ffe47c51b5
Full security platform with web dashboard, 16 Flask blueprints, 26 modules, autonomous AI agent, WebUSB hardware support, and Archon Android companion app. Includes Hash Toolkit, debug console, anti-stalkerware shield, Metasploit/RouterSploit integration, WireGuard VPN, OSINT reconnaissance, and multi-backend LLM support. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
7.6 KiB
AUTARCH
Autonomous Tactical Agent for Reconnaissance, Counterintelligence, and Hacking
By darkHal Security Group & Setec Security Labs
Overview
AUTARCH is a modular security platform combining defensive hardening, offensive testing, forensic analysis, OSINT reconnaissance, and attack simulation into a single web-based dashboard. It features local and cloud LLM integration, an autonomous AI agent, hardware device management over WebUSB, and a companion Android application.
Features
- Defense — System hardening audits, firewall checks, permission analysis, security scoring
- Offense — Metasploit & RouterSploit integration, module execution with live SSE streaming
- Counter — Threat detection, suspicious process analysis, rootkit checks, network monitoring
- Analyze — File forensics, hash toolkit (43 algorithm patterns), hex dumps, string extraction, log analysis
- OSINT — Email/username/phone/domain/IP reconnaissance, 7,287+ indexed sites
- Simulate — Attack simulation, port scanning, password auditing, payload generation
- Hardware — ADB/Fastboot over WebUSB, ESP32 flashing via Web Serial, dual-mode (server + direct)
- Android Protection — Anti-stalkerware/spyware shield, signature-based scanning, permission auditing
- Agent Hal — Autonomous AI agent with tool use, available as a global chat panel
- Hash Toolkit — Hash algorithm identification (hashid-style), file/text hashing, hash mutation, threat intel lookups
- Enc Modules — Encrypted module system for sensitive payloads
- Reverse Shell — Multi-language reverse shell generator
- WireGuard VPN — Tunnel management and remote device access
- UPnP — Automated port forwarding
- Wireshark — Packet capture and analysis via tshark/pyshark
- MSF Console — Web-based Metasploit console with live terminal
- Debug Console — Real-time Python logging output with 5 filter modes
Architecture
autarch.py # Main entry point (CLI + web server)
core/ # 25+ Python modules (agent, config, hardware, llm, msf, etc.)
modules/ # 26 loadable modules (defense, offense, counter, analyze, osint, simulate)
web/
app.py # Flask app factory (16 blueprints)
routes/ # 15 route files
templates/ # 16 Jinja2 templates
static/ # JS, CSS, WebUSB bundles
autarch_companion/ # Archon Android app (Kotlin)
data/ # SQLite DBs, JSON configs, stalkerware signatures
Quick Start
From Source
# Clone
git clone https://github.com/digijeth/autarch.git
cd autarch
# Install dependencies
pip install -r requirements.txt
# Run
python autarch.py
The web dashboard starts at https://localhost:8080 (self-signed cert).
Windows Installer
Download autarch_public.msi or autarch_public.exe from the Releases page.
Configuration
Settings are managed via autarch_settings.conf (auto-generated on first run) and the web UI Settings page.
Key sections: [server], [llm], [msf], [wireguard], [upnp], [hardware]
LLM Backends
- Local — llama-cpp-python (GGUF models) or HuggingFace Transformers (SafeTensors)
- Claude — Anthropic Claude API
- OpenAI — OpenAI-compatible API (custom endpoint support)
- HuggingFace — HuggingFace Inference API (8 provider options)
Ports
| Port | Service |
|---|---|
| 8080 | Web Dashboard (HTTPS) |
| 8081 | MCP Server (SSE) |
| 17321 | Archon Server (Android companion) |
| 17322 | Reverse Shell Listener |
| 51820 | WireGuard VPN |
Platform Support
- Primary: Linux (Orange Pi 5 Plus, RK3588 ARM64)
- Supported: Windows 10/11 (x86_64)
- WebUSB: Chromium-based browsers required for Direct mode hardware access
Acknowledgements
AUTARCH builds on the work of many outstanding open-source projects. We thank and acknowledge them all:
Frameworks & Libraries
- Flask — Web application framework
- Jinja2 — Template engine
- llama.cpp — Local LLM inference engine
- llama-cpp-python — Python bindings for llama.cpp
- HuggingFace Transformers — ML model library
- Anthropic Claude API — Cloud LLM backend
- FastMCP — Model Context Protocol server
Security Tools
- Metasploit Framework — Penetration testing framework
- RouterSploit — Router exploitation framework
- Nmap — Network scanner and mapper
- Wireshark / tshark — Network protocol analyzer
- Scapy — Packet crafting and analysis
- WireGuard — Modern VPN tunnel
Hardware & Mobile
- @yume-chan/adb — ADB over WebUSB
- android-fastboot — Fastboot over WebUSB
- esptool-js — ESP32 flashing in browser
- Android Platform Tools — ADB & Fastboot CLI
- esptool — ESP32 firmware flashing
- pyserial — Serial port communication
- pyshark — Wireshark Python interface
- scrcpy — Android screen mirroring
- libadb-android — ADB client for Android
Python Libraries
- bcrypt — Password hashing
- requests — HTTP client
- msgpack — Serialization (Metasploit RPC)
- cryptography — Cryptographic primitives
- PyCryptodome — AES encryption
- Pillow — Image processing
- qrcode — QR code generation
- zeroconf — mDNS service discovery
- PyInstaller — Executable packaging
- cx_Freeze — MSI installer packaging
Android / Kotlin
- AndroidX — Jetpack libraries
- Material Design 3 — UI components
- Conscrypt — SSL/TLS provider for Android
Build Tools
Data Sources
- NVD API v2.0 — National Vulnerability Database
License
Restricted Public Release. Authorized use only — activity is logged.
Disclaimer
AUTARCH is a security research and authorized penetration testing platform. Use only on systems you own or have explicit written authorization to test. Unauthorized access to computer systems is illegal. The authors accept no liability for misuse.
Built with discipline by darkHal Security Group & Setec Security Labs.