# AUTARCH Codex ## Codebase Knowledge Reference for AI Agents Generated: 2026-03-20 05:05:31 This document is auto-generated by `scripts/build_codex.py` and provides structured knowledge about the AUTARCH codebase for LLM agents to use when creating modules, routes, templates, and features. --- ## 1. Module System AUTARCH modules are Python files in the `modules/` directory. Each module: - Has a `run()` function as the entry point - Declares metadata: `DESCRIPTION`, `AUTHOR`, `VERSION`, `CATEGORY` - Is auto-discovered by `core/menu.py` at startup - Can be run via CLI (`python autarch.py -m `) or from the web UI ### Required Module Attributes ```python DESCRIPTION = "Short description of what the module does" AUTHOR = "Your Name" VERSION = "1.0" CATEGORY = "defense" # One of: defense, offense, counter, analyze, osint, simulate, core, hardware ``` ### Module Template ```python """ Module description here. """ DESCRIPTION = "Short description" AUTHOR = "darkHal" VERSION = "1.0" CATEGORY = "defense" import sys from pathlib import Path sys.path.insert(0, str(Path(__file__).parent.parent)) from core.banner import Colors, clear_screen, display_banner def run(): """Main entry point — REQUIRED.""" clear_screen() display_banner() print(f"{Colors.BOLD}Module Name{Colors.RESET}") print(f"{Colors.DIM}{'─' * 50}{Colors.RESET}\n") # Module logic here if __name__ == "__main__": run() ``` ### Categories and Module Counts - **defense** (12): android_protect, container_sec, defender, defender_monitor, defender_windows, email_sec, incident_resp, log_correlator, mysystem, threat_intel ... and 2 more - **offense** (29): ad_audit, android_advanced, android_boot, android_payload, android_recon, android_root, android_screen, android_sms, api_fuzzer, c2_framework ... and 19 more - **counter** (3): anti_forensics, counter, steganography - **analyze** (12): analyze, ble_scanner, forensics, llm_trainer, malware_sandbox, net_mapper, password_toolkit, report_engine, reverse_eng, rfid_tools ... and 2 more - **osint** (7): adultscan, dossier, geoip, ipcapture, recon, snoop_decoder, yandex_osint - **simulate** (1): simulate - **core** (4): agent, agent_hal, chat, setup - **hardware** (4): android_apps, hardware_local, hardware_remote, iphone_local **Total modules: 73** --- ## 2. Core API Reference The `core/` directory contains the framework backbone. Key modules: ### core/agent.py - **class `AgentState`** — Agent execution states. - **class `AgentStep`** — Record of a single agent step. - **class `AgentResult`** — Result of an agent task execution. - `get_steps_summary()` — Get a formatted summary of all steps taken. ### core/android_exploit.py - **class `AndroidExploitManager`** — All Android exploitation logic. - Methods: `list_packages`, `pull_apk`, `pull_app_data`, `extract_shared_prefs`, `full_device_dump`, `get_accounts`, `get_wifi_passwords`, `extract_call_logs` - `get_exploit_manager()` — - `list_packages(serial, include_system)` — List installed packages. Returns [{package, path, is_system}]. - `pull_apk(serial, package)` — Pull APK for a package. - `pull_app_data(serial, package)` — Pull app data (databases, shared_prefs, files). Tries run-as then root. - `extract_shared_prefs(serial, package)` — Extract shared_prefs XML files for a package. - `full_device_dump(serial)` — Full device reconnaissance dump. - `get_accounts(serial)` — Get accounts registered on device. - `get_wifi_passwords(serial)` — Extract saved WiFi passwords. Requires ROOT. ### core/android_protect.py - **class `AndroidProtectManager`** — Anti-stalkerware / anti-spyware shield for Android devices. - Methods: `update_signatures`, `get_signature_stats`, `check_shizuku`, `install_shizuku`, `start_shizuku`, `stop_shizuku`, `shizuku_status`, `check_shield_app` - `get_android_protect_manager()` — - `update_signatures(url)` — Download latest signatures from GitHub. - `get_signature_stats()` — Count known threats by category. - `check_shizuku(serial)` — Check Shizuku installation and status. - `install_shizuku(serial, apk_path)` — Install Shizuku APK via ADB. - `start_shizuku(serial)` — Start Shizuku service via ADB. - `stop_shizuku(serial)` — Stop Shizuku server process. - `shizuku_status(serial)` — Full Shizuku status check. ### core/autonomy.py - **class `ActivityEntry`** — Single entry in the autonomy activity log. - Methods: `to_dict` - **class `AutonomyDaemon`** — Background daemon for autonomous threat response. - Methods: `status`, `start`, `stop`, `pause`, `resume`, `get_activity`, `get_activity_count`, `subscribe` - `get_autonomy_daemon()` — Get the global AutonomyDaemon instance. - `reset_autonomy_daemon()` — Stop and reset the global daemon. - `to_dict()` — - `status()` — Current daemon status. - `start()` — Start the autonomy daemon background thread. - `stop()` — Stop the daemon and wait for thread exit. - `pause()` — Pause rule evaluation (monitoring continues). - `resume()` — Resume rule evaluation. ### core/banner.py - **class `Colors`** — - `display_banner()` — Print the AUTARCH banner to the console. - `clear_screen()` — Clear the terminal screen. ### core/config.py - **class `Config`** — Configuration manager for AUTARCH settings. - Methods: `save`, `get`, `get_int`, `get_float`, `get_bool`, `set`, `is_first_run`, `mark_setup_complete` - `get_config()` — Get the global configuration instance. - `save()` — Save the current configuration to file. - `get(section, key, fallback)` — Get a configuration value. - `get_int(section, key, fallback)` — Get a configuration value as integer. - `get_float(section, key, fallback)` — Get a configuration value as float. - `get_bool(section, key, fallback)` — Get a configuration value as boolean. - `set(section, key, value)` — Set a configuration value. - `is_first_run()` — Check if this is the first run of AUTARCH. ### core/cve.py - **class `CVEDatabase`** — SQLite-based CVE Database with NVD API synchronization. - Methods: `get_system_info`, `get_db_stats`, `sync_database`, `sync_recent`, `search_cves`, `get_cve`, `get_system_cves`, `get_software_cves` - `get_cve_db()` — Get the global CVE database instance. - `get_system_info()` — Get detected system information. - `get_db_stats()` — Get database statistics. - `sync_database(days_back, full_sync, progress_callback, verbose)` — Synchronize database with NVD. - `sync_recent(days, verbose)` — Quick sync of recent CVEs only. - `search_cves(keyword, cpe_pattern, severity, min_score)` — Search CVEs in local database. - `get_cve(cve_id)` — Get detailed information about a specific CVE. - `get_system_cves(severity_filter, max_results)` — Get CVEs relevant to the detected system. ### core/discovery.py - **class `DiscoveryManager`** — Manages network discovery advertising for AUTARCH. - Methods: `get_status`, `start_mdns`, `stop_mdns`, `start_bluetooth`, `stop_bluetooth`, `start_all`, `stop_all`, `shutdown` - `get_discovery_manager(config)` — Get or create the DiscoveryManager singleton. - `get_status()` — Get current discovery status for all methods. - `start_mdns()` — Start mDNS service advertisement. - `stop_mdns()` — Stop mDNS service advertisement. - `start_bluetooth()` — Start Bluetooth service advertisement. - `stop_bluetooth()` — Stop Bluetooth advertisement. - `start_all()` — Start all enabled discovery methods. - `stop_all()` — Stop all discovery methods. ### core/dns_service.py - **class `DNSServiceManager`** — Manage the autarch-dns Go binary (start/stop/API calls). - Methods: `api_base`, `api_token`, `find_binary`, `is_running`, `start`, `stop`, `status`, `list_zones` - `get_dns_service()` — - `api_base()` — - `api_token()` — - `find_binary()` — Find the autarch-dns binary. - `is_running()` — Check if the DNS service is running. - `start()` — Start the DNS service. - `stop()` — Stop the DNS service. - `status()` — Get service status. ### core/hardware.py - **class `HardwareManager`** — Manages ADB, Fastboot, and Serial/ESP32 devices. - Methods: `get_status`, `adb_devices`, `adb_device_info`, `adb_shell`, `adb_shell_raw`, `adb_reboot`, `adb_install`, `adb_sideload` - `get_hardware_manager()` — - `get_status()` — Get availability status of all backends. - `adb_devices()` — List connected ADB devices. - `adb_device_info(serial)` — Get detailed info about an ADB device. - `adb_shell(serial, command)` — Run a shell command on an ADB device. - `adb_shell_raw(serial, command, timeout)` — Run shell command without safety filter. For exploit modules. - `adb_reboot(serial, mode)` — Reboot an ADB device. mode: system, recovery, bootloader - `adb_install(serial, apk_path)` — Install an APK on device. ### core/iphone_exploit.py - **class `IPhoneExploitManager`** — All iPhone USB exploitation logic using libimobiledevice. - Methods: `get_status`, `list_devices`, `device_info`, `device_info_brief`, `device_info_domain`, `pair_device`, `unpair_device`, `validate_pair` - `get_iphone_manager()` — - `get_status()` — Get availability of libimobiledevice tools. - `list_devices()` — List connected iOS devices. - `device_info(udid)` — Get full device information. - `device_info_brief(udid)` — Get key device info (name, model, iOS version). - `device_info_domain(udid, domain)` — Get device info for a specific domain. - `pair_device(udid)` — Pair with device (requires user trust on device). - `unpair_device(udid)` — Unpair from device. ### core/llm.py - **class `LLMError`** — Exception raised for LLM-related errors. - **class `LLM`** — Wrapper class for llama-cpp-python integration. - Methods: `is_loaded`, `model_name`, `load_model`, `unload_model`, `generate`, `chat`, `clear_history`, `get_history` - **class `TransformersLLM`** — HuggingFace Transformers backend for safetensors models. - Methods: `is_loaded`, `model_name`, `load_model`, `unload_model`, `generate`, `chat`, `clear_history`, `get_history` - `get_llm()` — Get the global LLM instance, auto-loading the model if needed. - `detect_model_type(path)` — Detect the type of model at the given path. - `reset_llm()` — Reset the global LLM instance (used when switching backends). - `is_loaded()` — Check if a model is currently loaded. - `model_name()` — Get the name of the currently loaded model. - `load_model(model_path, verbose)` — Load a GGUF model. - `unload_model()` — Unload the current model and free resources. - `generate(prompt, max_tokens, temperature, top_p)` — Generate text completion. ### core/mcp_server.py - `get_autarch_tools()` — Build the list of AUTARCH tools to expose via MCP. - `execute_tool(name, arguments)` — Execute an AUTARCH tool and return the result as a string. - `create_mcp_server()` — Create and return the FastMCP server instance. - `run_stdio()` — Run the MCP server in stdio mode (for Claude Desktop / Claude Code). - `run_sse(host, port)` — Run the MCP server in SSE (Server-Sent Events) mode for web clients. - `get_mcp_config_snippet()` — Generate the JSON config snippet for Claude Desktop / Claude Code. - `get_server_status()` — Check if the MCP server is running. - `start_sse_server(host, port)` — Start the MCP SSE server in the background. ### core/menu.py - **class `ModuleInfo`** — Information about a loaded module. - **class `MainMenu`** — Main menu handler for AUTARCH. - Methods: `print_status`, `load_modules`, `get_modules_by_category`, `get_status_line`, `display_menu`, `display_category_menu`, `run_module`, `show_settings` - `print_status(message, status)` — Print a status message. - `load_modules()` — Load all available modules from the modules directory. - `get_modules_by_category(category)` — Get all modules in a specific category. - `get_status_line()` — Get the status line showing model and MSF status. - `display_menu()` — Display the main menu. - `display_category_menu(category)` — Display the submenu for a category. - `run_module(module_name)` — Run a specific module. - `show_settings()` — Display settings menu. ### core/model_router.py - **class `ModelTier`** — - **class `_TierConfigProxy`** — Proxies Config but overrides the backend section for a specific model tier. - Methods: `get`, `get_int`, `get_float`, `get_bool`, `get_llama_settings`, `get_transformers_settings`, `get_claude_settings`, `get_huggingface_settings` - **class `ModelRouter`** — Manages up to 3 concurrent LLM instances (SLM, SAM, LAM). - Methods: `status`, `load_tier`, `unload_tier`, `load_all`, `unload_all`, `get_instance`, `is_tier_loaded`, `classify` - `get_model_router()` — Get the global ModelRouter instance. - `reset_model_router()` — Reset the global ModelRouter (unloads all models). - `get(section, key, fallback)` — - `get_int(section, key, fallback)` — - `get_float(section, key, fallback)` — - `get_bool(section, key, fallback)` — - `get_llama_settings()` — - `get_transformers_settings()` — ### core/module_crypto.py - `encrypt_module(source_code, password, metadata)` — Encrypt a Python module source string. - `decrypt_module(data, password)` — Decrypt an .autarch blob. - `encrypt_file(src, dst, password, metadata)` — Encrypt a .py source file to a .autarch file. - `decrypt_file(src, password)` — Decrypt an .autarch file and return (source_code, metadata). - `load_and_exec(path, password, module_name)` — Decrypt and execute an encrypted module. - `read_metadata(path)` — Read only the metadata from an .autarch file without decrypting. - `encrypt(key, iv, plaintext)` — - `decrypt(key, iv, ciphertext)` — ### core/msf.py - **class `MSFError`** — Exception raised for Metasploit-related errors. - **class `MSFModule`** — Information about a Metasploit module. - **class `MetasploitRPC`** — Client for Metasploit RPC API. - Methods: `is_connected`, `connect`, `disconnect`, `get_version`, `list_modules`, `search_modules`, `get_module_info`, `get_module_options` - `check_msgpack()` — Check if msgpack is available, raise error if not. - `get_msf_manager()` — Get the global MSF manager instance. - `msf_startup_autoconnect(skip_if_disabled)` — Perform MSF autoconnect during application startup. - `msf_quick_connect(username, password, host, port)` — Quick non-interactive MSF server setup and connection. - `is_connected()` — Check if connected to MSF RPC. - `connect(password)` — Connect and authenticate to MSF RPC. - `disconnect()` — Disconnect from MSF RPC. - `get_version()` — Get Metasploit version info. ### core/msf_interface.py - **class `MSFStatus`** — Status of an MSF operation. - **class `MSFResult`** — Result from an MSF module execution. - Methods: `success`, `get_summary` - **class `MSFInterface`** — High-level interface for Metasploit operations. - Methods: `manager`, `is_connected`, `last_error`, `ensure_connected`, `run_module`, `run_scanner`, `get_module_info`, `get_module_options` - `get_msf_interface()` — Get the global MSF interface instance. - `success()` — - `get_summary()` — Get a brief summary of the result. - `manager()` — Get or create the MSF manager. - `is_connected()` — Check if connected to MSF RPC. - `last_error()` — Get the last error message. - `ensure_connected(password, auto_prompt)` — Ensure we have a valid connection to MSF RPC. - `run_module(module_path, options, timeout, auto_reconnect)` — Execute an MSF module and return parsed results. ### core/msf_modules.py - `get_module_info(module_path)` — Get information about a module. - `get_module_description(module_path)` — Get just the description for a module. - `search_modules(query, max_results)` — Search modules by keyword. - `get_modules_by_type(module_type)` — Get all modules of a specific type. - `get_modules_by_tag(tag)` — Get all modules with a specific tag. - `get_modules_by_platform(platform)` — Get all modules for a specific platform. - `get_module_options(module_path)` — Get the common options for a module. - `format_module_help(module_path)` — Get formatted help text for a module. ### core/msf_terms.py - `get_setting_info(name)` — Get information about an MSF setting. - `get_setting_description(name)` — Get just the description for a setting. - `get_setting_prompt(name, default, required)` — Get a formatted input prompt for a setting. - `format_setting_help(name, include_examples, include_notes)` — Get a formatted help text for a setting. - `get_settings_by_category(category)` — Get all settings in a category. - `get_common_settings()` — Get list of most commonly used settings. - `get_category_info(category)` — Get information about a setting category. - `list_all_settings()` — Get list of all known setting names. ### core/paths.py - `is_frozen()` — Return True if running from a PyInstaller bundle. - `get_app_dir()` — Return the writable application root directory. - `get_bundle_dir()` — Return the bundle directory (read-only assets: templates, static, default modules). - `get_core_dir()` — - `get_modules_dir()` — Return the bundled modules directory (read-only in frozen mode). - `get_user_modules_dir()` — Return the user modules directory (writable, next to exe). - `get_data_dir()` — - `get_config_path()` — Return config path. Writable copy lives next to the exe; ### core/pentest_pipeline.py - **class `ParsingModule`** — Normalizes raw tool output into structured summaries. - Methods: `parse` - **class `ReasoningModule`** — Maintains PTT and decides next actions. - Methods: `reason` - **class `GenerationModule`** — Converts abstract tasks into concrete commands. - Methods: `generate` - `detect_source_type(output)` — Auto-detect tool output type from content patterns. - `parse(raw_output, source_type, context)` — Parse raw tool output into normalized summary. - `reason(parsed_output, context)` — Three-step reasoning: update tree, validate, extract next todo. - `generate(task_description, target, context)` — Generate executable commands for a task. - `process_output(raw_output, source_type)` — Full pipeline: parse -> reason -> generate. - `get_initial_plan()` — Generate initial pentest plan for the target. - `inject_information(info, source)` — Inject external information and get updated recommendations. - `discuss(question)` — Ad-hoc question that doesn't affect the tree. ### core/pentest_session.py - **class `PentestSessionState`** — - **class `SessionEvent`** — A single event in the session timeline. - Methods: `to_dict`, `from_dict` - **class `PentestSession`** — Manages a single penetration testing session. - Methods: `start`, `pause`, `resume`, `complete`, `set_error`, `log_event`, `log_pipeline_result`, `add_finding` - `to_dict()` — - `from_dict(cls, data)` — - `start()` — Initialize a new session. - `pause()` — Pause the session and save state. - `resume()` — Resume a paused session. - `complete(summary)` — Mark session as completed. - `set_error(error_msg)` — Mark session as errored. - `log_event(event_type, data)` — Log an event to the session timeline. ### core/pentest_tree.py - **class `NodeStatus`** — - **class `PTTNodeType`** — - **class `PTTNode`** — A single node in the Penetration Testing Tree. - Methods: `to_dict`, `from_dict` - `to_dict()` — - `from_dict(cls, data)` — - `add_node(label, node_type, parent_id, details)` — Add a node to the tree. Returns the new node's ID. - `update_node(node_id, status, details, tool_output)` — Update a node's properties. Returns True if found and updated. - `delete_node(node_id)` — Delete a node and all its children recursively. - `get_node(node_id)` — - `get_next_todo()` — Get the highest priority TODO node. - `get_all_by_status(status)` — ### core/report_generator.py - **class `ReportGenerator`** — Generate HTML reports for OSINT scan results. - Methods: `generate_username_report`, `generate_geoip_report`, `generate_security_audit_report`, `generate_network_scan_report`, `generate_vulnerability_report`, `generate_pentest_report` - `get_report_generator(output_dir)` — Get a ReportGenerator instance. - `generate_username_report(username, results, total_checked, scan_time)` — Generate HTML report for username scan. - `generate_geoip_report(results)` — Generate HTML report for GEO IP lookups. - `generate_security_audit_report(system_info, issues, score)` — Generate HTML report for security audit. - `generate_network_scan_report(target, hosts, scan_time)` — Generate HTML report for network scan. - `generate_vulnerability_report(target, correlations, scan_time)` — Generate HTML report for vulnerability scan. - `generate_pentest_report(target, network_data, vuln_data, exploit_data)` — Generate combined pentest report. - `get_confidence_class(conf)` — ### core/revshell.py - **class `RevShellSession`** — Active reverse shell session with an Archon device. - Methods: `alive`, `device_name`, `android_version`, `uid`, `uptime`, `execute`, `execute_special`, `sysinfo` - **class `RevShellListener`** — TCP listener for incoming Archon reverse shell connections. - Methods: `running`, `active_sessions`, `start`, `stop`, `get_session`, `list_sessions`, `remove_session`, `save_screenshot` - `get_listener()` — Get or create the global RevShellListener singleton. - `start_listener(host, port, token)` — Start the global listener. - `stop_listener()` — Stop the global listener. - `alive()` — - `device_name()` — - `android_version()` — - `uid()` — - `uptime()` — ### core/rsf.py - **class `RSFError`** — Custom exception for RouterSploit operations. - **class `RSFModuleInfo`** — Metadata for a RouterSploit module. - **class `RSFManager`** — Manager for RouterSploit framework operations. - Methods: `is_available`, `reset_cache`, `index_all_modules`, `get_module_count`, `get_modules_by_type`, `search_modules`, `load_module`, `get_module_options` - `get_rsf_manager()` — Get the global RSFManager singleton instance. - `is_available()` — Check if RouterSploit is importable. Caches result. - `reset_cache()` — Reset cached state (availability, module index). - `index_all_modules()` — Discover all RSF modules. Returns list of dotted module paths. - `get_module_count()` — Get total number of indexed modules. - `get_modules_by_type(module_type)` — Filter modules by type (exploits, creds, scanners, payloads, encoders, generic). - `search_modules(query)` — Search modules by substring match on path. - `load_module(path)` — Load a RouterSploit module by path. ### core/rsf_interface.py - **class `RSFStatus`** — Status codes for RSF operations. - **class `RSFResult`** — Result of an RSF module execution. - **class `RSFInterface`** — High-level interface for RouterSploit operations. - Methods: `ensure_available`, `is_available`, `module_count`, `list_modules`, `search_modules`, `get_module_info`, `get_module_options`, `check_module` - `get_rsf_interface()` — Get the global RSFInterface singleton instance. - `ensure_available()` — Check that RSF is importable and available. - `is_available()` — Check if RSF is available without raising. - `module_count()` — Get total number of available modules. - `list_modules(module_type)` — List available modules, optionally filtered by type. - `search_modules(query)` — Search modules by keyword. - `get_module_info(path)` — Get metadata for a module. - `get_module_options(path)` — Get configurable options for a module. ### core/rsf_modules.py - `get_module_info(module_path)` — Get curated module info by path. - `get_module_description(module_path)` — Get just the description for a module. - `search_modules(query)` — Search curated modules by keyword. - `get_modules_by_type(module_type)` — Get curated modules filtered by type. - `format_module_help(module_path)` — Format detailed help text for a module. - `get_all_modules()` — Get all curated modules. - `get_type_info(module_type)` — Get info about a module type. ### core/rsf_terms.py - `get_setting_info(name)` — Get full setting information by name. - `get_setting_prompt(name, default, required)` — Get a formatted input prompt for a setting. - `format_setting_help(name, include_examples, include_notes)` — Get formatted help text for a setting. - `validate_setting_value(name, value)` — Validate a setting value against its type. ### core/rules.py - **class `Rule`** — A single automation rule. - Methods: `to_dict`, `from_dict` - **class `RulesEngine`** — Evaluates automation rules against a threat context. - Methods: `save`, `add_rule`, `update_rule`, `delete_rule`, `get_rule`, `get_all_rules`, `evaluate` - `to_dict()` — - `from_dict(cls, d)` — - `save()` — Save rules to JSON file. - `add_rule(rule)` — - `update_rule(rule_id, updates)` — - `delete_rule(rule_id)` — - `get_rule(rule_id)` — - `get_all_rules()` — ### core/sites_db.py - **class `SitesDatabase`** — Unified OSINT sites database with SQLite storage. - Methods: `get_stats`, `get_sites`, `get_site`, `search_sites`, `get_categories`, `get_sites_for_scan`, `get_site_by_url`, `toggle_site` - `get_sites_db()` — Get the global sites database instance. - `get_stats()` — Get database statistics. - `get_sites(category, include_nsfw, enabled_only, source)` — Get sites from database. - `get_site(name)` — Get a specific site by name. - `search_sites(query, include_nsfw, limit)` — Search sites by name. - `get_categories()` — Get all categories with site counts. - `get_sites_for_scan(categories, include_nsfw, max_sites, sort_alphabetically)` — Get sites optimized for username scanning with detection patterns. - `get_site_by_url(url_template)` — Get a site by its URL template. ### core/tools.py - **class `ToolParameter`** — Definition of a tool parameter. - **class `Tool`** — Definition of an agent tool. - Methods: `to_schema`, `execute` - **class `ToolRegistry`** — Registry for managing available tools. - Methods: `register`, `unregister`, `get`, `list_tools`, `get_tools_schema`, `get_tools_prompt`, `execute` - `get_tool_registry()` — Get the global tool registry. - `to_schema()` — Convert tool to JSON schema for LLM. - `execute()` — Execute the tool with given parameters. - `register(tool)` — Register a tool. - `unregister(name)` — Unregister a tool by name. - `get(name)` — Get a tool by name. - `list_tools()` — List all registered tools. - `get_tools_schema()` — Get JSON schema for all tools. ### core/tray.py - **class `TrayManager`** — Manages the system tray icon and Flask server lifecycle. - Methods: `start_server`, `stop_server`, `restart_server`, `open_browser`, `quit`, `run` - `create_icon_image(size)` — Load tray icon from .ico file, falling back to programmatic generation. - `start_server()` — Start the Flask web server in a background thread. - `stop_server()` — Stop the Flask web server. - `restart_server()` — Stop and restart the Flask web server. - `open_browser()` — Open the dashboard in the default web browser. - `quit()` — Stop server and exit the tray icon. ### core/upnp.py - **class `UPnPManager`** — UPnP port forwarding manager wrapping the upnpc CLI. - Methods: `is_available`, `list_mappings`, `add_mapping`, `remove_mapping`, `get_external_ip`, `refresh_all`, `load_mappings_from_config`, `save_mappings_to_config` - `get_upnp_manager(config)` — Get the global UPnP manager instance. - `is_available()` — Check if upnpc is installed. - `list_mappings()` — List current UPnP port mappings. - `add_mapping(internal_ip, internal_port, external_port, protocol)` — Add a UPnP port mapping. - `remove_mapping(external_port, protocol)` — Remove a UPnP port mapping. - `get_external_ip()` — Get the external IP via UPnP. - `refresh_all()` — Re-add all configured port mappings. Returns list of results. - `load_mappings_from_config()` — Load port mappings from config file. ### core/wireguard.py - **class `WireGuardManager`** — WireGuard VPN + Remote ADB manager. - Methods: `is_available`, `get_server_status`, `start_interface`, `stop_interface`, `restart_interface`, `generate_keypair`, `generate_preshared_key`, `get_next_ip` - `get_wireguard_manager(config)` — - `is_available()` — Check if wg binary exists. - `get_server_status()` — Parse wg show for interface info. - `start_interface()` — Start WireGuard interface with wg-quick. - `stop_interface()` — Stop WireGuard interface with wg-quick. - `restart_interface()` — Restart WireGuard interface. - `generate_keypair()` — Generate WireGuard keypair. Returns (private_key, public_key). - `generate_preshared_key()` — Generate WireGuard preshared key. ### core/wireshark.py - **class `WiresharkManager`** — Packet capture and analysis using scapy + optional tshark. - Methods: `scapy_available`, `tshark_available`, `can_capture`, `get_status`, `list_interfaces`, `start_capture`, `stop_capture`, `get_capture_stats` - `get_wireshark_manager()` — Get the global WiresharkManager instance. - `scapy_available()` — - `tshark_available()` — - `can_capture()` — Check if live capture is possible (needs root + libpcap). - `get_status()` — Get engine status. - `list_interfaces()` — List available network interfaces. - `start_capture(interface, bpf_filter, duration, output_file)` — Start packet capture in a background thread. - `stop_capture()` — Stop running capture. ### Common Imports for Modules ```python # Colors and display from core.banner import Colors, clear_screen, display_banner # Configuration from core.config import get_config # LLM access from core.llm import get_llm, LLMError # Agent tools from core.tools import get_tool_registry # File paths from core.paths import get_app_dir, get_data_dir, find_tool # Hardware (ADB/Fastboot) from core.hardware import get_hardware_manager # Available Colors Colors.RED, Colors.GREEN, Colors.YELLOW, Colors.BLUE, Colors.MAGENTA, Colors.CYAN, Colors.WHITE, Colors.BOLD, Colors.DIM, Colors.RESET ``` --- ## 3. Web Route Patterns Routes live in `web/routes/`. Each file defines a Flask Blueprint. ### Blueprint Template ```python from flask import Blueprint, render_template, request, jsonify from web.auth import login_required myfeature_bp = Blueprint('myfeature', __name__, url_prefix='/myfeature') @myfeature_bp.route('/') @login_required def index(): return render_template('myfeature.html') @myfeature_bp.route('/action', methods=['POST']) @login_required def action(): data = request.get_json(silent=True) or {} # Process... return jsonify({'ok': True, 'result': ...}) ``` ### Registration In `web/app.py`, add: ```python from web.routes.myfeature import myfeature_bp app.register_blueprint(myfeature_bp) ``` ### Existing Routes **ad_audit** (22 routes) - `GET /` → `index` - `POST /connect` → `connect` - `POST /disconnect` → `disconnect` - `GET /status` → `status` - `GET /users` → `users` - ... and 17 more **analyze** (13 routes) - `GET /` → `index` - `POST /file` → `analyze_file` - `POST /strings` → `extract_strings` - `POST /hash` → `hash_lookup` - `POST /log` → `analyze_log` - ... and 8 more **android_exploit** (81 routes) - `GET /` → `index` - `POST /apps/list` → `apps_list` - `POST /apps/pull-apk` → `apps_pull_apk` - `POST /apps/pull-data` → `apps_pull_data` - `POST /apps/shared-prefs` → `apps_shared_prefs` - ... and 76 more **android_protect** (63 routes) - `GET /` → `index` - `POST /scan/quick` → `scan_quick` - `POST /scan/full` → `scan_full` - `POST /scan/export` → `scan_export` - `POST /scan/stalkerware` → `scan_stalkerware` - ... and 58 more **anti_forensics** (14 routes) - `GET /` → `index` - `GET /capabilities` → `capabilities` - `POST /delete/file` → `delete_file` - `POST /delete/directory` → `delete_directory` - `POST /wipe` → `wipe_free_space` - ... and 9 more **api_fuzzer** (12 routes) - `GET /` → `index` - `POST /discover` → `discover` - `POST /openapi` → `parse_openapi` - `POST /fuzz` → `fuzz` - `POST /auth/bypass` → `auth_bypass` - ... and 7 more **archon** (11 routes) - `GET /` → `index` - `POST /shell` → `shell` - `POST /pull` → `pull` - `POST /push` → `push` - `GET /packages` → `packages` - ... and 6 more **auth_routes** (4 routes) - `GET,POST /login` → `login` - `POST /api/login` → `api_login` - `GET /api/check` → `api_check` - `GET /logout` → `logout` **autonomy** (16 routes) - `GET /` → `index` - `GET /status` → `status` - `POST /start` → `start` - `POST /stop` → `stop` - `POST /pause` → `pause` - ... and 11 more **ble_scanner** (12 routes) - `GET /` → `index` - `GET /status` → `status` - `POST /scan` → `scan` - `GET /devices` → `devices` - `GET /device/
` → `device_detail` - ... and 7 more **c2_framework** (13 routes) - `GET /c2/` → `index` - `GET /c2/listeners` → `list_listeners` - `POST /c2/listeners` → `start_listener` - `DELETE /c2/listeners/` → `stop_listener` - `GET /c2/agents` → `list_agents` - ... and 8 more **chat** (6 routes) - `POST /chat` → `chat` - `POST /chat/reset` → `chat_reset` - `GET /chat/status` → `chat_status` - `POST /agent/run` → `agent_run` - `GET /agent/stream/` → `agent_stream` - ... and 1 more **cloud_scan** (8 routes) - `GET /` → `index` - `POST /s3/enum` → `s3_enum` - `POST /gcs/enum` → `gcs_enum` - `POST /azure/enum` → `azure_enum` - `POST /services` → `exposed_services` - ... and 3 more **container_sec** (16 routes) - `GET /` → `index` - `GET /status` → `status` - `POST /docker/audit` → `docker_audit` - `GET /docker/containers` → `docker_containers` - `POST /docker/containers//audit` → `docker_container_audit` - ... and 11 more **counter** (4 routes) - `GET /` → `index` - `POST /scan` → `scan` - `POST /check/` → `check` - `GET /logins` → `logins` **dashboard** (4 routes) - `GET /` → `index` - `GET /manual` → `manual` - `GET /manual/windows` → `manual_windows` - `POST /api/modules/reload` → `reload_modules` **deauth** (14 routes) - `GET /` → `index` - `GET /interfaces` → `interfaces` - `POST /monitor/start` → `monitor_start` - `POST /monitor/stop` → `monitor_stop` - `POST /scan/networks` → `scan_networks` - ... and 9 more **defense** (51 routes) - `GET /` → `index` - `GET /linux` → `linux_index` - `POST /linux/audit` → `linux_audit` - `POST /linux/check/` → `linux_check` - `GET /linux/firewall/rules` → `linux_firewall_rules` - ... and 46 more **dns_service** (51 routes) - `GET /` → `index` - `GET /nameserver` → `nameserver` - `GET /network-info` → `network_info` - `GET /nameserver/binary-info` → `binary_info` - `POST /nameserver/query` → `query_test` - ... and 46 more **email_sec** (12 routes) - `GET /` → `index` - `POST /domain` → `analyze_domain` - `POST /spf` → `check_spf` - `POST /dmarc` → `check_dmarc` - `POST /dkim` → `check_dkim` - ... and 7 more **encmodules** (8 routes) - `GET /` → `index` - `POST /upload` → `upload` - `POST /verify` → `verify` - `POST /run` → `run_module` - `GET /stream/` → `stream` - ... and 3 more **exploit_dev** (12 routes) - `GET /` → `index` - `POST /shellcode` → `shellcode` - `GET /shellcodes` → `list_shellcodes` - `POST /encode` → `encode` - `POST /pattern/create` → `pattern_create` - ... and 7 more **forensics** (10 routes) - `GET /` → `index` - `POST /hash` → `hash_file` - `POST /verify` → `verify_hash` - `POST /image` → `create_image` - `POST /carve` → `carve_files` - ... and 5 more **hack_hijack** (10 routes) - `GET /hack-hijack/` → `index` - `POST /hack-hijack/scan` → `start_scan` - `GET /hack-hijack/scan//stream` → `scan_stream` - `GET /hack-hijack/scan/` → `scan_status` - `POST /hack-hijack/takeover` → `attempt_takeover` - ... and 5 more **hardware** (25 routes) - `GET /` → `index` - `GET /status` → `status` - `GET /adb/devices` → `adb_devices` - `POST /adb/info` → `adb_info` - `POST /adb/shell` → `adb_shell` - ... and 20 more **incident_resp** (19 routes) - `GET /` → `index` - `POST /incidents` → `create_incident` - `GET /incidents` → `list_incidents` - `GET /incidents/` → `get_incident` - `PUT /incidents/` → `update_incident` - ... and 14 more **ipcapture** (12 routes) - `GET /ipcapture/` → `index` - `GET /ipcapture/links` → `list_links` - `POST /ipcapture/links` → `create_link` - `GET /ipcapture/links/` → `get_link` - `DELETE /ipcapture/links/` → `delete_link` - ... and 7 more **iphone_exploit** (35 routes) - `GET /` → `index` - `POST /devices` → `list_devices` - `POST /device-info` → `device_info` - `POST /fingerprint` → `fingerprint` - `POST /pair` → `pair` - ... and 30 more **llm_trainer** (18 routes) - `GET /` → `index` - `POST /deps` → `check_deps` - `POST /deps/install` → `install_deps` - `POST /scan` → `scan_codebase` - `POST /dataset/generate` → `generate_dataset` - ... and 13 more **loadtest** (7 routes) - `GET /` → `index` - `POST /start` → `start` - `POST /stop` → `stop` - `POST /pause` → `pause` - `POST /resume` → `resume` - ... and 2 more **log_correlator** (10 routes) - `GET /` → `index` - `POST /ingest/file` → `ingest_file` - `POST /ingest/text` → `ingest_text` - `GET /search` → `search` - `GET,DELETE /alerts` → `alerts` - ... and 5 more **malware_sandbox** (9 routes) - `GET /` → `index` - `GET /status` → `status` - `POST /submit` → `submit` - `GET /samples` → `samples` - `POST /static` → `static_analysis` - ... and 4 more **mitm_proxy** (16 routes) - `GET /` → `index` - `POST /start` → `start` - `POST /stop` → `stop` - `GET /status` → `status` - `POST /ssl-strip` → `ssl_strip` - ... and 11 more **module_creator** (7 routes) - `GET /` → `index` - `GET /templates` → `templates` - `POST /create` → `create` - `POST /validate` → `validate` - `GET /list` → `list_modules` - ... and 2 more **msf** (4 routes) - `GET /` → `index` - `GET /status` → `status` - `POST /connect` → `connect` - `POST /console/send` → `console_send` **net_mapper** (9 routes) - `GET /net-mapper/` → `index` - `POST /net-mapper/discover` → `discover` - `GET /net-mapper/discover/` → `discover_status` - `POST /net-mapper/scan-host` → `scan_host` - `POST /net-mapper/topology` → `build_topology` - ... and 4 more **network** (15 routes) - `GET /` → `index` - `POST /connections` → `connections` - `POST /arp-table` → `arp_table` - `POST /interfaces` → `interfaces` - `POST /ids/scan` → `ids_scan` - ... and 10 more **offense** (15 routes) - `GET /` → `index` - `GET /status` → `status` - `POST /connect` → `connect` - `POST /disconnect` → `disconnect` - `POST /server/start` → `start_server` - ... and 10 more **osint** (11 routes) - `GET /` → `index` - `GET /categories` → `get_categories` - `GET /stats` → `db_stats` - `GET /search/stream` → `search_stream` - `GET /dossiers` → `list_dossiers` - ... and 6 more **password_toolkit** (13 routes) - `GET /password-toolkit/` → `index` - `POST /password-toolkit/identify` → `identify_hash` - `POST /password-toolkit/crack` → `crack_hash` - `GET /password-toolkit/crack/` → `crack_status` - `POST /password-toolkit/generate` → `generate` - ... and 8 more **phishmail** (35 routes) - `GET /` → `index` - `POST /send` → `send` - `POST /validate` → `validate` - `GET /campaigns` → `list_campaigns` - `POST /campaigns` → `create_campaign` - ... and 30 more **pineapple** (23 routes) - `GET /` → `index` - `GET /interfaces` → `interfaces` - `GET /tools` → `tools_status` - `POST /start` → `start_ap` - `POST /stop` → `stop_ap` - ... and 18 more **port_scanner** (5 routes) - `GET /` → `index` - `POST /start` → `start_scan` - `GET /stream/` → `stream` - `GET /result/` → `get_result` - `POST /cancel/` → `cancel_scan` **rcs_tools** (79 routes) - `GET /` → `index` - `GET /status` → `status` - `GET /device` → `device` - `GET /shizuku` → `shizuku` - `GET /archon` → `archon` - ... and 74 more **report_engine** (11 routes) - `GET /reports/` → `index` - `GET /reports/list` → `list_reports` - `POST /reports/create` → `create_report` - `GET /reports/` → `get_report` - `PUT /reports/` → `update_report` - ... and 6 more **reverse_eng** (13 routes) - `GET /` → `index` - `POST /analyze` → `analyze` - `POST /strings` → `strings` - `POST /disassemble` → `disassemble` - `POST /hex` → `hex_dump` - ... and 8 more **revshell** (18 routes) - `GET /` → `index` - `POST /listener/start` → `listener_start` - `POST /listener/stop` → `listener_stop` - `POST /listener/status` → `listener_status` - `POST /sessions` → `list_sessions` - ... and 13 more **rfid_tools** (14 routes) - `GET /` → `index` - `GET /tools` → `tools_status` - `POST /lf/search` → `lf_search` - `POST /lf/read/em410x` → `lf_read_em` - `POST /lf/clone` → `lf_clone` - ... and 9 more **sdr_tools** (22 routes) - `GET /` → `index` - `GET /devices` → `devices` - `POST /spectrum` → `spectrum` - `POST /capture/start` → `capture_start` - `POST /capture/stop` → `capture_stop` - ... and 17 more **settings** (29 routes) - `GET /` → `index` - `POST /password` → `change_password` - `POST /osint` → `update_osint` - `POST /upnp` → `update_upnp` - `POST /llm` → `update_llm` - ... and 24 more **simulate** (7 routes) - `GET /` → `index` - `POST /password` → `password_audit` - `POST /portscan` → `port_scan` - `POST /banner` → `banner_grab` - `POST /payloads` → `generate_payloads` - ... and 2 more **sms_forge** (21 routes) - `GET /` → `index` - `GET /status` → `status` - `GET /messages` → `messages` - `POST /sms` → `add_sms` - `POST /mms` → `add_mms` - ... and 16 more **social_eng** (18 routes) - `GET /` → `index` - `POST /clone` → `clone_page` - `GET /pages` → `list_pages` - `GET /pages/` → `get_page` - `DELETE /pages/` → `delete_page` - ... and 13 more **starlink_hack** (29 routes) - `GET /` → `index` - `GET /status` → `status` - `POST /discover` → `discover` - `GET /dish-status` → `dish_status` - `GET /dish-info` → `dish_info` - ... and 24 more **steganography** (8 routes) - `GET /` → `index` - `GET /capabilities` → `capabilities` - `POST /capacity` → `capacity` - `POST /hide` → `hide` - `POST /extract` → `extract` - ... and 3 more **targets** (7 routes) - `GET /` → `index` - `POST /add` → `add` - `POST /update/` → `update` - `POST /delete/` → `delete` - `POST /status/` → `set_status` - ... and 2 more **threat_intel** (13 routes) - `GET /` → `index` - `GET,POST,DELETE /iocs` → `iocs` - `POST /iocs/import` → `import_iocs` - `GET /iocs/export` → `export_iocs` - `GET /iocs/detect` → `detect_type` - ... and 8 more **upnp** (5 routes) - `GET /` → `index` - `POST /refresh` → `refresh` - `POST /add` → `add` - `POST /remove` → `remove` - `POST /cron` → `cron` **vuln_scanner** (10 routes) - `GET /` → `index` - `POST /scan` → `start_scan` - `GET /scan/` → `get_scan` - `GET /scans` → `list_scans` - `DELETE /scan/` → `delete_scan` - ... and 5 more **webapp_scanner** (7 routes) - `GET /web-scanner/` → `index` - `POST /web-scanner/quick` → `quick_scan` - `POST /web-scanner/dirbust` → `dir_bruteforce` - `GET /web-scanner/dirbust/` → `dirbust_status` - `POST /web-scanner/subdomain` → `subdomain_enum` - ... and 2 more **wifi_audit** (18 routes) - `GET /` → `index` - `GET /tools` → `tools_status` - `GET /interfaces` → `interfaces` - `POST /monitor/enable` → `monitor_enable` - `POST /monitor/disable` → `monitor_disable` - ... and 13 more **wireguard** (25 routes) - `GET /` → `index` - `POST /server/status` → `server_status` - `POST /server/start` → `server_start` - `POST /server/stop` → `server_stop` - `POST /server/restart` → `server_restart` - ... and 20 more **wireshark** (14 routes) - `GET /` → `index` - `GET /status` → `status` - `GET /interfaces` → `interfaces` - `POST /capture/start` → `capture_start` - `POST /capture/stop` → `capture_stop` - ... and 9 more --- ## 4. Template Patterns Templates live in `web/templates/` and use Jinja2 extending `base.html`. ### Template Structure ```html {%% extends "base.html" %%} {%% block title %%}Feature Name - AUTARCH{%% endblock %%} {%% block content %%}

Feature Name

Section Title

{%% endblock %%} ``` ### CSS Variables Available ``` --bg-main, --bg-card, --bg-secondary, --bg-input --text-primary, --text-secondary, --text-muted --accent (green), --danger (red), --border --radius (border radius), --success (green) ``` ### Common UI Patterns - Tab bar: `
` - Card: `
` - Table: `......
` - Button: `` - Form: `
Help text
` ### Templates (74 total) - `ad_audit.html` (extends: base.html) - `analyze.html` (extends: base.html) - `android_exploit.html` (extends: base.html) - `android_protect.html` (extends: base.html) - `anti_forensics.html` (extends: base.html) - `api_fuzzer.html` (extends: base.html) - `archon.html` (extends: base.html) - `autonomy.html` (extends: base.html) - `base.html` (extends: none) - `ble_scanner.html` (extends: base.html) - `c2_framework.html` (extends: base.html) - `category.html` (extends: base.html) - `cloud_scan.html` (extends: base.html) - `container_sec.html` (extends: base.html) - `counter.html` (extends: base.html) - `dashboard.html` (extends: base.html) - `deauth.html` (extends: base.html) - `defense.html` (extends: base.html) - `defense_linux.html` (extends: base.html) - `defense_monitor.html` (extends: base.html) - `defense_windows.html` (extends: base.html) - `dns_nameserver.html` (extends: base.html) - `dns_service.html` (extends: base.html) - `email_sec.html` (extends: base.html) - `encmodules.html` (extends: base.html) - `exploit_dev.html` (extends: base.html) - `forensics.html` (extends: base.html) - `hack_hijack.html` (extends: base.html) - `hardware.html` (extends: base.html) - `hash_detection.html` (extends: base.html) - `incident_resp.html` (extends: base.html) - `ipcapture.html` (extends: base.html) - `iphone_exploit.html` (extends: base.html) - `legendary_creator.html` (extends: base.html) - `llm_settings.html` (extends: base.html) - `llm_trainer.html` (extends: base.html) - `loadtest.html` (extends: base.html) - `log_correlator.html` (extends: base.html) - `login.html` (extends: base.html) - `malware_sandbox.html` (extends: base.html) - `manual.html` (extends: base.html) - `mcp_settings.html` (extends: base.html) - `mitm_proxy.html` (extends: base.html) - `module_creator.html` (extends: base.html) - `msf.html` (extends: base.html) - `net_mapper.html` (extends: base.html) - `network.html` (extends: base.html) - `offense.html` (extends: base.html) - `osint.html` (extends: base.html) - `password_toolkit.html` (extends: base.html) - `phishmail.html` (extends: base.html) - `pineapple.html` (extends: base.html) - `port_scanner.html` (extends: base.html) - `rcs_tools.html` (extends: base.html) - `report_engine.html` (extends: base.html) - `reverse_eng.html` (extends: base.html) - `revshell.html` (extends: base.html) - `rfid_tools.html` (extends: base.html) - `sdr_tools.html` (extends: base.html) - `settings.html` (extends: base.html) - `simulate.html` (extends: base.html) - `sms_forge.html` (extends: base.html) - `social_eng.html` (extends: base.html) - `starlink_hack.html` (extends: base.html) - `steganography.html` (extends: base.html) - `system_deps.html` (extends: base.html) - `targets.html` (extends: base.html) - `threat_intel.html` (extends: base.html) - `upnp.html` (extends: base.html) - `vuln_scanner.html` (extends: base.html) - `webapp_scanner.html` (extends: base.html) - `wifi_audit.html` (extends: base.html) - `wireguard.html` (extends: base.html) - `wireshark.html` (extends: base.html) --- ## 5. Configuration System Config is managed by `core/config.py` using Python's configparser. File: `autarch_settings.conf` (INI format). ### Config Sections - **[llama]**: model_path, n_ctx, n_threads, n_gpu_layers, gpu_backend, temperature, top_p, top_k ... +3 more - **[autarch]**: first_run, modules_path, verbose, quiet, no_banner, llm_backend - **[claude]**: api_key, model, max_tokens, temperature - **[osint]**: max_threads, timeout, include_nsfw - **[pentest]**: max_pipeline_steps, output_chunk_size, auto_execute, save_raw_output - **[transformers]**: model_path, device, torch_dtype, load_in_8bit, load_in_4bit, trust_remote_code, max_tokens, temperature ... +3 more - **[rsf]**: install_path, enabled, default_target, default_port, execution_timeout - **[upnp]**: enabled, internal_ip, refresh_hours, mappings - **[web]**: host, port, secret_key, mcp_port - **[mcp]**: enabled, auto_start, transport, host, port, log_level, instructions, auth_enabled ... +16 more - **[revshell]**: enabled, host, port, auto_start - **[slm]**: enabled, backend, model_path, n_ctx, n_gpu_layers, n_threads - **[sam]**: enabled, backend, model_path, n_ctx, n_gpu_layers, n_threads - **[lam]**: enabled, backend, model_path, n_ctx, n_gpu_layers, n_threads - **[agents]**: backend, local_max_steps, local_verbose, claude_enabled, claude_model, claude_max_tokens, claude_max_steps, openai_enabled ... +4 more - **[autonomy]**: enabled, monitor_interval, rule_eval_interval, max_concurrent_agents, threat_threshold_auto_respond, log_max_entries ### Usage in Code ```python from core.config import get_config config = get_config() # Read values val = config.get('section', 'key', 'default') num = config.get_int('section', 'key', 0) flt = config.get_float('section', 'key', 0.0) bol = config.get_bool('section', 'key', False) # Write values config.set('section', 'key', 'value') config.save() # Typed getters config.get_llama_settings() # dict config.get_claude_settings() # dict config.get_mcp_settings() # dict config.get_agents_settings() # dict config.get_autonomy_settings() # dict ``` --- ## 6. Adding to the Navigation Edit `web/templates/base.html`. The sidebar has sections: - Top (Dashboard, Port Scanner, Targets) - Categories (Defense, Offense, Counter, Analyze, OSINT, Simulate) - Network (Network Security, Wireshark, Net Mapper) - Tools (Create Module, Enc Modules, Hardware, exploits, Shield, etc.) - System (UPnP, WireGuard, MSF Console, DNS, Settings, etc.) Add a nav item: ```html
  • My Feature
    • ``` Sub-items use: `style="padding-left:1.5rem;font-size:0.85rem"` with `└` prefix. --- ## 7. MCP Tool System Tools exposed via Model Context Protocol (MCP) are defined in `core/mcp_server.py`. To add a new MCP tool: ```python # In create_mcp_server(), add: @mcp.tool() def my_tool(param1: str, param2: int = 10) -> str: """Description of what the tool does.""" return execute_tool('my_tool', {'param1': param1, 'param2': param2}) # In execute_tool(), add the handler: elif name == 'my_tool': return _run_my_tool(arguments) # Implement the handler: def _run_my_tool(args: dict) -> str: # ... implementation return json.dumps({'result': ...}) ```