Community
Built in the open.
SquirrelOps is built on a foundation of source-available tools that anyone can inspect, learn from, and use for personal, research, and educational purposes.
Source-available under PolyForm Noncommercial 1.0.0. Free for personal, research, and educational use. Commercial use requires a separate license.
Core Platform
The engines behind the platform.
Orchestration and control-plane for the SquirrelOps deception workspace. Manages all runtime repositories from a single operator dashboard.
Hosts a Next.js operator dashboard and FastAPI aggregation API. Manages lifecycle of ClownPeanuts and PingTing via parallel bootstrap/update scripts. Cross-repo CI with smoke harness. Security controls include directory validation against allowed base roots, Git remote verification against config manifest, ephemeral credential helpers (never embedded in URLs), and non-interactive Git with hard timeouts. Config driven by projects.yaml as single source of truth.
View on GitHub↗Adaptive deception framework beyond traditional honeypots. Deploys convincing fake services, engages attackers, and builds complete intelligence profiles.
7 protocol emulators (SSH, HTTP Admin, Redis, MySQL, PostgreSQL, MongoDB, Memcached). The Rabbit Hole Engine maintains per-session world models with credential cascade graphs 8+ levels deep, phantom lateral movement with fake network interfaces, and "oops" artifacts (leaked bash history, debug endpoints, hardcoded passwords). Tarpit primitives include adaptive throttle, slow-drip downloads, infinite exfiltration streams, and query tarpits. Intelligence pipeline: MITRE ATT&CK mapping, attacker classification by skill level, tool fingerprinting, behavioral biometrics, credential reuse detection, STIX 2.1/TAXII 2 export. Advanced features: Adversary Narrative Engine (cross-protocol coherence), Adaptive Lure Bandit (Thompson sampling/UCB), Adversary Theater (live session replay with kill-chain visualization), and counterfactual simulation for policy testing.
View on GitHub↗Local-first network monitoring toolkit. Discovers every device on your network, learns what normal looks like, and alerts when something changes. All data stays on your hardware.
Device discovery via ARP and nmap with fingerprinting and drift detection. Optional local LLM device classification (OpenAI-compatible endpoint, nothing leaves your network). Breach exposure monitoring via HIBP. Log file anomaly detection with baseline learning. Multi-channel alerting (log, webhook, Slack, SMTP) with delivery tracking and exponential backoff retry. Operational reporting with dead-letter queue and replay tooling. Plugin system with SHA256 pinning, namespace constraints, and filesystem root enforcement. macOS launchd service support. Full SQLite storage, no cloud dependencies. Security: parameterized SQL, defusedxml, no shell=True, SSRF protections, DNS pinning, webhook HMAC signing.
View on GitHub↗Native macOS app bringing enterprise-grade network monitoring and deception to home networks. Free to download and use.
Packages the PingTing monitoring engine and ClownPeanuts deception engine for home/small-office networks. SwiftUI control plane with auto-deployed decoy services, credential canaries, device fingerprinting, and Apple Push Notification alerting. Completely local operation with no cloud dependency. Pairs a lightweight sensor with a native macOS dashboard over encrypted connection.
View on GitHub↗Enterprise Modules
Specialized tools for advanced operations.
These modules extend the core platform with targeted capabilities. Included with SquirrelOps Enterprise.
Decoy lifecycle orchestrator. Stand-up, activation, and teardown of deception environments.
Synthetic activity generator. Scripted reconnaissance and lateral movement that makes decoys indistinguishable from production.
Credential canary system. Plants trackable fake credentials across your environment and monitors for usage.
Active Directory deception. Seeds fake users, service accounts, and groups into AD to detect adversary enumeration.
Data artifact fingerprinting. Tracks callbacks when exported files are opened outside your environment.
Adversary behavioral profiling. Classifies intruder skill level and produces adaptive defense recommendations.
License
PolyForm Noncommercial 1.0.0
All SquirrelOps repositories are licensed under PolyForm Noncommercial 1.0.0. This means you can freely use, study, and modify the source code for personal, research, and educational purposes.
Commercial use — including using the software as part of a product or service you sell, or using it within a business to generate revenue — requires a separate commercial license.
To obtain a commercial license, open an issue in the relevant repository on GitHub. We'll work with you to find a licensing arrangement that fits your needs.