An Augmented Reality (AR) Physical Security Assistant for Red Teaming and Penetration Testing.
Analog Hacker bridges the gap between digital reconnaissance and physical security. Designed for penetration testers and Red Teams, this application utilizes a mobile interface to actively scan physical security devices—such as access control systems, routers, and locks. By leveraging advanced multimodal AI, it identifies hardware in real-time, assesses potential threat levels, and provides immediate, actionable intelligence through AR overlays, haptic feedback, and audio cues.
- Real-Time Hardware Identification: Uses
expo-camerato capture live feeds of physical security devices for instant analysis. - Multimodal Threat Assessment: Integrates the Google Generative AI SDK (Gemini 1.5 Flash) to rapidly analyze visual data, identify the specific hardware model, and cross-reference known vulnerabilities.
- Sensory Feedback: Employs
expo-hapticsandexpo-speechto provide discrete, eyes-free alerts—notifying the operator of high-risk targets or successful bypass identifications without needing to constantly look at the screen. - AR Vulnerability Overlay: Projects known bypass methods, default credentials, or CVEs directly onto the identified device in the mobile viewfinder.
- Red Team Reconnaissance: Streamlines the physical penetration testing workflow by providing immediate intelligence on the field.
Frontend & Mobile Architecture
- Framework: React Native (Expo) / TypeScript
- Camera Interface: Expo Camera
- Sensory Modules: Expo Haptics, Expo Speech
AI & Computer Vision
- Inference Engine: Google Generative AI SDK (Gemini 1.5 Flash) for high-speed, low-latency visual reasoning.
- Vision Processing: OpenCV / Python (Backend processing)
Backend & Data Layer
- Server: Node.js / Express
- Database: MongoDB (for storing historical CVE data and custom device notes)
Analog Hacker relies on the Gemini 1.5 Flash model for its speed and multimodal capabilities.
- The operator points the device at a target (e.g., a commercial keypad).
expo-cameracaptures the frame and transmits it securely via the Generative AI SDK.- The model analyzes the image against its vast training data to identify the manufacturer, model, and physical characteristics.
- The system retrieves associated vulnerabilities (e.g., default admin pins, known physical bypasses like under-door tools or magnet vulnerabilities).
- The UI dynamically updates the AR overlay, triggers a haptic pulse for high-severity findings, and can optionally read out the bypass instructions via
expo-speech.
- Node.js (v18+)
- Expo CLI (
npm install -g expo-cli) - A mobile device (iOS/Android) with the Expo Go app installed
- Google Gemini API Key
- Clone the repository:
git clone https://github.com/yourusername/analoghacker.git
cd analoghacker
- Install mobile dependencies:
cd mobile-app
npm install
- Configure your environment variables. Create a
.envfile in the root of the mobile directory:
EXPO_PUBLIC_GEMINI_API_KEY=your_gemini_api_key_here
EXPO_PUBLIC_BACKEND_URL=http://your-backend-url.com/api
- Install backend dependencies (optional, if running the custom CVE database):
cd ../backend
npm install
- Start the Expo development server:
npx expo start
- Scan the QR code generated in your terminal using the Expo Go app on your physical mobile device. (Note: Camera functionality cannot be fully tested on a web emulator).
Educational and Authorized Use Only. Analog Hacker is developed for educational and begineer learning purposes. The creators and contributors are not responsible for any misuse or illegal activities conducted with this tool. Always ensure you have explicit, written permission from the property or hardware owner before scanning or interacting with any physical security systems.
- Agentic Cyber-Defense Integration: Linking physical reconnaissance data with autonomous network defense protocols.
- Offline Mode: Deploying lightweight vision models for scanning in air-gapped or secure facilities without internet access.
- Exportable Reports: Generating automated physical penetration testing deliverables directly from the app.