Flash. Control. Coordinate. — 42 firmware profiles, 5 flash backends, 4 interfaces, one screen.
Download · Website + live demo · Hardware guides · Changelog · Discord
Flashing an ESP32 and then driving it usually means five different tools, a pile of esptool flags, and a fresh way to brick a board every time. Cyber Controller is the one app that does both — pick a firmware, flash it (chip auto-detected, correct offsets, anti-brick guard), then control it live in the same window. Connect a whole bench of boards and fire one command at all of them at once; one board finds an AP, another deauths it, a third grabs the handshake — from a single screen.
Built to run a multi-device cyberdeck on a 7″ touchscreen, headless over SSH, or from your phone — but just as happy flashing a single $12 board on your desk. Self-taught hobby project, hardened as it grows. Authorized security testing, education, and CTF use only.
⚠️ Lawful, authorized use only. Use it only on hardware and networks you own or have explicit permission to test. Provided as-is, no warranty — you assume all risk. See DISCLAIMER.md.
Jump to: Highlights · Firmware · Hardware · Interfaces · Quick start · Security · Learn more
v1.6.9 — live scanning now flows straight into the Targets list, macros, Cross-Comm and an auto-refreshing network graph; a one-click in-app updater that patches in place and keeps your data; a faster Flock camera map; and Dead Man's Switch provisioning in the packaged build.
The full version-by-version history — every fix, every hardening pass, every added firmware — lives in the Changelog and the Releases. Where it's headed next is on the roadmap at cybercontroller.org.
🔥 Flash — 42 firmware profiles across 5 backends. A hardware-validated flash core auto-detects the chip (esptool chip_id first — never hardcoded), applies the critical --flash_size detect anti-brick patch and the correct per-chip bootloader offsets (including the ESP32-C5 0x2000 gotcha), and kills the child process on error so a failed flash never holds the port. Offline Firmware Vault with SHA-256 integrity pinning, batch flash, backup & restore, and handling for the awkward formats (GhostESP .zip, Meshtastic per-chip archives, AmebaD multi-image).
🎮 Control — a protocol-aware serial monitor with per-device firmware selection and per-firmware command palettes. 10 native parsers ship. Dangerous transmit commands are labeled and confirmed, never blocked (full capability retained). Macro recorder & playback with variable substitution, and a tamper-evident SHA-256 audit trail over every flash and command.
🛰 Coordinate — the Unified Action Broadcast: one intent (Find APs, Deauth All, BLE Scan, Capture Handshakes, STOP ALL) fans out to every connected radio at once, each translated into that firmware's own native command. A shared target pool means one board's discovery is instantly actionable by another.
♻️ One-click updates · 🔒 optional physical-key access gate · 🧨 Dead Man's Switch anti-forensic provisioning · 🗺 Flock/ALPR awareness map · 📡 GPS wardriving → WiGLE CSV. Details below and in the docs.
42 firmware profiles ship in src/config/profiles/ — each tracks its latest upstream release at flash time and auto-selects the correct per-board binary.
📚 Hardware Guides → — a per-firmware walkthrough for every entry below: what to buy, how to build it, how to flash & run it, how to wire it into Cyber Controller, and troubleshooting — each with a downloadable PDF.
| Firmware | Purpose | Chips / boards | Backend |
|---|---|---|---|
| ESP32 Marauder | Wi-Fi/BLE recon + attack suite | ESP32 / S2 / S3 / C5 | esptool |
| GhostESP | Wi-Fi/BLE/SubGHz multitool | ESP32 / S2 / S3 / C-series | esptool (zip) |
| Bruce | Pentest multitool | ESP32 / S3 / C-series | esptool (merged) |
| Nautilus | Sub-GHz RF (CC1101 300–928 MHz RX/TX) | ESP32-S3 (LilyGo T-Embed CC1101) | esptool (merged) |
| ESP32-DIV | Wi-Fi/RF Swiss-army firmware | ESP32-S3 (v2) | esptool |
| HaleHound | CYD-native Wi-Fi tool | ESP32 (Cheap Yellow Display) | esptool |
| MinigotchiV3 | Pwnagotchi-style handshake hunter | ESP32 dual-core / S3 | esptool |
| Meshtastic | LoRa off-grid mesh comms | ESP32-S3 / Heltec LoRa | esptool (zip) |
| MeshCore | LoRa mesh (companion/repeater/room-server) | ESP32 / S3 / C3 / C6 | esptool (merged) |
| MCLite (MeshCore fork) | Off-grid mesh comms | ESP32-S3 (T-Deck Plus / T-Watch Ultra) | esptool (merged) |
| RNode | Reticulum LoRa radio interface | ESP32 / S3 (T-Beam / T3S3 / Heltec V3 / T-Deck / XIAO) | esptool (per-board zip) |
| T-REX | LilyGo T-Deck pentest terminal | ESP32-S3 (T-Deck / T-Deck Plus) | esptool (merged) |
| ESP32 Bit Pirate | Bus Pirate-style hardware hacking | ESP32-S3 (XIAO / Cardputer / T-Embed) | esptool (merged) |
| M5Stick NEMO | M5 multitool | ESP32 / S3 (StickC Plus2 / Cardputer / StickS3) | esptool (merged) |
| M5Gotchi | Pwnagotchi for M5Stack | ESP32-S3 (M5Cardputer / Stick-S3) | esptool (merged) |
| AirTag Scanner | Detect nearby AirTags / trackers | ESP32 / S3 | esptool |
| Chasing Your Tail NG | Counter-surveillance tail detection — no prebuilt ESP32 image to flash yet (upstream is a Linux/Pi Python analyzer) | ESP32 | esptool |
| OUI-Spy | Target device by MAC/OUI | ESP32-S3 | esptool |
| Sky-Spy | Drone Remote-ID sniffer | ESP32-S3 / C5 | esptool |
| Drone Mesh Mapper | Passive WiFi drone Remote-ID detector, RX-only (mesh node-relay) | ESP32-C3 / S3 (Xiao) | esptool (merged) |
| ESP32 Dual-Band Wardriver | Passive 2.4+5 GHz WiFi/BLE WiGLE logger (RX-only, SD) | ESP32-C5-DevKitC-1 | esptool (pinned) |
| ESP32 BLE Collector | Passive BLE advert logger to SD (app-only update) | M5Stack Core2/Fire/Basic, Odroid-GO, CoreS3 | esptool (pinned) |
| Flock-You | Passive ALPR / Flock camera detector | ESP32-S3 | esptool |
| RayHunter | IMSI-catcher / cell-site detector | Orbic RC400L (LTE hotspot) | ADB |
| Flipper Zero — Momentum | Feature-rich Flipper custom firmware | STM32WB55 | qFlipper |
| Flipper Zero — Unleashed | Unlocked Flipper custom firmware | STM32WB55 | qFlipper |
| Flipper Zero — RogueMaster | Bleeding-edge Flipper custom firmware | STM32WB55 | qFlipper |
| BW16 Deauther ⚠ | Dual-band 2.4/5 GHz Wi-Fi + BLE deauther (authorized testing) | RTL8720DN (AmebaD) | rtl8720 |
| Pwnagotchi | AI handshake-hunting SBC | Raspberry Pi | SD image |
| RaspyJack | Pi drop-box / LAN implant — install-script overlay, not a prebuilt flashable image | Raspberry Pi (LCD/GPIO HAT) | SD image |
| Kali Linux ARM | Full pentest distro — image URL pending (no auto-resolved download yet) | Raspberry Pi (ARM64) | SD image |
| Hydra32 / ESP32-Deauther ⚠ | Wi-Fi deauth (authorized testing) | ESP32 DevKit V1 | esptool (SHA-256-pinned) |
| ESP8266 Deauther ⚠ | Spacehuhn classic (authorized testing) | ESP8266 (D1 mini / NodeMCU / DSTIKE) | esptool (merged) |
| WiFiDuck ⚠ | Wi-Fi BadUSB (authorized testing) | ESP8266 (DSTIKE WiFi Duck / Malduino W) | esptool (merged) |
| ESP32 WiFi Penetration Tool ⚠ | PMKID / handshake attacks (authorized) | ESP32 (DevKit / WROOM) | esptool (SHA-256-pinned) |
| M5PORKCHOP ⚠ | M5 offensive multitool (authorized) | ESP32-S3 (M5Cardputer) | esptool (merged) |
| BlueJammer-V2 (ESP32) ⚠⚠ lab-only | BT/BLE jammer — flash-and-study only | ESP32-WROOM-32U | esptool |
| BlueJammer-V2 (BW16) ⚠⚠ lab-only | BT/BLE jammer — flash-and-study only | RTL8720DN (AmebaD) | rtl8720 |
| nRF BlueNullifier 2 ⚠⚠ lab-only | 2.4 GHz nRF24 RF stress — flash-and-study | 2× nRF24L01 + ESP32 | esptool |
| BlueStress ⚠⚠ lab-only | 2.4 GHz/BLE disruption — boots idle, gated serial control | ESP32 + nRF24L01 | esptool |
| ESP-AT | Espressif AT-command Wi-Fi/BT modem firmware | ESP32 / S2 / S3 / C3 | esptool (zip) |
Custom / local .bin |
Flash your own build | any ESP32 | esptool |
⚠ marks firmware that can transmit and is included for authorized testing only. ⚠⚠ BlueJammer-V2 is a flash-and-study target for an authorized lab: RF jamming is illegal to transmit (FCC 47 U.S.C. §333). Per the label, never block doctrine its binaries are SHA-256-pinned + fetched at flash time (never vendored), and Cyber Controller exposes no operate/transmit control for it — the parser is telemetry-only.
Cyber Controller drives whatever these firmwares run on. Coverage by class:
- ESP32 family — ESP32 (WROOM/WROVER/PICO), ESP32-S2, S3, C3, C6, and the dual-band Wi-Fi 6 ESP32-C5 (2.4 + 5 GHz).
- ESP8266 — D1 mini, NodeMCU, DSTIKE (Deauther / WiFiDuck).
- Realtek RTL8720DN / BW16 — dual-band 2.4/5 GHz Wi-Fi + BLE, via the AmebaD ImageTool (
rtl8720backend). - Flipper Zero — STM32WB55, via
qFlipper(Momentum / Unleashed / RogueMaster). - Raspberry Pi — Pi 5, Pi Zero 2 W and friends, via verified SD-image writing (Pwnagotchi / RaspyJack / Kali).
- Qualcomm LTE — Orbic RC400L hotspot for RayHunter IMSI-catcher detection (
ADBbackend).
Popular boards, confirmed: Lonely Binary ESP32 Gold · Cheap Yellow Display (2.4″/2.8″/3.2″/3.5″ — use the resistive 2432S028R) · M5Stack Cardputer / Cardputer ADV / StickC Plus2 / Stick-S3 · LilyGo T-Deck / T-Deck Plus / T-Embed CC1101 / T-Dongle-S3 · Seeed XIAO ESP32-S3 · Heltec LoRa V3 (915 MHz US) · Waveshare ESP32-C5 · Marauder Mini / Mini v3 · Flipper Zero Wi-Fi Dev Board (ESP32-S2) · Ai-Thinker BW16.
Flash-offset reference (the part that bricks boards if you get it wrong)
| Chip family | bootloader | partitions | boot_app0 | app |
|---|---|---|---|---|
| ESP32, ESP32-S2 | 0x1000 |
0x8000 |
0xE000 |
0x10000 |
| ESP32-S3, C2, C3, C6, H2 | 0x0 |
0x8000 |
0xE000 |
0x10000 |
| ESP32-C5, P4 | 0x2000 |
0x8000 |
0xE000 |
0x10000 |
Merged single-image firmwares (Bruce, GhostESP merged.bin) flash at 0x0. The engine never hardcodes the chip — it runs esptool chip_id first.
| Mode | Framework | Best for |
|---|---|---|
| Full Dashboard | PyQt5 | Primary — 7″ touchscreen, every feature |
| Lightweight | Tkinter | Low-resource ARM systems |
| TUI | Textual | SSH / headless |
| Web Remote | Flask + SocketIO | Phone control of a headless Pi (auth + CSRF + 127.0.0.1 by default) |
Launch with no --ui for a picker. A Simple / Pro depth toggle (Ctrl+M) trims or reveals controls with zero feature penalty. Which frontend suits which machine → docs/RECOMMENDED-SPECS.md.
# Python 3.12+ — extras: tk / tui / web / full / dev
pip install -e ".[full]"
cyber-controller # full PyQt5 dashboard
cyber-controller --ui tui # terminal UI (SSH / headless)
cyber-controller --ui web # web remote, binds 127.0.0.1:5000Prefer a prebuilt binary? Grab the latest release (Windows portable .exe + installer, Linux, macOS, ARM) — each with SHA256SUMS.txt and a VirusTotal report. The build isn't code-signed yet, so Windows SmartScreen may warn; docs/WINDOWS-SECURITY.md explains why and gives three ways to verify your download.
Cyber Controller drives real RF and flashing hardware, so it's hardened to match: an optional fail-closed physical-key access gate (salted-scrypt, brute-force lockout, opt-in duress self-wipe), an authenticated web remote (per-session CSRF token, CSP nonce, CORS allowlist, no default creds), supply-chain-hardened firmware downloads (HTTPS host allowlist, SSRF-safe redirects, SHA-256 pinning), and AES-256-GCM session storage that fails closed. Full posture + honest limits in SECURITY.md. Report a vulnerability to the address there — not a public issue.
Dead Man's Switch ships as a submodule for owner-only anti-forensic provisioning (boot-password gate, fail-count wipe, GPIO trigger, eFuse + flash encryption). Provision it from cyber-controller --deadman-setup or Tools ▸ Dead Man's Switch Setup; the password is hashed host-side (PBKDF2, never stored). Bundles flash with TOCTOU-safe per-file SHA-256 verification. Cyber Controller only flashes a bundle the provisioner already built — it never burns eFuses itself. Honest scope in the DMS docs.
| For… | Go to |
|---|---|
| Interactive demo, firmware library, downloads | cybercontroller.org |
| Per-firmware buy → build → flash → run guides (PDF) | cyber-controller-guides |
| Full version history + what changed | CHANGELOG.md · Releases |
| Security posture + reporting | SECURITY.md |
| Windows download trust / verification | docs/WINDOWS-SECURITY.md |
| Which UI for which machine | docs/RECOMMENDED-SPECS.md |
| Questions, help, or just to talk it through | discord.gg/lxvelabs |
| Project | What |
|---|---|
| headless-marauder-gui | Standalone Marauder controller + flasher (4 UIs) |
| universal-flasher | Multi-firmware flasher + device manager |
| deadmans-switch | Anti-forensic firmware provisioner |
| cybercontroller.org | Flagship site — demo, firmware library, downloads |
| esp32marauder.com | ESP32 security-tools hub |
Issues and PRs welcome. Run python -m pytest before submitting — the suite covers the flash core, protocols, backends, the security hardening, and the broadcast engine.
Cyber Controller flashes, drives, and coordinates firmware and tools it did not write — it stands on the work of many upstream authors, none of whom endorse it. Nothing upstream is vendored here; binaries are fetched from official releases, pinned and SHA-256 verified. Full acknowledgments + licenses in CREDITS.md. Special thanks to RedneckNetrunner (GOS Discord), whose coverage requests and real-device testing shaped the M5 / Cardputer support. Trademarks belong to their respective owners.
MIT — Copyright © 2026 LxveAce. See LICENSE.
Discord: discord.gg/lxvelabs · GitHub: @LxveAce · Email: LxveLabs@proton.me · Sites: lxvelabs.com · cybercontroller.org