Quick start¶

Get HYDRA × PDX running in 15 minutes.

Prerequisites¶

Python 3.10+
A Groq API key (free tier works)
A VPS with a public IP (for HYDRA) or localhost for testing
GPU with 8GB+ VRAM (optional, for fine-tuning only)

1. Clone the repository¶

git clone https://github.com/grizzly2005/hydra-pdx.git
cd hydra-pdx

2. Install dependencies¶

pip install -r requirements.txt

3. Configure HYDRA¶

cd hydra-honeypot
cp .env.example .env

Edit .env:

GROQ_API_KEY=gsk_your_key_here
SSH_PORT=2222
LOG_DIR=logs

4. Generate SSH keys¶

python -c "from src.ssh_server import ensure_ssh_keys; ensure_ssh_keys()"

This generates RSA and Ed25519 host keys in the keys/ directory.

5. Start HYDRA¶

python src/main.py

You should see:

[HYDRA] SSH honeypot listening on 0.0.0.0:2222
[HYDRA] Groq API connected (llama-3.3-70b)
[HYDRA] 3 personas loaded: fintech_trading, crypto_validator, corp_ad
[HYDRA] PromptGuard active (warn=0.5, block=0.8)

6. Test it¶

From another terminal:

ssh root@localhost -p 2222
# Password: anything (all credentials accepted)

Try some commands:

uname -a          # Returns realistic kernel info
ls /root          # Shows persona-specific files
cat /root/.aws/credentials  # Shows decoy AWS keys (fintech persona)

7. Process data with PDX¶

After capturing sessions:

cd ../pdx

# Split events into defensive + offensive
python -m pdx.training.data_router split

# Generate training datasets
python -m pdx.training.data_router generate --all

# Check results
python -m pdx.training.data_router status

8. Fine-tune (optional)¶

python training/finetune_pdx.py \
  --dataset training_output/data_router/offensive/sft_attack_chains.jsonl \
  --model qwen \
  --epochs 3 \
  --rank 16

See Fine-tuning guide for detailed options.

What's next¶

Deploy on a VPS for real-world capture
Connect Burp Suite for web pentest data
Understand the data flow in detail