Executive Summary
A critical architectural review and modernization roadmap for the Honey Scan project. This report evaluates the feasibility of migrating from Go to PHP/Python and outlines the path to a fully English-standardized system.
Deep Analysis
Analyzed derlemue/honey-scan against the legacy HFish baseline. Identified significant localization debt.
Decision Gate
VETOED the proposal to rewrite the core engine in PHP. Go is required for high-concurrency performance.
Strategic Roadmap
Established a 3-Phase plan: Cleanup, Hybrid Architecture Refactoring, and Full Migration.
Live Code Comparison
An analysis of the current state of derlemue/honey-scan compared to the original hacklcx/HFish.
The primary challenge is the embedded "CN" (Chinese) logic within the core backend.
Codebase Composition Estimate
Key Findings
- Localization Debt: ~60% of database schemas and comments remain in Chinese.
- Hardcoded Logic: "CN" specific backend logic persists in the node communication layer.
- Documentation Mismatch: PDF docs suggest a cleaner state than the actual repository reflects.
Refactoring Progress
The Performance Dilemma
The user proposed porting the backend to PHP/Python. Architectural Recommendation: REJECTED. Below is the data supporting the retention of Go for the core engine.
Throughput Simulation (Requests/Sec)
Simulating high-concurrency attack traffic on a standard node.
Why not PHP for Core?
PHP is designed for the "Request-Response" lifecycle of web pages. It tears down the environment after every request.
Honeypot Requirement: Long-lived TCP connections, massive concurrency (10k+ routines), and low-level socket manipulation. PHP-FPM would choke under SYN floods or brute-force attacks.
Why Go?
Go's Goroutines allow handling thousands of concurrent connections with minimal memory footprint. It compiles to a static binary, making deployment on sensor nodes secure and dependency-free.
Recommended Hybrid Architecture
Sensor Core (Go)
Packet Capture, Protocol Emulation, Raw Sockets
RetainedData Processing (Python/Go)
Log normalization, Attack Analysis, JSON API
RefactoredAdmin Dashboard (PHP/Web)
Visualization, Config Mgmt, Reporting
New LayerImplementation Roadmap
A prioritized 3-phase strategy to transform the repository from its current state to a modern, maintainable security product.
Phase 1: Cleanup & De-Localization
Immediate Action • Weeks 1-4
- Audit all Go files for hardcoded Chinese strings and replace with English constants.
- Rename database columns from Pinyin (e.g., `yonghu`) to English (`user`).
- Standardize Git commit messages to English.
Phase 2: Hybrid Architecture Implementation
Structural Change • Weeks 5-10
- Decouple the Web UI from the binary. Compile Go core as a headless service.
- Implement REST API in Go core to serve data to the new PHP/Python frontend.
- Introduce Docker Compose to manage the multi-container stack (Go Core + DB + Web UI).
Phase 3: Migration & Optimization
Final Polish • Weeks 11-14
- Migrate existing data from old schema to new English schema using migration scripts.
- Optimize Go routines for memory usage (profiling).
- Final security audit and release of Honey Scan v2.0.