All-in-One Security Hardware Controller

Cyber Controller

Flash · Control · Coordinate  /  by LxveAce

>

View on GitHub Firmware Library esp32marauder.com

About

Cyber Controller is the all-in-one security hardware controller for cyberdecks and field deployments. Flash any firmware to any board, control it headlessly from a desktop or terminal, and coordinate multiple devices in real time — all from a single dashboard. No cloud dependency, fully offline-capable, cross-platform.

Built for pentesters, security researchers, CTF competitors, and hardware hackers. Supports ESP32, Flipper Zero, Raspberry Pi, and ADB-based security hardware across 4 flash backends, 7 protocol-aware serial parsers, and 18+ firmware profiles. Red-team audited with 15 security findings fixed.

v0.3.0 Released
18+ Firmwares
7 Protocols
4 Backends
4 UI Modes
111 Tests Passing

Three Pillars

Flash

18+ firmware profiles across 4 backends. esptool for ESP32, SD image writer for Raspberry Pi, qFlipper for Flipper Zero, ADB for Android-based hardware. Chip auto-detection, per-chip bootloader offsets, the critical --flash_size detect anti-brick patch. Batch flash multiple boards in one session. Full firmware backup and restore.

esptoolADBqFlipperSD Writer

Control

7 protocol-aware serial parsers that understand firmware output natively. Live data tables for APs, clients, BLE devices. Right-click context menus with target-specific actions. 4 UI modes: full Qt desktop, lightweight Tkinter, TUI for headless terminals, and Flask+SocketIO web remote for browser access.

PyQt5TkinterTUIWeb Remote

Coordinate

Shared target pool across all connected devices with auto-routing. One board discovers an AP, another deauths it, another sniffs the handshake — the full attack chain is hardware-validated. TargetIngestor pipeline with ActionResolver for cross-device target sharing and automated action dispatch.

Cross-CommAuto-RouteTarget PoolPipeline

Interactive Demo

Click through the tabs to explore each UI mode and feature panel. These are live representations of what you see when running Cyber Controller.

┌─────────────────────────────────────────────────────────────────────┐ CYBER CONTROLLER v0.3.0 Flash > Profile │ ├─────────────────────────────────────────────────────────────────────┤ Firmware Profile: ESP32 Marauder [▼ Change] Board: ESP32-S3 (DevKitC, 8MB) [▼ Change] Port: COM7 [⟳ Refresh] Baud: 921600 Release: v1.1.0 (latest) [⟳ Check] Flash Mode: dio Flash Freq: 80m Chip: esp32s3 Dead Man's Switch ☐ Backup First ☑ Verify After ┌───────────────────────────────────────────────────────────┐ ████████████████████████████████████████████ 87% └───────────────────────────────────────────────────────────┘ Flashing app image to 0x10000... (7,234,560 / 8,323,072 bytes) [ ⚡ FLASH ] [ BACKUP ] [ ERASE ] [ STOP ] └─────────────────────────────────────────────────────────────────────┘

Flash Panel

Select any of the 18+ firmware profiles from the dropdown, pick your board variant, and flash with one click. The flash core handles chip detection, bootloader offsets, flash frequencies, and the critical --flash_size detect anti-brick patch automatically.

  • Auto-detect chip type when board is plugged in
  • Per-chip bootloader + partition + boot_app0 offsets
  • Optional full firmware backup before flashing
  • Dead Man's Switch checkbox layers anti-forensic protection
  • Post-flash SHA256 verification
  • Batch mode: queue multiple boards for sequential flash
┌─────────────────────────────────────────────────────────────────────┐ CYBER CONTROLLER v0.3.0 Serial > ESP32 Marauder │ ├─────────────────────────────────────────────────────────────────────┤ > scanap [14:23:01] Scanning for APs on all channels... [14:23:03] AP Found: NETGEAR-5G CH:36 RSSI:-42 WPA2 [14:23:03] AP Found: TP-Link_A8F2 CH:6 RSSI:-58 WPA2 [14:23:04] AP Found: xfinitywifi CH:1 RSSI:-71 Open [14:23:04] AP Found: ASUS_RT-AX88U CH:44 RSSI:-63 WPA3 [14:23:05] AP Found: HiddenNet CH:11 RSSI:-67 WPA2 [14:23:06] Scan complete. 5 APs found. > select ap 0 [14:23:12] Selected: NETGEAR-5G (AA:BB:CC:DD:EE:FF) > sniffpmkid [14:23:15] PMKID captured: AA:BB:CC:DD:EE:FF (NETGEAR-5G) [14:23:15] Saved to SD: /pmkid_NETGEAR-5G.pcap ──────────────────────────────────────────────────────────────── > _ └─────────────────────────────────────────────────────────────────────┘

Serial Console

Full protocol-aware serial terminal. The parser understands firmware output natively — AP discoveries populate live data tables, PMKID captures get logged, and status messages are color-coded by type. Type commands directly or use the command palette.

  • Auto-detect connected firmware via identify()
  • Color-coded output: green for discoveries, yellow for captures, red for errors
  • Command history with up/down arrow navigation
  • Tab-completion for all firmware commands
  • Live data tables update as events stream in
  • Right-click any discovered target for context actions
┌─────────────────────────────────────────────────────────────────────┐ CYBER CONTROLLER v0.3.0 Targets > AP Pool │ ├──────┬──────────────────┬───────────────────┬─────┬──────┬─────────┤ # SSID BSSID CH RSSI ENC ├──────┼──────────────────┼───────────────────┼─────┼──────┼─────────┤ 0 NETGEAR-5G AA:BB:CC:DD:EE:FF 36 -42 WPA2 1 TP-Link_A8F2 11:22:33:44:55:66 6 -58 WPA2 2 xfinitywifi 77:88:99:AA:BB:CC 1 -71 Open 3 ASUS_RT-AX88U DD:EE:FF:00:11:22 44 -63 WPA3 4 HiddenNet 33:44:55:66:77:88 11 -67 WPA2 ├──────┴──────────────────┴───────────────────┴─────┴──────┴─────────┤ 5 APs 2 Clients 3 BLE Devices Sources: Marauder, DIV ├─────────────────────────────────────────────────────────────────────┤ Right-click for: Deauth PMKID Handshake Sniff Clone Monitor └─────────────────────────────────────────────────────────────────────┘

Target Pool

Live data tables for all discovered targets — APs, clients, and BLE devices. Targets are populated automatically as serial events stream in from any connected device. Right-click any row for firmware-specific context actions.

  • Sortable columns: click headers to sort by RSSI, channel, encryption
  • Multi-source: targets from all connected devices merged into one pool
  • Right-click context menu with target-specific actions (deauth, PMKID, sniff, clone)
  • Target types: AP, CLIENT, BLE, SUBGHZ, NFC
  • Auto-dedup: same BSSID from different sources shows once
  • Export target list to CSV or JSON
┌─────────────────────────────────────────────────────────────────────┐ CYBER CONTROLLER v0.3.0 Cross-Comm > Live Feed │ ├─────────────────────────────────────────────────────────────────────┤ DEVICE A (COM7 · Marauder) [14:23:03] → DISCOVERED AP: NETGEAR-5G (ch36, -42dBm) [14:23:03] ↗ SHARED target to pool → 2 devices notified DEVICE B (COM9 · ESP32-DIV) [14:23:04] ↙ RECEIVED target: NETGEAR-5G from Device A [14:23:04] ⚡ AUTO-ACTION deauth → NETGEAR-5G [14:23:05] Deauth frames sent (12 packets) DEVICE C (COM11 · GhostESP) [14:23:04] ↙ RECEIVED target: NETGEAR-5G from Device A [14:23:05] ⚡ AUTO-ACTION sniffpmkid on ch36 [14:23:08] PMKID CAPTURED: NETGEAR-5G → saved to SD ───── Attack chain complete: discover → deauth → capture ───── └─────────────────────────────────────────────────────────────────────┘

Cross-Device Coordination

The full attack chain automated across devices. Device A discovers an AP, the TargetIngestor shares it to the pool, Device B auto-deauths it, Device C captures the PMKID — all without manual intervention. The ActionResolver routes targets to the right device based on firmware capabilities.

  • Shared target pool with auto-routing to capable devices
  • TargetIngestor pipeline: discover → share → route → execute
  • ActionResolver matches target type to firmware capability
  • Multi-protocol: Marauder, GhostESP, DIV, Bruce all interoperate
  • Cascade wipe: Dead Man's Switch trigger propagates to all devices
  • Hardware-validated on COM7 with live cross-comm loop
┌─────────────────────────────────────────────────────────────────────┐ CYBER CONTROLLER v0.3.0 Security > Dead Man's │ ├─────────────────────────────────────────────────────────────────────┤ ⚠ DEAD MAN'S SWITCH CONFIGURATION All settings are provisioned host-side. Plaintext never touches the device. Boot Password: •••••••••••• [Set] Duress Password: •••••••• [Set] Max Attempts: 2 (wipe after 2 fails) GPIO Dead-Man: GPIO 25 (tamper/open-case) Cascade Wipe: Enabled (all connected devices) Wipe Stages: 1. Overwrite flash with random bytes 2. Erase all partitions (app, NVS, OTA) 3. Raw-read verify (confirm zeros) 4. SD card secure erase (if present) [ ⚡ ARM ] [ DISARM ] [ TEST ] [ PANIC WIPE ] └─────────────────────────────────────────────────────────────────────┘

Dead Man's Switch

Anti-forensic protection integrated directly into the flash pipeline. Set boot and duress passwords from the host — plaintext is hashed locally and only the PBKDF2-HMAC-SHA256 digest is written to the device. The GPIO dead-man switch triggers a hardware kill line on tamper or open-case detection.

  • Host-side password provisioning: plaintext never touches the device
  • PBKDF2-HMAC-SHA256 password hashing with configurable iterations
  • 2-fail auto-wipe with power-cycle-safe attempt counter
  • Duress password triggers immediate flash obliteration
  • GPIO dead-man switch for tamper/open-case detection
  • Cascade wipe propagates to all connected devices
  • ROM SPI bypass brick: hardware-validated on classic ESP32
┌─────────────────────────────────────────────────────────────────────┐ CYBER CONTROLLER TUI v0.3.0 Port: COM7 Proto: marauder ├──────────────────────────────────┬──────────────────────────────────┤ Serial Output Commands [14:23:01] Ready. WiFi [14:23:03] AP: NETGEAR-5G scanap CH:36 RSSI:-42 WPA2 stopscan [14:23:03] AP: TP-Link_A8F2 deauth CH:6 RSSI:-58 WPA2 sniffpmkid [14:23:04] AP: xfinitywifi sniffraw CH:1 RSSI:-71 Open [14:23:05] 3 APs found Bluetooth scanble blespam System info / reboot / update ├──────────────────────────────────┴──────────────────────────────────┤ > _ └─────────────────────────────────────────────────────────────────────┘

TUI Mode

Full-featured terminal user interface for headless deployments. Runs in any terminal — SSH into a Raspberry Pi cyberdeck, a cloud VM, or any headless box. Split panes show serial output and available commands simultaneously. Built with Python Textual for rich terminal rendering.

  • Split-pane layout: serial output + command reference
  • Runs over SSH — perfect for headless Pi/cyberdeck deployments
  • Same protocol parsing and target tables as the Qt GUI
  • Keyboard-driven: Tab to switch panes, arrows to navigate
  • Minimal resource usage for embedded/ARM hardware
  • Falls back gracefully on narrow terminals

Firmware Library

18+ firmware profiles across ESP32, Flipper Zero, Raspberry Pi, and ADB-based hardware. Every profile includes chip detection, bootloader offsets, flash frequencies, and Dead Man's Switch compatibility.

ESP32 Firmware

ESP32 Marauder

Stable

WiFi/BLE offensive security suite. Scan, sniff, deauth, PMKID, handshake capture, beacon spam, Evil Portal.

justcallmekoko ESP32 / S2 / S3 esptool

GhostESP

Stable

WiFi/BLE/GPS multi-tool with wardrive, portal capture, beacon spam, probe sniff, BLE spam, and SD logging.

Spooky ESP32-S2 / S3 esptool

Bruce

Stable

Multi-purpose offensive firmware. WiFi, BLE, IR, SubGHz, RFID, NFC, BadUSB on ESP32-based boards.

pr3y ESP32 / S3 / C3 esptool

ESP32-DIV

Stable

WiFi/BLE/2.4GHz pen-test multi-tool. Scan, deauth, BLE spam, PMKID, NRF24, spectrum analysis.

CiferTech ESP32 / S3 esptool

HaleHound

Stable

Multi-protocol IoT attack station. WiFi, BLE, SubGHz (CC1101), 2.4GHz (NRF24), NFC (PN532).

HaleHound ESP32-S3 esptool

Meshtastic

Stable

LoRa mesh networking. Off-grid encrypted messaging, GPS tracking, telemetry, and repeater nodes.

Meshtastic ESP32 / S3 / C3 esptool

CYT-NG

Stable

Custom Marauder-family firmware with extended features for CYD touchscreen boards.

Community ESP32 esptool

Flock-You

Stable

BLE advertisement flooding and Apple/Google/Samsung notification spam tool.

Community ESP32-S3 / C3 esptool

OUI-Spy

Stable

Passive WiFi device tracking via OUI lookup. Identify device manufacturers from probe requests.

Community ESP32 esptool

Sky-Spy

Stable

Drone/UAV detection via WiFi probe analysis. Passive detection of common drone control protocols.

Community ESP32 esptool

AirTag Scanner

Stable

Detect and locate nearby Apple AirTags and other BLE trackers via advertisement scanning.

Community ESP32 esptool

Flipper Zero Firmware

Momentum

Stable

Feature-rich custom Flipper firmware. Extended SubGHz, NFC, RFID, IR, BadUSB, GPIO, and app ecosystem.

Momentum-Fw Flipper Zero qFlipper

Unleashed

Stable

Unlocked Flipper firmware with extended frequency ranges, SubGHz protocols, and community apps.

DarkFlippers Flipper Zero qFlipper

Raspberry Pi & Linux

Kali ARM

Stable

Full Kali Linux for ARM boards. Complete penetration testing distribution with 600+ tools.

Offensive Security Pi 3/4/5 / Zero 2 SD Image

Pwnagotchi

Stable

AI-powered WiFi audit tool. Autonomous WPA handshake capture with machine learning optimization.

Community Pi Zero 2 W SD Image

RaspyJack

Stable

Raspberry Pi-based network attack platform. Rogue AP, MITM, credential harvesting, and DNS spoofing.

Community Pi 3/4/Zero 2 SD Image

RayHunter

Stable

IMSI catcher detection on Orbic mobile devices. Detect cell-site simulators via Qualcomm diag interface.

EFF Orbic Speed RC400L ADB

Protocol Parsers

7 protocol-aware serial parsers that understand firmware output natively. Live data tables, auto-detection, right-click target actions, and cross-device target sharing.

Marauder

AP/client/BLE scan results, PMKID/handshake capture, deauth status, channel info, SD operations

WiFiBLECapture

GhostESP

AP/client/BLE/probe discovery, deauth/beacon/portal events, GPS/wardrive data, SD logging

WiFiBLEGPS

Bruce

WiFi/BLE/IR/SubGHz/RFID/NFC events, multi-protocol scan results, BadUSB status, system events

WiFiBLEIRSubGHz

Flipper Zero

SubGHz captures, RFID/NFC reads, IR signals, BadUSB execution, GPIO data, app output

SubGHzNFCRFIDIR

HaleHound

Multi-protocol scan results across WiFi, BLE, CC1101 (SubGHz), NRF24 (2.4GHz), PN532 (NFC)

WiFiBLESubGHzNFC

Meshtastic

Mesh node discovery, message routing, GPS telemetry, signal quality, channel configuration

LoRaMeshGPS

ESP32-DIV

WiFi AP/client scan, BLE device discovery, 2.4GHz spectrum, NRF24 sniffing, PMKID/handshake capture

WiFiBLE2.4GHzNRF24

Security & Anti-Forensic

Red-Team Audited

15 security audit findings found and fixed. SSRF-hardened firmware downloads, CSRF protection, rate limiting, control-character injection prevention across all input surfaces.

Web Auth Hardened

scrypt password hashing for the web remote interface. AES-256-GCM mandatory encryption for all stored credentials. Session tokens with configurable TTL and automatic expiry.

Dead Man's Switch

Anti-forensic firmware integration via Suicide Marauder submodule. ROM SPI bypass brick hardware-validated on ESP32. Guardian firmware-agnostic dead-man gate. Host-side password provisioning — plaintext never touches the device.

Duress & Panic Wipe

Configurable duress password triggers immediate flash obliteration. 2-fail auto-wipe with power-cycle-safe attempt counter. GPIO dead-man switch for tamper/open-case detection. Cascade wipe across all connected devices.

SSRF Hardened

All firmware download URLs validated against allowlist. Private IP ranges blocked. Redirect chains terminated. Path-traversal protection on all file operations. No arbitrary URL fetching.

Cross-Platform

Windows, Linux, macOS. ARM and x64. Full Qt desktop GUI, lightweight Tkinter, headless TUI, and browser-based web remote. Standalone executables with everything bundled.

Ecosystem

Cyber Controller is the flagship — but it stands on a lineage of purpose-built tools. Each is open source and standalone.

Headless Marauder GUI

The original all-in-one Marauder controller and multi-firmware flasher. 4 UIs, standalone exe builds.

v1.3.0

Dead Man's Switch

Universal anti-forensic dead-man gate. Multi-board successor to Suicide Marauder.

Active

Suicide Marauder

The original anti-forensic firmware. ROM SPI bypass brick, Guardian gate, boot password. HW-validated.

v1.0.1

Universal Flasher

Standalone multi-firmware flasher. 14+ profiles, batch flash, backup/restore, plugin system.

v1.0.0

Universal Flasher & UI

Flash + serial control + cross-device coordination prototype. Absorbed into Cyber Controller.

v0.1.0

esp32marauder.com

ESP32 security tools hub. Build guides, downloads, and project documentation.

Website

Contact

Open to collaboration, consulting, and interesting conversations.

GitHub Portfolio esp32marauder.com lxveace@proton.me