Shadow Sentinel

Your Silent Guardian in the Digital Realm

What is Shadow Sentinel?

Stealth Network Defense

Shadow Sentinel is a cutting-edge Intrusion Detection System (IDS) designed for unparalleled visibility and proactive defense of your critical digital infrastructure. It operates covertly, passively monitoring your network to identify threats without revealing its presence.

Real-time Threat Detection

Our advanced algorithms and sophisticated methodologies enable real-time detection of anomalies and known attack patterns. Shadow Sentinel vigilantly monitors network traffic to uncover threats that traditional defenses often miss, providing critical insights.

Covert Operations

Designed for true stealth, Shadow Sentinel maintains a minimal and undetectable footprint within your network. It passively observes and analyzes traffic without generating any network activity, ensuring its presence is never revealed to adversaries.

What does it stay sentinel for?

ARP Spoofing & Network Reconnaissance

Vigilantly guards against ARP spoofing attempts that can lead to Man-in-the-Middle attacks. It also detects network reconnaissance activities like port scanning, identifying potential threats before they escalate.

DNS Tunneling & Malicious Payloads

Monitors for patterns indicative of DNS tunneling, a stealthy method of data exfiltration. It also detects suspicious payloads that could signal SQL injection, XSS, command injection, or other web-based attacks.

Denial of Service (DoS) Attacks

Detects high-volume network flood attacks such as SYN floods and ICMP floods, which aim to disrupt network services and make them unavailable to legitimate users. Shadow Sentinel identifies these volumetric attacks in real-time.

Comprehensive Network Visibility

By continuously monitoring and analyzing network traffic for all detected threat vectors, Shadow Sentinel provides a clear and actionable overview of your network's security posture, helping to identify and mitigate risks.

How it keeps in shadows?

Pure Passive Monitoring

Shadow Sentinel employs advanced stealth methods by operating in a purely passive mode. It captures and analyzes all network traffic without transmitting a single packet, ensuring a zero digital footprint and making it virtually undetectable by adversaries.

Promiscuous Mode & Zero Transmission

Shadow Sentinel leverages promiscuous mode to capture all network traffic on a monitored interface. Crucially, it never transmits any packets, ensuring it cannot be fingerprinted or detected by actively probing its presence.

Silent Logging & Forensic Capture

Alerts and detected threats are logged locally to structured JSON files, ensuring no network traffic is generated for reporting. Suspicious packets are automatically captured as PCAP files for in-depth forensic analysis.

How it works?

Passive Packet Capture

Shadow Sentinel initiates a passive sniffing process on the specified network interface (in promiscuous mode). All incoming packets are captured without transmitting any data back onto the network.

Real-time Deep Packet Inspection (DPI)

Captured packets undergo immediate and in-depth analysis. The tool inspects headers, flags, and payloads to extract relevant information for threat detection, all performed in real-time and in-memory.

Threat Detection Engine

A sophisticated, thread-safe detection engine utilizes temporal analysis, pattern matching, and configurable thresholds to identify a wide range of threats including ARP spoofing, port scans, SYN/ICMP floods, DNS tunneling, and suspicious payloads.

Silent Alerting & Forensic Logging

Upon detection, alerts are logged locally to structured JSON files without any network activity. Suspicious packets are also saved to PCAP files for detailed offline forensic analysis.

Dynamic Dashboard & Statistics

A real-time terminal dashboard provides a clear overview of detected threats and network statistics, offering immediate visibility into your network's security posture while maintaining stealth.

How to use Shadow Sentinel

Get Started with Shadow Sentinel

Shadow Sentinel is an open-source project. You can find the full source code, detailed installation instructions, and comprehensive usage guides on our GitHub repository:

Visit GitHub Repository

Basic Usage:

  1. **Clone the Repository:** 
    git clone https://github.com/klebertiko/ShadowSentinel.git
    cd ShadowSentinel
  2. **Install Dependencies:** Follow the detailed installation steps in the README.md for your operating system. Using a Python virtual environment is highly recommended.
  3. **Run the Tool:** 
    sudo python3 shadowsentinel.py -i <your-interface>

    Replace <your-interface> with your network interface (e.g., eth0, wlan0).

  4. **Explore Features:** Refer to the README.md for advanced usage, filtering, and detection threshold configurations.

Command-Line Interface (CLI)

Shadow Sentinel is primarily designed as a robust command-line tool for cybersecurity professionals, network administrators, and security researchers. Its CLI provides direct control over monitoring parameters and filters.

Configurable Detection & Filters

Shadow Sentinel offers flexible configuration through command-line arguments for network interface selection, BPF (Berkeley Packet Filter) expressions, and adjustable detection thresholds for various threats. Its modular design allows for easy adaptation.

Local Logging & SIEM-Friendly Output

Shadow Sentinel logs all detected threats to local, structured JSON files. This output is designed to be easily parsed and integrated with Security Information and Event Management (SIEM) platforms for centralized logging, analysis, and alerting.