Files

SsSnake da53899f66 AUTARCH v1.9 — remote monitoring, SSH manager, daemon, vault, cleanup

- Add Remote Monitoring Station with PIAP device profile system
- Add SSH/SSHD manager with fail2ban integration
- Add privileged daemon architecture for safe root operations
- Add encrypted vault, HAL memory, HAL auto-analyst
- Add network security suite, module creator, codex training
- Add start.sh launcher script and GTK3 desktop launcher
- Remove Output/ build artifacts, installer files, loose docs
- Update .gitignore for runtime data and build artifacts
- Update README for v1.9 with new launch method, screenshots, and features

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-24 06:59:06 -07:00

52 KiB

Raw Blame History

AUTARCH Codex

Codebase Knowledge Reference for AI Agents

Generated: 2026-03-20 05:05:31

This document is auto-generated by scripts/build_codex.py and provides structured knowledge about the AUTARCH codebase for LLM agents to use when creating modules, routes, templates, and features.

1. Module System

AUTARCH modules are Python files in the modules/ directory. Each module:

Has a run() function as the entry point
Declares metadata: DESCRIPTION, AUTHOR, VERSION, CATEGORY
Is auto-discovered by core/menu.py at startup
Can be run via CLI (python autarch.py -m <name>) or from the web UI

Required Module Attributes

DESCRIPTION = "Short description of what the module does"
AUTHOR = "Your Name"
VERSION = "1.0"
CATEGORY = "defense"  # One of: defense, offense, counter, analyze, osint, simulate, core, hardware

Module Template

"""
Module description here.
"""

DESCRIPTION = "Short description"
AUTHOR = "darkHal"
VERSION = "1.0"
CATEGORY = "defense"

import sys
from pathlib import Path
sys.path.insert(0, str(Path(__file__).parent.parent))
from core.banner import Colors, clear_screen, display_banner


def run():
    """Main entry point — REQUIRED."""
    clear_screen()
    display_banner()
    print(f"{Colors.BOLD}Module Name{Colors.RESET}")
    print(f"{Colors.DIM}{'─' * 50}{Colors.RESET}\n")

    # Module logic here


if __name__ == "__main__":
    run()

Categories and Module Counts

defense (12): android_protect, container_sec, defender, defender_monitor, defender_windows, email_sec, incident_resp, log_correlator, mysystem, threat_intel ... and 2 more
offense (29): ad_audit, android_advanced, android_boot, android_payload, android_recon, android_root, android_screen, android_sms, api_fuzzer, c2_framework ... and 19 more
counter (3): anti_forensics, counter, steganography
analyze (12): analyze, ble_scanner, forensics, llm_trainer, malware_sandbox, net_mapper, password_toolkit, report_engine, reverse_eng, rfid_tools ... and 2 more
osint (7): adultscan, dossier, geoip, ipcapture, recon, snoop_decoder, yandex_osint
simulate (1): simulate
core (4): agent, agent_hal, chat, setup
hardware (4): android_apps, hardware_local, hardware_remote, iphone_local

Total modules: 73

2. Core API Reference

The core/ directory contains the framework backbone. Key modules:

core/agent.py

class AgentState — Agent execution states.
class AgentStep — Record of a single agent step.
class AgentResult — Result of an agent task execution.
get_steps_summary() — Get a formatted summary of all steps taken.

core/android_exploit.py

class AndroidExploitManager — All Android exploitation logic.
- Methods: list_packages, pull_apk, pull_app_data, extract_shared_prefs, full_device_dump, get_accounts, get_wifi_passwords, extract_call_logs
get_exploit_manager() —
list_packages(serial, include_system) — List installed packages. Returns [{package, path, is_system}].
pull_apk(serial, package) — Pull APK for a package.
pull_app_data(serial, package) — Pull app data (databases, shared_prefs, files). Tries run-as then root.
extract_shared_prefs(serial, package) — Extract shared_prefs XML files for a package.
full_device_dump(serial) — Full device reconnaissance dump.
get_accounts(serial) — Get accounts registered on device.
get_wifi_passwords(serial) — Extract saved WiFi passwords. Requires ROOT.

core/android_protect.py

class AndroidProtectManager — Anti-stalkerware / anti-spyware shield for Android devices.
- Methods: update_signatures, get_signature_stats, check_shizuku, install_shizuku, start_shizuku, stop_shizuku, shizuku_status, check_shield_app
get_android_protect_manager() —
update_signatures(url) — Download latest signatures from GitHub.
get_signature_stats() — Count known threats by category.
check_shizuku(serial) — Check Shizuku installation and status.
install_shizuku(serial, apk_path) — Install Shizuku APK via ADB.
start_shizuku(serial) — Start Shizuku service via ADB.
stop_shizuku(serial) — Stop Shizuku server process.
shizuku_status(serial) — Full Shizuku status check.

core/autonomy.py

class ActivityEntry — Single entry in the autonomy activity log.
- Methods: to_dict
class AutonomyDaemon — Background daemon for autonomous threat response.
- Methods: status, start, stop, pause, resume, get_activity, get_activity_count, subscribe
get_autonomy_daemon() — Get the global AutonomyDaemon instance.
reset_autonomy_daemon() — Stop and reset the global daemon.
to_dict() —
status() — Current daemon status.
start() — Start the autonomy daemon background thread.
stop() — Stop the daemon and wait for thread exit.
pause() — Pause rule evaluation (monitoring continues).
resume() — Resume rule evaluation.

core/banner.py

class Colors —
display_banner() — Print the AUTARCH banner to the console.
clear_screen() — Clear the terminal screen.

core/config.py

class Config — Configuration manager for AUTARCH settings.
- Methods: save, get, get_int, get_float, get_bool, set, is_first_run, mark_setup_complete
get_config() — Get the global configuration instance.
save() — Save the current configuration to file.
get(section, key, fallback) — Get a configuration value.
get_int(section, key, fallback) — Get a configuration value as integer.
get_float(section, key, fallback) — Get a configuration value as float.
get_bool(section, key, fallback) — Get a configuration value as boolean.
set(section, key, value) — Set a configuration value.
is_first_run() — Check if this is the first run of AUTARCH.

core/cve.py

class CVEDatabase — SQLite-based CVE Database with NVD API synchronization.
- Methods: get_system_info, get_db_stats, sync_database, sync_recent, search_cves, get_cve, get_system_cves, get_software_cves
get_cve_db() — Get the global CVE database instance.
get_system_info() — Get detected system information.
get_db_stats() — Get database statistics.
sync_database(days_back, full_sync, progress_callback, verbose) — Synchronize database with NVD.
sync_recent(days, verbose) — Quick sync of recent CVEs only.
search_cves(keyword, cpe_pattern, severity, min_score) — Search CVEs in local database.
get_cve(cve_id) — Get detailed information about a specific CVE.
get_system_cves(severity_filter, max_results) — Get CVEs relevant to the detected system.

core/discovery.py

class DiscoveryManager — Manages network discovery advertising for AUTARCH.
- Methods: get_status, start_mdns, stop_mdns, start_bluetooth, stop_bluetooth, start_all, stop_all, shutdown
get_discovery_manager(config) — Get or create the DiscoveryManager singleton.
get_status() — Get current discovery status for all methods.
start_mdns() — Start mDNS service advertisement.
stop_mdns() — Stop mDNS service advertisement.
start_bluetooth() — Start Bluetooth service advertisement.
stop_bluetooth() — Stop Bluetooth advertisement.
start_all() — Start all enabled discovery methods.
stop_all() — Stop all discovery methods.

core/dns_service.py

class DNSServiceManager — Manage the autarch-dns Go binary (start/stop/API calls).
- Methods: api_base, api_token, find_binary, is_running, start, stop, status, list_zones
get_dns_service() —
api_base() —
api_token() —
find_binary() — Find the autarch-dns binary.
is_running() — Check if the DNS service is running.
start() — Start the DNS service.
stop() — Stop the DNS service.
status() — Get service status.

core/hardware.py

class HardwareManager — Manages ADB, Fastboot, and Serial/ESP32 devices.
- Methods: get_status, adb_devices, adb_device_info, adb_shell, adb_shell_raw, adb_reboot, adb_install, adb_sideload
get_hardware_manager() —
get_status() — Get availability status of all backends.
adb_devices() — List connected ADB devices.
adb_device_info(serial) — Get detailed info about an ADB device.
adb_shell(serial, command) — Run a shell command on an ADB device.
adb_shell_raw(serial, command, timeout) — Run shell command without safety filter. For exploit modules.
adb_reboot(serial, mode) — Reboot an ADB device. mode: system, recovery, bootloader
adb_install(serial, apk_path) — Install an APK on device.

core/iphone_exploit.py

class IPhoneExploitManager — All iPhone USB exploitation logic using libimobiledevice.
- Methods: get_status, list_devices, device_info, device_info_brief, device_info_domain, pair_device, unpair_device, validate_pair
get_iphone_manager() —
get_status() — Get availability of libimobiledevice tools.
list_devices() — List connected iOS devices.
device_info(udid) — Get full device information.
device_info_brief(udid) — Get key device info (name, model, iOS version).
device_info_domain(udid, domain) — Get device info for a specific domain.
pair_device(udid) — Pair with device (requires user trust on device).
unpair_device(udid) — Unpair from device.

core/llm.py

class LLMError — Exception raised for LLM-related errors.
class LLM — Wrapper class for llama-cpp-python integration.
- Methods: is_loaded, model_name, load_model, unload_model, generate, chat, clear_history, get_history
class TransformersLLM — HuggingFace Transformers backend for safetensors models.
- Methods: is_loaded, model_name, load_model, unload_model, generate, chat, clear_history, get_history
get_llm() — Get the global LLM instance, auto-loading the model if needed.
detect_model_type(path) — Detect the type of model at the given path.
reset_llm() — Reset the global LLM instance (used when switching backends).
is_loaded() — Check if a model is currently loaded.
model_name() — Get the name of the currently loaded model.
load_model(model_path, verbose) — Load a GGUF model.
unload_model() — Unload the current model and free resources.
generate(prompt, max_tokens, temperature, top_p) — Generate text completion.

core/mcp_server.py

get_autarch_tools() — Build the list of AUTARCH tools to expose via MCP.
execute_tool(name, arguments) — Execute an AUTARCH tool and return the result as a string.
create_mcp_server() — Create and return the FastMCP server instance.
run_stdio() — Run the MCP server in stdio mode (for Claude Desktop / Claude Code).
run_sse(host, port) — Run the MCP server in SSE (Server-Sent Events) mode for web clients.
get_mcp_config_snippet() — Generate the JSON config snippet for Claude Desktop / Claude Code.
get_server_status() — Check if the MCP server is running.
start_sse_server(host, port) — Start the MCP SSE server in the background.

core/menu.py

class ModuleInfo — Information about a loaded module.
class MainMenu — Main menu handler for AUTARCH.
- Methods: print_status, load_modules, get_modules_by_category, get_status_line, display_menu, display_category_menu, run_module, show_settings
print_status(message, status) — Print a status message.
load_modules() — Load all available modules from the modules directory.
get_modules_by_category(category) — Get all modules in a specific category.
get_status_line() — Get the status line showing model and MSF status.
display_menu() — Display the main menu.
display_category_menu(category) — Display the submenu for a category.
run_module(module_name) — Run a specific module.
show_settings() — Display settings menu.

core/model_router.py

class ModelTier —
class _TierConfigProxy — Proxies Config but overrides the backend section for a specific model tier.
- Methods: get, get_int, get_float, get_bool, get_llama_settings, get_transformers_settings, get_claude_settings, get_huggingface_settings
class ModelRouter — Manages up to 3 concurrent LLM instances (SLM, SAM, LAM).
- Methods: status, load_tier, unload_tier, load_all, unload_all, get_instance, is_tier_loaded, classify
get_model_router() — Get the global ModelRouter instance.
reset_model_router() — Reset the global ModelRouter (unloads all models).
get(section, key, fallback) —
get_int(section, key, fallback) —
get_float(section, key, fallback) —
get_bool(section, key, fallback) —
get_llama_settings() —
get_transformers_settings() —

core/module_crypto.py

encrypt_module(source_code, password, metadata) — Encrypt a Python module source string.
decrypt_module(data, password) — Decrypt an .autarch blob.
encrypt_file(src, dst, password, metadata) — Encrypt a .py source file to a .autarch file.
decrypt_file(src, password) — Decrypt an .autarch file and return (source_code, metadata).
load_and_exec(path, password, module_name) — Decrypt and execute an encrypted module.
read_metadata(path) — Read only the metadata from an .autarch file without decrypting.
encrypt(key, iv, plaintext) —
decrypt(key, iv, ciphertext) —

core/msf.py

class MSFError — Exception raised for Metasploit-related errors.
class MSFModule — Information about a Metasploit module.
class MetasploitRPC — Client for Metasploit RPC API.
- Methods: is_connected, connect, disconnect, get_version, list_modules, search_modules, get_module_info, get_module_options
check_msgpack() — Check if msgpack is available, raise error if not.
get_msf_manager() — Get the global MSF manager instance.
msf_startup_autoconnect(skip_if_disabled) — Perform MSF autoconnect during application startup.
msf_quick_connect(username, password, host, port) — Quick non-interactive MSF server setup and connection.
is_connected() — Check if connected to MSF RPC.
connect(password) — Connect and authenticate to MSF RPC.
disconnect() — Disconnect from MSF RPC.
get_version() — Get Metasploit version info.

core/msf_interface.py

class MSFStatus — Status of an MSF operation.
class MSFResult — Result from an MSF module execution.
- Methods: success, get_summary
class MSFInterface — High-level interface for Metasploit operations.
- Methods: manager, is_connected, last_error, ensure_connected, run_module, run_scanner, get_module_info, get_module_options
get_msf_interface() — Get the global MSF interface instance.
success() —
get_summary() — Get a brief summary of the result.
manager() — Get or create the MSF manager.
is_connected() — Check if connected to MSF RPC.
last_error() — Get the last error message.
ensure_connected(password, auto_prompt) — Ensure we have a valid connection to MSF RPC.
run_module(module_path, options, timeout, auto_reconnect) — Execute an MSF module and return parsed results.

core/msf_modules.py

get_module_info(module_path) — Get information about a module.
get_module_description(module_path) — Get just the description for a module.
search_modules(query, max_results) — Search modules by keyword.
get_modules_by_type(module_type) — Get all modules of a specific type.
get_modules_by_tag(tag) — Get all modules with a specific tag.
get_modules_by_platform(platform) — Get all modules for a specific platform.
get_module_options(module_path) — Get the common options for a module.
format_module_help(module_path) — Get formatted help text for a module.

core/msf_terms.py

get_setting_info(name) — Get information about an MSF setting.
get_setting_description(name) — Get just the description for a setting.
get_setting_prompt(name, default, required) — Get a formatted input prompt for a setting.
format_setting_help(name, include_examples, include_notes) — Get a formatted help text for a setting.
get_settings_by_category(category) — Get all settings in a category.
get_common_settings() — Get list of most commonly used settings.
get_category_info(category) — Get information about a setting category.
list_all_settings() — Get list of all known setting names.

core/paths.py

is_frozen() — Return True if running from a PyInstaller bundle.
get_app_dir() — Return the writable application root directory.
get_bundle_dir() — Return the bundle directory (read-only assets: templates, static, default modules).
get_core_dir() —
get_modules_dir() — Return the bundled modules directory (read-only in frozen mode).
get_user_modules_dir() — Return the user modules directory (writable, next to exe).
get_data_dir() —
get_config_path() — Return config path. Writable copy lives next to the exe;

core/pentest_pipeline.py

class ParsingModule — Normalizes raw tool output into structured summaries.
- Methods: parse
class ReasoningModule — Maintains PTT and decides next actions.
- Methods: reason
class GenerationModule — Converts abstract tasks into concrete commands.
- Methods: generate
detect_source_type(output) — Auto-detect tool output type from content patterns.
parse(raw_output, source_type, context) — Parse raw tool output into normalized summary.
reason(parsed_output, context) — Three-step reasoning: update tree, validate, extract next todo.
generate(task_description, target, context) — Generate executable commands for a task.
process_output(raw_output, source_type) — Full pipeline: parse -> reason -> generate.
get_initial_plan() — Generate initial pentest plan for the target.
inject_information(info, source) — Inject external information and get updated recommendations.
discuss(question) — Ad-hoc question that doesn't affect the tree.

core/pentest_session.py

class PentestSessionState —
class SessionEvent — A single event in the session timeline.
- Methods: to_dict, from_dict
class PentestSession — Manages a single penetration testing session.
- Methods: start, pause, resume, complete, set_error, log_event, log_pipeline_result, add_finding
to_dict() —
from_dict(cls, data) —
start() — Initialize a new session.
pause() — Pause the session and save state.
resume() — Resume a paused session.
complete(summary) — Mark session as completed.
set_error(error_msg) — Mark session as errored.
log_event(event_type, data) — Log an event to the session timeline.

core/pentest_tree.py

class NodeStatus —
class PTTNodeType —
class PTTNode — A single node in the Penetration Testing Tree.
- Methods: to_dict, from_dict
to_dict() —
from_dict(cls, data) —
add_node(label, node_type, parent_id, details) — Add a node to the tree. Returns the new node's ID.
update_node(node_id, status, details, tool_output) — Update a node's properties. Returns True if found and updated.
delete_node(node_id) — Delete a node and all its children recursively.
get_node(node_id) —
get_next_todo() — Get the highest priority TODO node.
get_all_by_status(status) —

core/report_generator.py

class ReportGenerator — Generate HTML reports for OSINT scan results.
- Methods: generate_username_report, generate_geoip_report, generate_security_audit_report, generate_network_scan_report, generate_vulnerability_report, generate_pentest_report
get_report_generator(output_dir) — Get a ReportGenerator instance.
generate_username_report(username, results, total_checked, scan_time) — Generate HTML report for username scan.
generate_geoip_report(results) — Generate HTML report for GEO IP lookups.
generate_security_audit_report(system_info, issues, score) — Generate HTML report for security audit.
generate_network_scan_report(target, hosts, scan_time) — Generate HTML report for network scan.
generate_vulnerability_report(target, correlations, scan_time) — Generate HTML report for vulnerability scan.
generate_pentest_report(target, network_data, vuln_data, exploit_data) — Generate combined pentest report.
get_confidence_class(conf) —

core/revshell.py

class RevShellSession — Active reverse shell session with an Archon device.
- Methods: alive, device_name, android_version, uid, uptime, execute, execute_special, sysinfo
class RevShellListener — TCP listener for incoming Archon reverse shell connections.
- Methods: running, active_sessions, start, stop, get_session, list_sessions, remove_session, save_screenshot
get_listener() — Get or create the global RevShellListener singleton.
start_listener(host, port, token) — Start the global listener.
stop_listener() — Stop the global listener.
alive() —
device_name() —
android_version() —
uid() —
uptime() —

core/rsf.py

class RSFError — Custom exception for RouterSploit operations.
class RSFModuleInfo — Metadata for a RouterSploit module.
class RSFManager — Manager for RouterSploit framework operations.
- Methods: is_available, reset_cache, index_all_modules, get_module_count, get_modules_by_type, search_modules, load_module, get_module_options
get_rsf_manager() — Get the global RSFManager singleton instance.
is_available() — Check if RouterSploit is importable. Caches result.
reset_cache() — Reset cached state (availability, module index).
index_all_modules() — Discover all RSF modules. Returns list of dotted module paths.
get_module_count() — Get total number of indexed modules.
get_modules_by_type(module_type) — Filter modules by type (exploits, creds, scanners, payloads, encoders, generic).
search_modules(query) — Search modules by substring match on path.
load_module(path) — Load a RouterSploit module by path.

core/rsf_interface.py

class RSFStatus — Status codes for RSF operations.
class RSFResult — Result of an RSF module execution.
class RSFInterface — High-level interface for RouterSploit operations.
- Methods: ensure_available, is_available, module_count, list_modules, search_modules, get_module_info, get_module_options, check_module
get_rsf_interface() — Get the global RSFInterface singleton instance.
ensure_available() — Check that RSF is importable and available.
is_available() — Check if RSF is available without raising.
module_count() — Get total number of available modules.
list_modules(module_type) — List available modules, optionally filtered by type.
search_modules(query) — Search modules by keyword.
get_module_info(path) — Get metadata for a module.
get_module_options(path) — Get configurable options for a module.

core/rsf_modules.py

get_module_info(module_path) — Get curated module info by path.
get_module_description(module_path) — Get just the description for a module.
search_modules(query) — Search curated modules by keyword.
get_modules_by_type(module_type) — Get curated modules filtered by type.
format_module_help(module_path) — Format detailed help text for a module.
get_all_modules() — Get all curated modules.
get_type_info(module_type) — Get info about a module type.

core/rsf_terms.py

get_setting_info(name) — Get full setting information by name.
get_setting_prompt(name, default, required) — Get a formatted input prompt for a setting.
format_setting_help(name, include_examples, include_notes) — Get formatted help text for a setting.
validate_setting_value(name, value) — Validate a setting value against its type.

core/rules.py

class Rule — A single automation rule.
- Methods: to_dict, from_dict
class RulesEngine — Evaluates automation rules against a threat context.
- Methods: save, add_rule, update_rule, delete_rule, get_rule, get_all_rules, evaluate
to_dict() —
from_dict(cls, d) —
save() — Save rules to JSON file.
add_rule(rule) —
update_rule(rule_id, updates) —
delete_rule(rule_id) —
get_rule(rule_id) —
get_all_rules() —

core/sites_db.py

class SitesDatabase — Unified OSINT sites database with SQLite storage.
- Methods: get_stats, get_sites, get_site, search_sites, get_categories, get_sites_for_scan, get_site_by_url, toggle_site
get_sites_db() — Get the global sites database instance.
get_stats() — Get database statistics.
get_sites(category, include_nsfw, enabled_only, source) — Get sites from database.
get_site(name) — Get a specific site by name.
search_sites(query, include_nsfw, limit) — Search sites by name.
get_categories() — Get all categories with site counts.
get_sites_for_scan(categories, include_nsfw, max_sites, sort_alphabetically) — Get sites optimized for username scanning with detection patterns.
get_site_by_url(url_template) — Get a site by its URL template.

core/tools.py

class ToolParameter — Definition of a tool parameter.
class Tool — Definition of an agent tool.
- Methods: to_schema, execute
class ToolRegistry — Registry for managing available tools.
- Methods: register, unregister, get, list_tools, get_tools_schema, get_tools_prompt, execute
get_tool_registry() — Get the global tool registry.
to_schema() — Convert tool to JSON schema for LLM.
execute() — Execute the tool with given parameters.
register(tool) — Register a tool.
unregister(name) — Unregister a tool by name.
get(name) — Get a tool by name.
list_tools() — List all registered tools.
get_tools_schema() — Get JSON schema for all tools.

core/tray.py

class TrayManager — Manages the system tray icon and Flask server lifecycle.
- Methods: start_server, stop_server, restart_server, open_browser, quit, run
create_icon_image(size) — Load tray icon from .ico file, falling back to programmatic generation.
start_server() — Start the Flask web server in a background thread.
stop_server() — Stop the Flask web server.
restart_server() — Stop and restart the Flask web server.
open_browser() — Open the dashboard in the default web browser.
quit() — Stop server and exit the tray icon.

core/upnp.py

class UPnPManager — UPnP port forwarding manager wrapping the upnpc CLI.
- Methods: is_available, list_mappings, add_mapping, remove_mapping, get_external_ip, refresh_all, load_mappings_from_config, save_mappings_to_config
get_upnp_manager(config) — Get the global UPnP manager instance.
is_available() — Check if upnpc is installed.
list_mappings() — List current UPnP port mappings.
add_mapping(internal_ip, internal_port, external_port, protocol) — Add a UPnP port mapping.
remove_mapping(external_port, protocol) — Remove a UPnP port mapping.
get_external_ip() — Get the external IP via UPnP.
refresh_all() — Re-add all configured port mappings. Returns list of results.
load_mappings_from_config() — Load port mappings from config file.

core/wireguard.py

class WireGuardManager — WireGuard VPN + Remote ADB manager.
- Methods: is_available, get_server_status, start_interface, stop_interface, restart_interface, generate_keypair, generate_preshared_key, get_next_ip
get_wireguard_manager(config) —
is_available() — Check if wg binary exists.
get_server_status() — Parse wg show for interface info.
start_interface() — Start WireGuard interface with wg-quick.
stop_interface() — Stop WireGuard interface with wg-quick.
restart_interface() — Restart WireGuard interface.
generate_keypair() — Generate WireGuard keypair. Returns (private_key, public_key).
generate_preshared_key() — Generate WireGuard preshared key.

core/wireshark.py

class WiresharkManager — Packet capture and analysis using scapy + optional tshark.
- Methods: scapy_available, tshark_available, can_capture, get_status, list_interfaces, start_capture, stop_capture, get_capture_stats
get_wireshark_manager() — Get the global WiresharkManager instance.
scapy_available() —
tshark_available() —
can_capture() — Check if live capture is possible (needs root + libpcap).
get_status() — Get engine status.
list_interfaces() — List available network interfaces.
start_capture(interface, bpf_filter, duration, output_file) — Start packet capture in a background thread.
stop_capture() — Stop running capture.

Common Imports for Modules

# Colors and display
from core.banner import Colors, clear_screen, display_banner

# Configuration
from core.config import get_config

# LLM access
from core.llm import get_llm, LLMError

# Agent tools
from core.tools import get_tool_registry

# File paths
from core.paths import get_app_dir, get_data_dir, find_tool

# Hardware (ADB/Fastboot)
from core.hardware import get_hardware_manager

# Available Colors
Colors.RED, Colors.GREEN, Colors.YELLOW, Colors.BLUE,
Colors.MAGENTA, Colors.CYAN, Colors.WHITE, Colors.BOLD,
Colors.DIM, Colors.RESET

3. Web Route Patterns

Routes live in web/routes/. Each file defines a Flask Blueprint.

Blueprint Template

from flask import Blueprint, render_template, request, jsonify
from web.auth import login_required

myfeature_bp = Blueprint('myfeature', __name__, url_prefix='/myfeature')


@myfeature_bp.route('/')
@login_required
def index():
    return render_template('myfeature.html')


@myfeature_bp.route('/action', methods=['POST'])
@login_required
def action():
    data = request.get_json(silent=True) or {}
    # Process...
    return jsonify({'ok': True, 'result': ...})

Registration

In web/app.py, add:

from web.routes.myfeature import myfeature_bp
app.register_blueprint(myfeature_bp)

Existing Routes

ad_audit (22 routes)

GET / → index
POST /connect → connect
POST /disconnect → disconnect
GET /status → status
GET /users → users
... and 17 more

analyze (13 routes)

GET / → index
POST /file → analyze_file
POST /strings → extract_strings
POST /hash → hash_lookup
POST /log → analyze_log
... and 8 more

android_exploit (81 routes)

GET / → index
POST /apps/list → apps_list
POST /apps/pull-apk → apps_pull_apk
POST /apps/pull-data → apps_pull_data
POST /apps/shared-prefs → apps_shared_prefs
... and 76 more

android_protect (63 routes)

GET / → index
POST /scan/quick → scan_quick
POST /scan/full → scan_full
POST /scan/export → scan_export
POST /scan/stalkerware → scan_stalkerware
... and 58 more

anti_forensics (14 routes)

GET / → index
GET /capabilities → capabilities
POST /delete/file → delete_file
POST /delete/directory → delete_directory
POST /wipe → wipe_free_space
... and 9 more

api_fuzzer (12 routes)

GET / → index
POST /discover → discover
POST /openapi → parse_openapi
POST /fuzz → fuzz
POST /auth/bypass → auth_bypass
... and 7 more

archon (11 routes)

GET / → index
POST /shell → shell
POST /pull → pull
POST /push → push
GET /packages → packages
... and 6 more

auth_routes (4 routes)

GET,POST /login → login
POST /api/login → api_login
GET /api/check → api_check
GET /logout → logout

autonomy (16 routes)

GET / → index
GET /status → status
POST /start → start
POST /stop → stop
POST /pause → pause
... and 11 more

ble_scanner (12 routes)

GET / → index
GET /status → status
POST /scan → scan
GET /devices → devices
GET /device/<address> → device_detail
... and 7 more

c2_framework (13 routes)

GET /c2/ → index
GET /c2/listeners → list_listeners
POST /c2/listeners → start_listener
DELETE /c2/listeners/<name> → stop_listener
GET /c2/agents → list_agents
... and 8 more

chat (6 routes)

POST /chat → chat
POST /chat/reset → chat_reset
GET /chat/status → chat_status
POST /agent/run → agent_run
GET /agent/stream/<run_id> → agent_stream
... and 1 more

cloud_scan (8 routes)

GET / → index
POST /s3/enum → s3_enum
POST /gcs/enum → gcs_enum
POST /azure/enum → azure_enum
POST /services → exposed_services
... and 3 more

container_sec (16 routes)

GET / → index
GET /status → status
POST /docker/audit → docker_audit
GET /docker/containers → docker_containers
POST /docker/containers/<container_id>/audit → docker_container_audit
... and 11 more

counter (4 routes)

GET / → index
POST /scan → scan
POST /check/<check_name> → check
GET /logins → logins

dashboard (4 routes)

GET / → index
GET /manual → manual
GET /manual/windows → manual_windows
POST /api/modules/reload → reload_modules

deauth (14 routes)

GET / → index
GET /interfaces → interfaces
POST /monitor/start → monitor_start
POST /monitor/stop → monitor_stop
POST /scan/networks → scan_networks
... and 9 more

defense (51 routes)

GET / → index
GET /linux → linux_index
POST /linux/audit → linux_audit
POST /linux/check/<check_name> → linux_check
GET /linux/firewall/rules → linux_firewall_rules
... and 46 more

dns_service (51 routes)

GET / → index
GET /nameserver → nameserver
GET /network-info → network_info
GET /nameserver/binary-info → binary_info
POST /nameserver/query → query_test
... and 46 more

email_sec (12 routes)

GET / → index
POST /domain → analyze_domain
POST /spf → check_spf
POST /dmarc → check_dmarc
POST /dkim → check_dkim
... and 7 more

encmodules (8 routes)

GET / → index
POST /upload → upload
POST /verify → verify
POST /run → run_module
GET /stream/<run_id> → stream
... and 3 more

exploit_dev (12 routes)

GET / → index
POST /shellcode → shellcode
GET /shellcodes → list_shellcodes
POST /encode → encode
POST /pattern/create → pattern_create
... and 7 more

forensics (10 routes)

GET / → index
POST /hash → hash_file
POST /verify → verify_hash
POST /image → create_image
POST /carve → carve_files
... and 5 more

hack_hijack (10 routes)

GET /hack-hijack/ → index
POST /hack-hijack/scan → start_scan
GET /hack-hijack/scan/<job_id>/stream → scan_stream
GET /hack-hijack/scan/<job_id> → scan_status
POST /hack-hijack/takeover → attempt_takeover
... and 5 more

hardware (25 routes)

GET / → index
GET /status → status
GET /adb/devices → adb_devices
POST /adb/info → adb_info
POST /adb/shell → adb_shell
... and 20 more

incident_resp (19 routes)

GET / → index
POST /incidents → create_incident
GET /incidents → list_incidents
GET /incidents/<incident_id> → get_incident
PUT /incidents/<incident_id> → update_incident
... and 14 more

ipcapture (12 routes)

GET /ipcapture/ → index
GET /ipcapture/links → list_links
POST /ipcapture/links → create_link
GET /ipcapture/links/<key> → get_link
DELETE /ipcapture/links/<key> → delete_link
... and 7 more

iphone_exploit (35 routes)

GET / → index
POST /devices → list_devices
POST /device-info → device_info
POST /fingerprint → fingerprint
POST /pair → pair
... and 30 more

llm_trainer (18 routes)

GET / → index
POST /deps → check_deps
POST /deps/install → install_deps
POST /scan → scan_codebase
POST /dataset/generate → generate_dataset
... and 13 more

loadtest (7 routes)

GET / → index
POST /start → start
POST /stop → stop
POST /pause → pause
POST /resume → resume
... and 2 more

log_correlator (10 routes)

GET / → index
POST /ingest/file → ingest_file
POST /ingest/text → ingest_text
GET /search → search
GET,DELETE /alerts → alerts
... and 5 more

malware_sandbox (9 routes)

GET / → index
GET /status → status
POST /submit → submit
GET /samples → samples
POST /static → static_analysis
... and 4 more

mitm_proxy (16 routes)

GET / → index
POST /start → start
POST /stop → stop
GET /status → status
POST /ssl-strip → ssl_strip
... and 11 more

module_creator (7 routes)

GET / → index
GET /templates → templates
POST /create → create
POST /validate → validate
GET /list → list_modules
... and 2 more

msf (4 routes)

GET / → index
GET /status → status
POST /connect → connect
POST /console/send → console_send

net_mapper (9 routes)

GET /net-mapper/ → index
POST /net-mapper/discover → discover
GET /net-mapper/discover/<job_id> → discover_status
POST /net-mapper/scan-host → scan_host
POST /net-mapper/topology → build_topology
... and 4 more

network (15 routes)

GET / → index
POST /connections → connections
POST /arp-table → arp_table
POST /interfaces → interfaces
POST /ids/scan → ids_scan
... and 10 more

offense (15 routes)

GET / → index
GET /status → status
POST /connect → connect
POST /disconnect → disconnect
POST /server/start → start_server
... and 10 more

osint (11 routes)

GET / → index
GET /categories → get_categories
GET /stats → db_stats
GET /search/stream → search_stream
GET /dossiers → list_dossiers
... and 6 more

password_toolkit (13 routes)

GET /password-toolkit/ → index
POST /password-toolkit/identify → identify_hash
POST /password-toolkit/crack → crack_hash
GET /password-toolkit/crack/<job_id> → crack_status
POST /password-toolkit/generate → generate
... and 8 more

phishmail (35 routes)

GET / → index
POST /send → send
POST /validate → validate
GET /campaigns → list_campaigns
POST /campaigns → create_campaign
... and 30 more

pineapple (23 routes)

GET / → index
GET /interfaces → interfaces
GET /tools → tools_status
POST /start → start_ap
POST /stop → stop_ap
... and 18 more

port_scanner (5 routes)

GET / → index
POST /start → start_scan
GET /stream/<job_id> → stream
GET /result/<job_id> → get_result
POST /cancel/<job_id> → cancel_scan

rcs_tools (79 routes)

GET / → index
GET /status → status
GET /device → device
GET /shizuku → shizuku
GET /archon → archon
... and 74 more

report_engine (11 routes)

GET /reports/ → index
GET /reports/list → list_reports
POST /reports/create → create_report
GET /reports/<report_id> → get_report
PUT /reports/<report_id> → update_report
... and 6 more

reverse_eng (13 routes)

GET / → index
POST /analyze → analyze
POST /strings → strings
POST /disassemble → disassemble
POST /hex → hex_dump
... and 8 more

revshell (18 routes)

GET / → index
POST /listener/start → listener_start
POST /listener/stop → listener_stop
POST /listener/status → listener_status
POST /sessions → list_sessions
... and 13 more

rfid_tools (14 routes)

GET / → index
GET /tools → tools_status
POST /lf/search → lf_search
POST /lf/read/em410x → lf_read_em
POST /lf/clone → lf_clone
... and 9 more

sdr_tools (22 routes)

GET / → index
GET /devices → devices
POST /spectrum → spectrum
POST /capture/start → capture_start
POST /capture/stop → capture_stop
... and 17 more

settings (29 routes)

GET / → index
POST /password → change_password
POST /osint → update_osint
POST /upnp → update_upnp
POST /llm → update_llm
... and 24 more

simulate (7 routes)

GET / → index
POST /password → password_audit
POST /portscan → port_scan
POST /banner → banner_grab
POST /payloads → generate_payloads
... and 2 more

sms_forge (21 routes)

GET / → index
GET /status → status
GET /messages → messages
POST /sms → add_sms
POST /mms → add_mms
... and 16 more

social_eng (18 routes)

GET / → index
POST /clone → clone_page
GET /pages → list_pages
GET /pages/<page_id> → get_page
DELETE /pages/<page_id> → delete_page
... and 13 more

starlink_hack (29 routes)

GET / → index
GET /status → status
POST /discover → discover
GET /dish-status → dish_status
GET /dish-info → dish_info
... and 24 more

steganography (8 routes)

GET / → index
GET /capabilities → capabilities
POST /capacity → capacity
POST /hide → hide
POST /extract → extract
... and 3 more

targets (7 routes)

GET / → index
POST /add → add
POST /update/<tid> → update
POST /delete/<tid> → delete
POST /status/<tid> → set_status
... and 2 more

threat_intel (13 routes)

GET / → index
GET,POST,DELETE /iocs → iocs
POST /iocs/import → import_iocs
GET /iocs/export → export_iocs
GET /iocs/detect → detect_type
... and 8 more

upnp (5 routes)

GET / → index
POST /refresh → refresh
POST /add → add
POST /remove → remove
POST /cron → cron

vuln_scanner (10 routes)

GET / → index
POST /scan → start_scan
GET /scan/<job_id> → get_scan
GET /scans → list_scans
DELETE /scan/<job_id> → delete_scan
... and 5 more

webapp_scanner (7 routes)

GET /web-scanner/ → index
POST /web-scanner/quick → quick_scan
POST /web-scanner/dirbust → dir_bruteforce
GET /web-scanner/dirbust/<job_id> → dirbust_status
POST /web-scanner/subdomain → subdomain_enum
... and 2 more

wifi_audit (18 routes)

GET / → index
GET /tools → tools_status
GET /interfaces → interfaces
POST /monitor/enable → monitor_enable
POST /monitor/disable → monitor_disable
... and 13 more

wireguard (25 routes)

GET / → index
POST /server/status → server_status
POST /server/start → server_start
POST /server/stop → server_stop
POST /server/restart → server_restart
... and 20 more

wireshark (14 routes)

GET / → index
GET /status → status
GET /interfaces → interfaces
POST /capture/start → capture_start
POST /capture/stop → capture_stop
... and 9 more

4. Template Patterns

Templates live in web/templates/ and use Jinja2 extending base.html.

Template Structure

{%% extends "base.html" %%}
{%% block title %%}Feature Name - AUTARCH{%% endblock %%}

{%% block content %%}
<div class="page-header">
    <h1>Feature Name</h1>
</div>

<div class="section">
    <h2>Section Title</h2>
    <!-- Content here -->
</div>

<script>
// JS for this page
</script>
{%% endblock %%}

CSS Variables Available

--bg-main, --bg-card, --bg-secondary, --bg-input
--text-primary, --text-secondary, --text-muted
--accent (green), --danger (red), --border
--radius (border radius), --success (green)

Common UI Patterns

Tab bar: <div class="tab-bar"><button class="tab active">Tab 1</button></div>
Card: <div style="border:1px solid var(--border);background:var(--bg-card);border-radius:var(--radius);padding:0.85rem 1rem">
Table: <table class="data-table"><thead>...</thead><tbody>...</tbody></table>
Button: <button class="btn btn-primary btn-sm">Action</button>
Form: <div class="form-group"><label>...</label><input ...><small>Help text</small></div>

Templates (74 total)

ad_audit.html (extends: base.html)
analyze.html (extends: base.html)
android_exploit.html (extends: base.html)
android_protect.html (extends: base.html)
anti_forensics.html (extends: base.html)
api_fuzzer.html (extends: base.html)
archon.html (extends: base.html)
autonomy.html (extends: base.html)
base.html (extends: none)
ble_scanner.html (extends: base.html)
c2_framework.html (extends: base.html)
category.html (extends: base.html)
cloud_scan.html (extends: base.html)
container_sec.html (extends: base.html)
counter.html (extends: base.html)
dashboard.html (extends: base.html)
deauth.html (extends: base.html)
defense.html (extends: base.html)
defense_linux.html (extends: base.html)
defense_monitor.html (extends: base.html)
defense_windows.html (extends: base.html)
dns_nameserver.html (extends: base.html)
dns_service.html (extends: base.html)
email_sec.html (extends: base.html)
encmodules.html (extends: base.html)
exploit_dev.html (extends: base.html)
forensics.html (extends: base.html)
hack_hijack.html (extends: base.html)
hardware.html (extends: base.html)
hash_detection.html (extends: base.html)
incident_resp.html (extends: base.html)
ipcapture.html (extends: base.html)
iphone_exploit.html (extends: base.html)
legendary_creator.html (extends: base.html)
llm_settings.html (extends: base.html)
llm_trainer.html (extends: base.html)
loadtest.html (extends: base.html)
log_correlator.html (extends: base.html)
login.html (extends: base.html)
malware_sandbox.html (extends: base.html)
manual.html (extends: base.html)
mcp_settings.html (extends: base.html)
mitm_proxy.html (extends: base.html)
module_creator.html (extends: base.html)
msf.html (extends: base.html)
net_mapper.html (extends: base.html)
network.html (extends: base.html)
offense.html (extends: base.html)
osint.html (extends: base.html)
password_toolkit.html (extends: base.html)
phishmail.html (extends: base.html)
pineapple.html (extends: base.html)
port_scanner.html (extends: base.html)
rcs_tools.html (extends: base.html)
report_engine.html (extends: base.html)
reverse_eng.html (extends: base.html)
revshell.html (extends: base.html)
rfid_tools.html (extends: base.html)
sdr_tools.html (extends: base.html)
settings.html (extends: base.html)
simulate.html (extends: base.html)
sms_forge.html (extends: base.html)
social_eng.html (extends: base.html)
starlink_hack.html (extends: base.html)
steganography.html (extends: base.html)
system_deps.html (extends: base.html)
targets.html (extends: base.html)
threat_intel.html (extends: base.html)
upnp.html (extends: base.html)
vuln_scanner.html (extends: base.html)
webapp_scanner.html (extends: base.html)
wifi_audit.html (extends: base.html)
wireguard.html (extends: base.html)
wireshark.html (extends: base.html)

5. Configuration System

Config is managed by core/config.py using Python's configparser. File: autarch_settings.conf (INI format).

Config Sections

[llama]: model_path, n_ctx, n_threads, n_gpu_layers, gpu_backend, temperature, top_p, top_k ... +3 more
[autarch]: first_run, modules_path, verbose, quiet, no_banner, llm_backend
[claude]: api_key, model, max_tokens, temperature
[osint]: max_threads, timeout, include_nsfw
[pentest]: max_pipeline_steps, output_chunk_size, auto_execute, save_raw_output
[transformers]: model_path, device, torch_dtype, load_in_8bit, load_in_4bit, trust_remote_code, max_tokens, temperature ... +3 more
[rsf]: install_path, enabled, default_target, default_port, execution_timeout
[upnp]: enabled, internal_ip, refresh_hours, mappings
[web]: host, port, secret_key, mcp_port
[mcp]: enabled, auto_start, transport, host, port, log_level, instructions, auth_enabled ... +16 more
[revshell]: enabled, host, port, auto_start
[slm]: enabled, backend, model_path, n_ctx, n_gpu_layers, n_threads
[sam]: enabled, backend, model_path, n_ctx, n_gpu_layers, n_threads
[lam]: enabled, backend, model_path, n_ctx, n_gpu_layers, n_threads
[agents]: backend, local_max_steps, local_verbose, claude_enabled, claude_model, claude_max_tokens, claude_max_steps, openai_enabled ... +4 more
[autonomy]: enabled, monitor_interval, rule_eval_interval, max_concurrent_agents, threat_threshold_auto_respond, log_max_entries

Usage in Code

from core.config import get_config
config = get_config()

# Read values
val = config.get('section', 'key', 'default')
num = config.get_int('section', 'key', 0)
flt = config.get_float('section', 'key', 0.0)
bol = config.get_bool('section', 'key', False)

# Write values
config.set('section', 'key', 'value')
config.save()

# Typed getters
config.get_llama_settings()      # dict
config.get_claude_settings()     # dict
config.get_mcp_settings()        # dict
config.get_agents_settings()     # dict
config.get_autonomy_settings()   # dict

Edit web/templates/base.html. The sidebar has sections:

Top (Dashboard, Port Scanner, Targets)
Categories (Defense, Offense, Counter, Analyze, OSINT, Simulate)
Network (Network Security, Wireshark, Net Mapper)
Tools (Create Module, Enc Modules, Hardware, exploits, Shield, etc.)
System (UPnP, WireGuard, MSF Console, DNS, Settings, etc.)

Add a nav item:

<li><a href="{{ url_for('myfeature.index') }}"
       class="{% if request.blueprint == 'myfeature' %}active{% endif %}">
    My Feature</a></li>

Sub-items use: style="padding-left:1.5rem;font-size:0.85rem" with └ prefix.

7. MCP Tool System

Tools exposed via Model Context Protocol (MCP) are defined in core/mcp_server.py. To add a new MCP tool:

# In create_mcp_server(), add:
@mcp.tool()
def my_tool(param1: str, param2: int = 10) -> str:
    """Description of what the tool does."""
    return execute_tool('my_tool', {'param1': param1, 'param2': param2})

# In execute_tool(), add the handler:
elif name == 'my_tool':
    return _run_my_tool(arguments)

# Implement the handler:
def _run_my_tool(args: dict) -> str:
    # ... implementation
    return json.dumps({'result': ...})

52 KiB Raw Blame History