New exploit paths for current Android versions:
- CVE-2025-48543: ART runtime UAF → system UID (Android 13-16, pre-Sep 2025)
Public PoC available. Works from malicious app — no ADB needed.
- CVE-2025-48572/48633: Framework info leak + EoP chain (Android 13-16, pre-Dec 2025)
CISA KEV listed, confirmed in-the-wild. No public PoC yet.
- pKVM kernel bugs (CVE-2025-48623/24, CVE-2026-0027/28/37): kernel/hypervisor
escalation from system UID. Chain: ART UAF → pKVM → full kernel root.
- avbroot + KernelSU-Next/Magisk for GKI 6.1/6.6 on Android 15/16 Pixel 9
assess_vulnerabilities() now covers Android 12 through 16 with automatic
exploit path selection based on SDK version and security patch level.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add WiFi Audit, API Fuzzer, Cloud Scanner, Threat Intel, Log Correlator,
Steganography, Anti-Forensics, BLE Scanner, Forensics, RFID/NFC, Malware
Sandbox, Password Toolkit, Web Scanner, Report Engine, Net Mapper, and
C2 Framework. Each module includes CLI interface, Flask routes, and web
UI template. Also includes Go DNS server source + binary, IP Capture
service, SYN Flood, Gone Fishing mail server, and hack hijack modules
from v2.0 work.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix Hal chat: add Chat/Agent mode toggle so users can switch between
direct LLM streaming (Chat) and tool-using Agent mode
- Fix Agent system: graceful degradation when model can't follow
structured THOUGHT/ACTION/PARAMS format (falls back to direct answer
after 2 parse failures instead of looping 20 times)
- Fix frozen build: remove llama_cpp from PyInstaller excludes list
so LLM works in compiled exe
- Add system tray icon: autarch.ico (from icon.svg) used for exe icons,
installer shortcuts, and runtime tray icon
- Update tray.py to load .ico file with fallback to programmatic generation
- Add inline critical CSS for FOUC prevention
- Bump version to 1.5.1
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Threat Monitor: 7-tab monitoring page (live, connections, network intel,
threats, packet capture, DDoS mitigation, counter-attack) with real-time
SSE streaming and optimized data collection (heartbeat, cached subprocess
calls, bulk process name cache)
- Drill-down popups: Every live monitor stat is clickable, opening a popup
with detailed data (connections list with per-connection detail view,
GeoIP lookup, process kill, bandwidth, ARP spoof, port scan, DDoS status)
- Hal agent mode: Chat routes rewritten to use Agent system with
create_module tool, SSE streaming of thought/action/result steps
- Windows defense module with full security audit
- LLM trainer module and routes
- Defense landing page with platform-specific sub-pages
- Clean up stale files (get-pip.py, download.png, custom_adultsites.json)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Full security platform with web dashboard, 16 Flask blueprints, 26 modules,
autonomous AI agent, WebUSB hardware support, and Archon Android companion app.
Includes Hash Toolkit, debug console, anti-stalkerware shield, Metasploit/RouterSploit
integration, WireGuard VPN, OSINT reconnaissance, and multi-backend LLM support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
