ShadowCypher

Encrypted Chat

Don't have an account? Sign Up

Create Account

Join ShadowCypher Chat

Already have an account? Sign In
v3.0.0 · Build verified

Privacy without
trusting anyone.

Most VPNs just move the trust problem — now you're trusting a company instead of your ISP. ShadowCypher routes everything through Tor so there's no company to trust at all. No logs because there's nothing to log. No subscription. Runs entirely on your machine.

See how it works Download
// DEMO: install the agent to see your real network events here
GUARDIAN // NETWORK MONITOR
LIVE
// NETWORK SCAN · 192.168.1.0/24 last scan: 2m ago
IPDEVICEOSSTATUS
192.168.1.1ASUS RT-AX88U [Router]LinuxOK
192.168.1.4DESKTOP-SC01 [This machine]LinuxOK
192.168.1.9Galaxy S24 UltraAndroidOK
192.168.1.17MacBook Pro M3macOSOK
192.168.1.23UNKNOWN DEVICE [ARP ANOMALY]⚠ ALERT
INCIDENT: ARP spoof detected — 192.168.1.23 claiming gateway MAC
29
MODULES
8
GHOST LAYERS
5
PLATFORMS
9
MCP TOOLS
// THE PLATFORM

Five tools. One sovereign stack.

ShadowCypher isn't a single app. It's a multi-platform security environment where every component talks to every other. Run an engagement on desktop, monitor your LAN from your phone, get alerted when something moves.

v0.1.0
ARCH LINUX · HYPRLAND · LIVE ISO

ShadowOS

An Arch-based live/installable ISO. Pentest tools, dev environment, and gaming — all in one hardened OS. Hyprland compositor, custom Plymouth boot, 6 hot-swap security modes. ShadowCypher pre-installed.

→ 250+ packages (blackarch + AUR)
→ 6 modes: normal/dev/pentest/privacy/ghost/undercover
→ Nmap, Metasploit, Hydra, Aircrack-ng...
→ Steam, Lutris, MangoHUD, GameMode
→ Ollama + ShadowCypher pre-loaded
Try it yourself →
LINUX · PYTHON · GTK3

Desktop Command Center

Full GTK3 desktop app with a real-time Cairo HUD, network war-map, AI inference via Ollama, and 29 offensive/defensive modules. Where missions are planned and executed.

→ NEXUS-COMMAND dashboard
→ ShadowScript mission DSL
→ Ghost Protocol (8 layers)
→ Phishing Forge (35 templates)
→ C2 Command Center
ANDROID · CAPACITOR

ShadowCypher Guardian

The full web dashboard wrapped in a native Android app. Device inventory, CVE matches against your gear, real-time incident alerts, and Guardian agent management — from your pocket.

→ Network device inventory
→ CVE matching by device
→ ARP spoof / rogue AP alerts
→ Live threat feed
→ Push notifications
ANDROID · ASSIST OVERLAY

Shadow Assistant

Replaces Bixby, Siri, and Google Assistant. Set as your default Assist app — long-press Home to invoke the translucent overlay. STT → AI → TTS. Your phone, your AI.

→ Transparent overlay (no UI chrome)
→ On-device STT + cloud AI
→ Works on lock screen
→ Replaces default assistant
→ 769KB — no bloat
DAEMON · LINUX / MACOS / WIN

Guardian Agent

A lightweight Python daemon that runs on any machine on your LAN. Scans your network every 10 minutes, fingerprints devices, detects threats, and reports to your dashboard and phone.

curl -sSL https://shadowcypher.site/agent/install.sh | bash
shadow-agent init && shadow-agent run
PWA · CLOUDFLARE · SUPABASE

Web Dashboard

This site. A zero-dependency PWA — no framework, no React, no bundle step. Sign in from any browser, see your network state, manage your account, receive alerts. Installable on desktop or mobile.

→ Supabase auth + real-time
→ Cloudflare Worker API
→ PWA installable
→ 0 npm dependencies
// DATA FLOW

How everything connects.

Every component talks to every other. Run a mission on desktop, agent scans your LAN, events hit the API, and your phone lights up — all in real time.

DESKTOP APP
Run missions,
Ghost mode,
AI terminal
AGENT DAEMON
Scans LAN
every 10 min,
any platform
API / SUPABASE
Store events,
match CVEs,
edge delivery
DASHBOARD
Web + Android
visibility,
real-time
PUSH ALERT
Notified
instantly on
any device
// EXPLORE

Everything available to you.

01 // ARSENAL
Tactical Modules
29 offensive + defensive tools. Recon, payloads, OSINT, wireless, credentials, C2.
Explore →
02 // GHOST
Ghost Protocol
8-layer anonymity: Tor, iptables kill-switch, MAC randomization, RAM workspace, log suppression.
Explore →
03 // GUARDIAN
Network Monitor
Live LAN scanner. Device inventory, CVE matching, ARP spoof detection, threat feed.
Explore →
04 // DOWNLOAD
Android Apps
Guardian APK + Shadow APK. Sideload-ready, direct from GitHub Releases.
Download →
05 // PRO
Pricing
Community free forever. Guardian Pro $9.99/mo. Operator $49/mo. 14-day trial.
View plans →
06 // ACCOUNT
Sign In
Create an account or sign in to access your Guardian dashboard and agent data.
Sign in →
// DESIGN PRINCIPLES

Not built for the cloud.
Built for the operator.

Most security tools phone home. ShadowCypher doesn't. The desktop app runs entirely offline — Ollama for AI inference, local SQLite for state. The agent daemon runs on your hardware. You own your data.

When you do use the cloud (dashboard, push alerts), it's Cloudflare Workers at the edge — your data never touches a central server.

01
Zero telemetry
No analytics, no crash reporting, no usage data. The code is open source — verify it yourself.
02
Cryptographic identity
RSA-4096 key pairs. AES-256-GCM chat. X25519 forward secrecy. Every sensitive surface is encrypted.
03
Local-first AI
AI inference via Ollama runs on your machine. No API keys, no OpenAI, no data leaves your box.
04
Open source
Full source on GitHub. Clone, audit, fork. Community edition is free forever.

Tactical Arsenal

29 purpose-built offensive and defensive modules across six mission areas. Every tool was built because it was needed in the field — no fluff, no overlap.

RECON EXPLOIT GHOST C2 COMMS DSL
CATEGORY 01
Command & Control
MODULE 01

NEXUS-COMMAND

The main desktop HUD. Real-time Cairo gauges for CPU, RAM, network I/O. AI inference via local Ollama. Network topology war-map with live host discovery.

PYTHON · GTK3 · CAIRO · OLLAMA
Capabilities
  • → Live system telemetry dashboard
  • → Quantum-Core AI deep analysis
  • → Network war-map (Nmap + Cairo)
  • → Admin god panel (encrypted)
  • → Lazy-loaded page architecture
AI Integration
# Natural language security ops
shadow > scan my network
shadow > am I anonymous?
shadow > engage ghost mode
CATEGORY 02
Reconnaissance & Intelligence
MODULE 02

COVERT-INTEL

Reconnaissance and OSINT. Fingerprint targets, discover infrastructure, sweep for vulnerabilities, and correlate findings with ExploitDB.

NMAP · SHERLOCK · NUCLEI · EXPLOITDB
Tools
  • → Nmap service + OS fingerprinting
  • → Sherlock — 300+ platform OSINT
  • → Nuclei vulnerability sweep
  • → Infrastructure recon (DNS, SSL)
  • → ExploitDB CVE correlation
Output
  • → JSON + Markdown reports
  • → Severity-ranked findings
  • → CVE IDs with CVSS scores
  • → Exportable to ShadowScript
CATEGORY 03
Offensive Operations
MODULE 03

OFFENSIVE-LAB

Full red-team lab. AI-powered payload gen, web app attacks, wireless auditing, credential cracking, and the Phishing Forge with 35 enterprise templates.

HYDRA · HASHCAT · AIRCRACK · PHP
Offensive
  • → DeepHat Apex (AI payload gen)
  • → SQL injection, XSS, SSRF, IDOR
  • → Hydra credential brute-force
  • → Hashcat GPU hash cracking
  • → Aircrack-ng wireless attacks
Phishing Forge
  • → 35 enterprise phishing templates
  • → Live PHP server on custom port
  • → Real-time credential capture
  • → Office365, Google, Outlook, AWS
  • → One-click stop/start control
CATEGORY 04
Cryptography & Secure Comms
MODULE 04

SOVEREIGN-OPS

Encrypted communications and integrity assurance. Zero-knowledge chat, binary integrity verification, and RSA-4096 cryptographic identity.

AES-256-GCM · X25519 · RSA-4096 · GO
Cryptography
  • → AES-256-GCM encrypted chat
  • → X25519 forward secrecy
  • → RSA-4096 admin identity keys
  • → Go WebSocket relay node
  • → Zero message persistence
Integrity
  • → Sisyphus integrity sentinel
  • → Binary hash verification
  • → Honeypot trap deployment
  • → Canary token generator
CATEGORY 05
AI Operations & Automation
MODULE 05

SHADOW-CLI

Natural language AI terminal. Type what you want to do; Shadow figures out the toolchain and executes it. 9 MCP tools wired to the full arsenal.

PYTHON · ANTHROPIC API · MCP · OAUTH2
9 MCP Tools
  • → network_scan (Nmap)
  • → ghost_mode (toggle)
  • → osint_lookup (Sherlock)
  • → anonymity_check
  • → payload_gen + vuln_scan
Auth
shadow-agent init
# OAuth2 device flow
# no copy-paste keys
MODULE 06

SHADOWSCRIPT

A purpose-built tactical scripting DSL. Hand-written lexer, recursive descent parser, and tree-walking interpreter. Orchestrate multi-tool missions in a single .shadow file.

PYTHON · CUSTOM LEXER · CUSTOM PARSER
Example mission file
TARGET 192.168.1.0/24
SWARM recon.nmap → fingerprint all live hosts
STRIKE exploit.nuclei → sweep for CVEs
AI "Summarize critical findings"
!echo Mission complete
Runs with python3 engine.py mission.shadow. Modules bridge directly to the arsenal — no glue code needed.
CATEGORY 06
C2 Framework
MODULE 07

C2 COMMAND CENTER

Multi-listener C2 controller with session management and payload generation. Start, stop, and monitor listeners across ports and protocols from a single panel.

PYTHON · METASPLOIT BRIDGE · GTK3
Listener control
  • → TCP / HTTP / HTTPS listeners
  • → Live session table
  • → Per-session interaction
  • → One-click start / stop / kill
Payloads
  • → Windows / Linux / macOS / Android
  • → Meterpreter + raw shell
  • → Staged + stageless
  • → Custom LHOST / LPORT
All modules are open source. View full source on GitHub →

Ghost Mode

If you came here looking for a VPN alternative — this is what you want. Ghost Mode routes all your traffic through Tor, not just your browser. Your MAC address gets randomized. DNS is locked so nothing leaks outside Tor. If the connection drops, iptables kills it — no accidental cleartext. One command on, one command off, one command to verify it's working.

The fundamental difference from a VPN: there's no company in the middle. With a VPN, you're just moving your trust from your ISP to the VPN provider — and hoping they mean it when they say "no logs." With Tor, the architecture itself makes logging your traffic impossible for any single party. No promises required.

Honest tradeoff: Tor is slower than a VPN. If you're streaming or gaming, that'll be noticeable. Ghost Mode is built for privacy when you actually need it — research, sensitive browsing, anything where you'd rather be slow and invisible than fast and trackable.

VPN vs GHOST MODE
FEATURE
NORDVPN / PROTONVPN
SHADOWCYPHER GHOST
Hides your IP
✓ (VPN server sees it)
✓ (Tor exit node, not you)
No logs
They promise. Trust them?
Runs locally. Nothing to log.
MAC randomization
✗ Not included
✓ Layer 3
DNS leak prevention
Varies by client
✓ Locked by iptables
Kill-switch
App-level (bypassable)
✓ Kernel-level iptables
Cost
$4–$12/month
Free. Always.
Speed
Fast (single hop)
Slower (3 Tor hops) — tradeoff for real anonymity
Open source
Partially / closed
✓ Fully. Read every line.

Get private in 60 seconds

01
Install ShadowCypher
Clone the repo and run the installer. Takes about 2 minutes on any Linux machine. Tor is set up automatically.
git clone github.com/jakes1345/ShadowCypher
02
Run one command
Ghost Mode engages 8 layers at once — Tor routing, kill-switch, MAC change, DNS lockdown. Everything.
sudo python3 ghost_mode.py engage
03
Verify it's working
Shadow Audit checks every layer — IP, DNS, MAC, hostname, firewall. It tells you exactly what's exposed and fixes it.
python3 shadow_audit.py

What's running under the hood

8 LAYERS, ALL AT ONCE

  • 01 // Tor transparent redirect — all traffic, not just browser
  • 02 // iptables kill-switch — connection dies if Tor drops
  • 03 // MAC randomization — new hardware identity
  • 04 // Hostname neutralization — nothing to fingerprint
  • 05 // Timezone → UTC — no timezone leaks
  • 06 // DNS leak prevention — no queries leaving Tor
  • 07 // RAM-only workspace — nothing written to disk
  • 08 // Log suppression — system logs paused

TRAFFIC MIRAGE

Makes Tor traffic look like normal HTTPS using obfs4 bridges — useful in countries or networks that block Tor. Adds cover traffic and timing noise to defeat correlation attacks.

EMERGENCY WIPE

One command destroys all keys, session data, logs, and configs. 7-pass file shredding. If you need to disappear fast, this is the button.

SHADOW AUDIT

Runs after Ghost Mode to verify every layer actually worked. Checks real DNS resolution, confirms your IP is a Tor exit node, validates firewall rules. Gives you a score and fixes what's broken.

FULL COMMAND REFERENCE
sudo python3 ghost_mode.py engage     # Go dark — all 8 layers
sudo python3 ghost_mode.py disengage  # Back to normal
python3 shadow_audit.py              # Verify every layer
python3 dead_drop.py panic            # Emergency wipe

Guardian

Continuous network monitoring from a daemon running on your machine. Discovers every device, detects ARP spoofing, router exposure, and unauthorized access — all surfaced here in real time.

No agent connected
Devices: Open incidents: Last scan:
Your live Guardian dashboard
Sign in to see your real network — devices, threats, CVE matches, and push alerts in real time.

// Install Guardian Agent

Run this on any Linux or macOS machine on your network. It will scan every 10 minutes and report back here.

STEP 1 — DOWNLOAD & INSTALL
curl -sSL https://shadowcypher.site/agent/install.sh | bash
STEP 2 — CONNECT YOUR ACCOUNT
shadow-agent init
STEP 3 — START MONITORING
shadow-agent run

Or manually: view agent source on GitHub

// Network devices

No devices yet — install the agent to start scanning.

// Incidents

No incidents yet — install the Guardian agent to start receiving real alerts.

// Recent scans

No scans yet.

// CVE Alerts matched against your devices

No CVE matches yet — the agent checks hourly.

// CVE Threat Feed

— CRITICAL — HIGH
Loading CVE feed…

Rooms

Loading rooms...

Select a room

No room selected

0 online

Select a room to start chatting

Messages encrypted with AES-256-GCM

// DOWNLOADS

Two Android apps. One monitors your network from the shadows. The other replaces your assistant.

SECURITY v1.1
ANDROID · NATIVE COMPOSE

ShadowCypher Guardian

Native Jetpack Compose UI. Network scanner, device inventory, CVE matching, incident alerts, background sync, remote ShadowScript mission execution. v1.1 — device detail modal, CVE alerts panel, scan history timeline, incident detail modal, PagerDuty + OpsGenie webhook support.

Native Compose Remote missions Hardened
v1.1 · 4.4MB · Android 7.0+
↓ DOWNLOAD APK View on GitHub →
SECURITY v1.1
ANDROID · VOICE ASSISTANT

Shadow

Replaces Bixby, Google Assistant, and Siri. Auth'd with your API key, pulls live Guardian context before every response. v1.1 — standalone APK (no Guardian dependency), Capacitor push notification wiring, improved STT accuracy.

Guardian-aware Offline STT Hardened
v1.1 · 769KB · Android 7.0+
↓ DOWNLOAD APK View on GitHub →
// SIDELOAD INSTRUCTIONS
1. Enable Install unknown apps in Android Settings → Apps → Special app access
2. Open the downloaded .apk file and tap Install
3. For Shadow: Settings → Default Apps → Assist app → select Shadow
4. For Guardian monitoring: install the Guardian agent on a machine on your LAN
// GUARDIAN AGENT (Linux / macOS / Windows)
$ pip install requests
$ python3 shadowcypher_agent.py init  # paste your API key
$ python3 shadowcypher_agent.py run   # runs in foreground

Get your API key from Account → API Key. The agent auto-updates and ships data every 10 minutes.

// SOVEREIGN OPERATING SYSTEM

ShadowOS

An Arch Linux-based live/installable ISO. Enterprise pentest platform, developer workstation, and gaming rig — all in one hardened OS with a custom Hyprland compositor, branded boot sequence, and ShadowCypher pre-installed at /opt/shadowcypher.

v0.1.0 ISO VERIFIED · ~7.4 GB x86_64 · UEFI + BIOS BUILD YOUR OWN
PENTEST ARSENAL
nmap · sqlmap · hydra · metasploit
aircrack-ng · bettercap · john · hashcat
rustscan · ffuf · feroxbuster · subfinder
impacket · netexec · mitmproxy · nuclei
wireshark · sshuttle · httpx · naabu
DEVELOPMENT
VSCode · neovim · helix · lazygit · gh
docker · podman · kubectl · terraform
rustup · go · nodejs · python
Distrobox (Kali / Ubuntu / Debian containers)
Flatpak · Flathub
DESKTOP + GAMING
Hyprland · Waybar · Wofi · Hyprlock
SDDM custom theme · Plymouth boot splash
Steam · Heroic · Lutris · PrismLauncher
MangoHUD · GameScope · wine-staging
LibreWolf · Mullvad Browser · Tor Browser
PRIVACY + HARDENING
linux-hardened kernel + sysctl hardening
AppArmor · ufw · dnscrypt-proxy
Tor · MAC randomization per-mode
ShadowCypher GTK app pre-installed
Ollama for local AI inference
// 6 HOT-SWAP SECURITY MODES — switch with shadow-mode <name> or SUPER+M
MODE TOR DNS FIREWALL USE CASE
normaloffdnscryptdeny inDaily driver
devoffdnscryptdocker openDevelopment
pentestoffdnscryptscan openActive engagement
privacyondnscrypt+TorTor-onlyTravel / hostile networks
ghostonTor-onlydrop allMaximum lockdown
undercoveroffdnscryptneutralLow-profile / looks like a normal desktop
// BUILD IT YOURSELF
NATIVE (Arch host)
$ sudo pacman -S archiso
$ git clone https://github.com/jakes1345/ShadowCypher
$ cd ShadowCypher/shadowos
$ sudo ./build.sh
# out/shadowos-<date>-x86_64.iso (~7.4 GB)
DOCKER (any host)
$ git clone https://github.com/jakes1345/ShadowCypher
$ cd ShadowCypher/shadowos
$ ./build-docker.sh
# builds in Arch-in-Docker, outputs ISO
# ~20-45 min depending on your hardware
TEST IN QEMU (no USB needed)
$ qemu-system-x86_64 -enable-kvm -m 4G -cdrom out/shadowos-*.iso -vga virtio
FLASH TO USB
$ sudo ./shadowos/flash-usb.sh out/shadowos-*.iso /dev/sdX  # replace sdX with your USB device
// DEFAULT LIVE ISO CREDENTIALS
User: shadow  /  Password: shadow
Root: shadow

These are reset by the installer. Do not leave them on installed systems.

Full source, build scripts, branding renderer, and profile config are all open source.

View shadowos/ on GitHub →

Go Pro

Community edition is free forever. Pro unlocks the tools that make ShadowCypher a sovereign operating environment.

COMMUNITY
$0
forever
  • Full CLI toolkit
  • 29 tactical scripts
  • One-time network scan
  • Basic router audit
  • Local AI inference
  • ShadowScript DSL
CLONE REPO
OPERATOR
$49
/month
  • Everything in Guardian
  • AI Autopilot missions
  • Swarm telemetry cloud
  • Team collaboration
  • Report generation
  • Priority support
  • Threat intel feed
SUBSCRIBE — $49/mo

// What you get on each plan

Feature Community Guardian Pro Operator
CLI toolkit + 29 tactical scripts
On-demand network scan
24/7 continuous monitoring
Real-time threat alerts (ARP spoof, new device)
Devices monitored simultaneously110Unlimited
Scan history retention7 days90 daysUnlimited
Auto-hardening (firewall, SSH, services)
Ghost Mode (8-layer anonymity)
AI security assistant
Team accounts + shared dashboards
AI Autopilot missions
Threat intel feed
Priority supportcommunityemailemail + chat

All paid plans start with a 14-day free trial. Cancel any time, no questions.

Sign in

New here? Create account  ·  Forgot password?