

Active-Passive

Primary-backup mode with automatic failover

Active-Active

Dual-active mode for load distribution

Round-Robin

Round-robin selection

Least Connections

Select node with least connections

4. Circuit Breaker

Three states: Closed, Open, Half-Open
Automatic failure recovery
Configurable failure threshold
Success threshold for half-open state

Enterprise Features

1. Message Queue

Redis-based asynchronous task queue
Task status management
Automatic retry mechanism
Multiple worker threads
Task handler registration

2. Multi-Tenant Support

Tenant management (create, update, delete)
Resource isolation per tenant
Tenant context management
Tenant statistics
Domain binding support

3. API Gateway

Unified API entry point
Route management
Middleware support
Request forwarding
Service discovery integration

4. Quota Management

Traffic quota (per client/tunnel)
Connection quota
Time quota
Quota monitoring and enforcement

5. Backup & Recovery

Automated backup creation
Encrypted backups
Database backup (PostgreSQL)
Configuration backup
Certificate backup
Backup restoration

6. Microservices Architecture

Service registration and discovery
Service health checking
Service heartbeat mechanism
Load balancing (round-robin, random, least connections)
Service call encapsulation

API Reference

Authentication

POST /api/api/auth/token

Create API token for authentication

Client Management

POST /api/clients

Create a new client

GET /api/clients

List all clients

GET /api/clients/{client_id}

Get client details

PUT /api/clients/{client_id}

Update client

DELETE /api/clients/{client_id}

Delete client

Tunnel Management

POST /api/clients/{client_id}/tunnels

Create a new tunnel

GET /api/clients/{client_id}/tunnels

List tunnels for a client

POST /api/tunnels/{tunnel_id}/start

Start a tunnel

POST /api/tunnels/{tunnel_id}/stop

Stop a tunnel

Domain Management

POST /api/clients/{client_id}/domains

Create a domain binding

POST /api/domains/{domain_id}/ssl/request

Request SSL certificate

Statistics & Monitoring

GET /api/stats/traffic

Get traffic statistics

GET /api/monitor/health

Get system health status

GET /metrics

Prometheus metrics endpoint

Cluster Management

GET /api/cluster/nodes

Get cluster node information

POST /api/cluster/nodes

Add cluster node

WebSocket Endpoints

ws://server:8080/ws/client

Client WebSocket connection

ws://server:8080/ws/admin

Admin WebSocket for management panel

Total: 55+ API endpoints

Deployment

1. Docker Deployment

Quick Start

cd docker
docker-compose up -d

Custom Image

docker build -t nps-server:latest -f docker/Dockerfile .

2. Kubernetes Deployment

kubectl apply -f k8s/deployment.yaml
kubectl apply -f k8s/configmap.yaml

3. One-Click Startup Scripts

Start Server

./scripts/start_server.sh --daemon

Start Client

./scripts/start_client.sh --daemon
./scripts/start_client_gui.sh

Start All Services

./scripts/start_all.sh --daemon

Check Status

./scripts/status.sh

4. Environment Variables

Variable	Description	Default
`HOST`	Server host	0.0.0.0
`PORT`	Server port	8080
`SECRET_KEY`	JWT secret key	Required
`DATABASE_URL`	PostgreSQL connection URL	Required
`REDIS_URL`	Redis connection URL	redis://localhost:6379/0
`CLUSTER_ENABLED`	Enable cluster mode	false

Quick Reference

Start Server

./scripts/start_server.sh

Start Client

./scripts/start_client_gui.sh

Check Status

./scripts/status.sh

View Logs

tail -f logs/server.log

API Docs

http://localhost:8080/docs

Metrics

http://localhost:8080/metrics