casper
Privacy stack + engagement security CLI with 4 levels, real-time monitor, and hard kill-switch
v1.0.1
Linux
Quick Start
Install via jcli
jcli install casperGenerate privacy stack configs
# WireGuard config for a standard engagement (Level 2)
casper generate --mode vpn --protocol wireguard --level 2
# Full SHADOW stack (Level 4) — extreme furtivity for blackbox testing
casper generate --mode hybrid --level 4 --output yaml
# UK-region audit (BS 7671 / UK Cyber Essentials promotes MEDIUM→HIGH)
casper --region uk audit --profile wireguard --config /etc/wireguard/wg0.conf
# Audit every config in a directory in parallel
casper audit --profile dns --batch /etc/resolved.conf.d/Real-time monitoring + hard kill-switch
# Read-only status snapshot (no root required)
casper status --level 3
# Continuous watcher; on VPN/Tor drop, block all egress + disconnect WiFi
sudo casper watch --level 3 --enforce
# Manual kill-switch
sudo casper killswitch --enforce
# Restore connectivity
sudo casper restore --enforceGuarded app launch — refuse to start unless privacy is up
# Refuse to launch Firefox unless VPN + Tor + DNS are UP
casper launch --level 3 --require vpn,tor,dns -- firefox https://example.com
# --monitor keeps watching; kills Firefox if any link drops mid-session
casper launch --level 3 --monitor -- firefox https://example.com4 engagement levels
| Level | Use case | Stack |
|---|---|---|
| 1 — BASELINE | General red team, low sensitivity | Single VPN + DNS-in-tunnel + kill-switch |
| 2 — ENHANCED | DORA / NIS2 scope, sensitive client | VPN + Tor + local DoT/DoH resolver + DNSSEC |
| 3 — MAXIMUM | Nation-state adversary, covert ops | Air-gapped, private bridges, onion C2, tmpfs, immutable logs |
| 4 — SHADOW NEW | Full-blackbox engagement, null forensic trace | VPN→Tor (snowflake/meek/obfs4 cascade)→VPN, MAC randomisation, RAM-only state, cover traffic, NTP-over-Tor, nftables egress allowlist, stealth onion C2, dedicated hardware, 24h cooling-off acknowledgement |
What it does
- Generate WireGuard / OpenVPN / Tor / DNS / hybrid configs at any of 4 levels.
- Audit any of those config types against the canonical RFC / NIST baseline. Region-aware: UK / EU / JP promote MEDIUM→HIGH on privacy controls. Batch mode parallelises across cores via rayon.
- Plan engagements with the 4-level framework: stack + checklist + validation matrix + pre-audit gate. State persists as JSONL (NEW) for blue-team reconstruction.
- Monitor in real time.
casper statussnapshots VPN / Tor / DNS / interface state.casper watchruns a continuous loop and triggers the hard kill-switch on any required-link drop. - Hard kill-switch.
casper killswitchswaps in annftablestable that DROPs every egress except loopback and disconnects WiFi vianmcli+rfkill. Atomic ruleset replace — zero leak window. - Guarded launch.
casper launch <APP>refuses to exec the program unless the operator's required links are UP.--monitorkeeps watching and SIGTERMs the child if links drop mid-session. - Reference DB of relevant RFCs (incl. 2024-2026 entries: RFC 9460, 9519, 9525) and NIST SP 800-77r1 / 800-81r3, with section-level citation strings.
Subcommands
| Command | What it does |
|---|---|
generate | Render VPN / Tor / DNS / hybrid configs at level 1–4 |
audit | Run profile checks on one config; --batch for parallel directory walk |
engagement | Create / pre-audit / show history for an engagement (state persisted in JSONL) |
reference | Look up an RFC or NIST publication; --list for the full database |
status | Real-time read-only snapshot of VPN / Tor / DNS / interfaces |
watch | Continuous monitor; --enforce triggers the hard kill-switch on drop |
killswitch | Manual hard kill-switch (drops all egress + disconnects WiFi) |
restore | Remove the kill-switch ruleset and unblock WiFi |
launch <APP> | Refuse to exec the program unless required links are UP; --monitor kills on drop |