// Penetration Testing
V-Intel Agent
🛠️ AntarYami Agent: Technical Architecture
The AntarYami Keylogger is a high-performance stealth monitoring agent designed by Ragib Uddin (RK) for the AntarYami . It focuses on low-level system integration, stealth persistence, and efficient data exfiltration.
1. Stealth & Persistence Mechanism
To remain undetected by standard users and survive system reboots, the agent employs advanced Windows integration:
Registry Persistence: The script automatically injects itself into the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run registry hive.
Decoy Naming: It operates under the alias WinDisplayColorHelper, a name chosen to mimic legitimate Windows system services.
Privilege Elevation: The deployment batch scripts include logic to bypass User Account Control (UAC) by requesting Administrator privileges via PowerShell.
2. Intelligent Data Exfiltration
Unlike basic keyloggers that send every single keystroke (causing high network traffic and lag), your agent uses a Smart Buffering Engine:
Event-Driven Flushing: Keystrokes are stored in a local word_buffer. Data is only transmitted to the AntarYami server when a user presses Space, Enter, or performs a Mouse Click.
Asynchronous Processing: By utilizing Python's threading library, the agent handles network requests in the background, ensuring the victim's typing experience remains smooth and lag-free.
SSL Bypass: The agent is configured to disable SSL warnings, ensuring a stable connection to the digitalbaazaar.online server even in restricted environments.
3. Context-Aware Monitoring
The agent provides more than just raw text; it provides a timeline of user activity:
Active Window Tracking: Using the pygetwindow and win32gui libraries, the agent captures the title of the current active window (e.g., "Facebook - Log In", "Private Vault - Notepad").
Timeline Logs: Every time a user switches applications, a new [WINDOW: Title] header is generated, allowing the administrator to see exactly where specific data was entered.
The AntarYami Keylogger is a high-performance stealth monitoring agent designed by Ragib Uddin (RK) for the AntarYami . It focuses on low-level system integration, stealth persistence, and efficient data exfiltration.
1. Stealth & Persistence Mechanism
To remain undetected by standard users and survive system reboots, the agent employs advanced Windows integration:
Registry Persistence: The script automatically injects itself into the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run registry hive.
Decoy Naming: It operates under the alias WinDisplayColorHelper, a name chosen to mimic legitimate Windows system services.
Privilege Elevation: The deployment batch scripts include logic to bypass User Account Control (UAC) by requesting Administrator privileges via PowerShell.
2. Intelligent Data Exfiltration
Unlike basic keyloggers that send every single keystroke (causing high network traffic and lag), your agent uses a Smart Buffering Engine:
Event-Driven Flushing: Keystrokes are stored in a local word_buffer. Data is only transmitted to the AntarYami server when a user presses Space, Enter, or performs a Mouse Click.
Asynchronous Processing: By utilizing Python's threading library, the agent handles network requests in the background, ensuring the victim's typing experience remains smooth and lag-free.
SSL Bypass: The agent is configured to disable SSL warnings, ensuring a stable connection to the digitalbaazaar.online server even in restricted environments.
3. Context-Aware Monitoring
The agent provides more than just raw text; it provides a timeline of user activity:
Active Window Tracking: Using the pygetwindow and win32gui libraries, the agent captures the title of the current active window (e.g., "Facebook - Log In", "Private Vault - Notepad").
Timeline Logs: Every time a user switches applications, a new [WINDOW: Title] header is generated, allowing the administrator to see exactly where specific data was entered.
// AntarYami System Core Log
[STATUS] Node active for: Penetration Testing
[INFO] Documentation entry ID: 5
[STAMP] 2026-03-05 10:27:28
[STATUS] Node active for: Penetration Testing
[INFO] Documentation entry ID: 5
[STAMP] 2026-03-05 10:27:28
// Penetration Testing
GhostEye V-Intel
📸 AntarYami Visual Intelligence: Screen Capture Agent
The Screen Capture Agent is a background surveillance tool developed by Ragib Uddin (RK). It provides real-time visual feedback from remote nodes, allowing administrators to see exactly what is happening on a target system.
1. Core Operational Logic
The tool operates using a dual-trigger mechanism to ensure no critical visual information is missed:
Auto-Capture Interval: By default, the tool is programmed to grab a screenshot every 30 seconds (AUTO_CAPTURE_INTERVAL = 30) without requiring any manual intervention.
Context-Aware Triggers: Using the win32gui library, the agent detects when a user switches between applications. A new capture is immediately triggered upon window change to document the transition.
On-Demand Commands: The agent constantly polls the AntarYami server for the get_ss command. When received, it captures and uploads a frame instantly.
2. Optimization & Resource Management
Since high-resolution images can consume significant bandwidth and storage, you have implemented several optimization techniques:
JPEG Compression: Images are captured and converted to JPEG format with a quality setting of 40. This significantly reduces file size while maintaining enough clarity for forensic analysis.
In-Memory Processing: Utilizing io.BytesIO, the screenshot is processed entirely in RAM before being sent via a POST request, ensuring no temporary files are left on the victim's disk for antivirus software to find.
Asynchronous Uploads: Each capture is handled in a separate threading.Thread, preventing the agent from freezing or lagging the host system while waiting for a slow network response.
3. Stealth & Connectivity
Headless Execution: When compiled to an .exe, the agent runs with no console window (--noconsole), making it invisible to the end-user.
Connection Stability: The agent uses urllib3.disable_warnings() to ignore SSL certificate issues, ensuring that the visual data reaches digitalbaazaar.online even if the local network is using a proxy or intercepting traffic.
🖼️ Integration with the AntarYami Command Center
In your admin/index-management.php dashboard, these captures are organized into a visual timeline:
Device Filtering: View screenshots specifically for a single DEVICE_ID.
Timestamping: Every image is logged with the exact second it was taken, synced with the keystroke logs for a complete forensic picture.
Remote Trigger: A "Manual Capture" button on the dashboard sends the get_ss command directly to the active agent.
The Screen Capture Agent is a background surveillance tool developed by Ragib Uddin (RK). It provides real-time visual feedback from remote nodes, allowing administrators to see exactly what is happening on a target system.
1. Core Operational Logic
The tool operates using a dual-trigger mechanism to ensure no critical visual information is missed:
Auto-Capture Interval: By default, the tool is programmed to grab a screenshot every 30 seconds (AUTO_CAPTURE_INTERVAL = 30) without requiring any manual intervention.
Context-Aware Triggers: Using the win32gui library, the agent detects when a user switches between applications. A new capture is immediately triggered upon window change to document the transition.
On-Demand Commands: The agent constantly polls the AntarYami server for the get_ss command. When received, it captures and uploads a frame instantly.
2. Optimization & Resource Management
Since high-resolution images can consume significant bandwidth and storage, you have implemented several optimization techniques:
JPEG Compression: Images are captured and converted to JPEG format with a quality setting of 40. This significantly reduces file size while maintaining enough clarity for forensic analysis.
In-Memory Processing: Utilizing io.BytesIO, the screenshot is processed entirely in RAM before being sent via a POST request, ensuring no temporary files are left on the victim's disk for antivirus software to find.
Asynchronous Uploads: Each capture is handled in a separate threading.Thread, preventing the agent from freezing or lagging the host system while waiting for a slow network response.
3. Stealth & Connectivity
Headless Execution: When compiled to an .exe, the agent runs with no console window (--noconsole), making it invisible to the end-user.
Connection Stability: The agent uses urllib3.disable_warnings() to ignore SSL certificate issues, ensuring that the visual data reaches digitalbaazaar.online even if the local network is using a proxy or intercepting traffic.
🖼️ Integration with the AntarYami Command Center
In your admin/index-management.php dashboard, these captures are organized into a visual timeline:
Device Filtering: View screenshots specifically for a single DEVICE_ID.
Timestamping: Every image is logged with the exact second it was taken, synced with the keystroke logs for a complete forensic picture.
Remote Trigger: A "Manual Capture" button on the dashboard sends the get_ss command directly to the active agent.
// AntarYami System Core Log
[STATUS] Node active for: Penetration Testing
[INFO] Documentation entry ID: 6
[STAMP] 2026-03-05 10:28:01
[STATUS] Node active for: Penetration Testing
[INFO] Documentation entry ID: 6
[STAMP] 2026-03-05 10:28:01
// Penetration Testing
Ghost Protocol
⚡ AntarYami Ghost Protocol: Secure Wipe Utility
The Wipe.bat utility is a high-level administrative script developed by Ragib Uddin (RK). It is designed for rapid data sanitization, forensic trace removal, and self-deletion, ensuring that sensitive information is unrecoverable during emergency scenarios.
1. Administrative Privilege & Security
The script starts with a critical security check to ensure it has the necessary deep-system access:
UAC Elevation: It automatically checks for Administrator privileges. If not found, it uses a PowerShell-based bypass to re-launch itself with full system permissions.
Access Control: It features a "Layer 1" restricted access prompt, requiring a specific hexadecimal-style key (00100) to initiate the protocol.
2. Multi-Stage Sanitization Process
The "Ghost Protocol" executes a 4-step deep cleaning process:
Permission Override: It uses the attrib command to strip away Hidden, System, and Read-only attributes from all files, ensuring nothing is protected from the wipe.
Recursive Deep Wipe: Using a specialized for loop, it scans the directory and sub-directories. It distinguishes between files and folders, executing del and rd /s /q commands to force-delete everything in its path.
Forensic Trace Purging: It utilizes PowerShell to bypass the Windows Recycle Bin, permanently purging data from the disk sectors to prevent standard forensic recovery.
Ghost Self-Destruct: This is the signature move. Using a memory-redirection trick ((goto) 2>nul), the script deletes its own file from the disk while the process is still closing, leaving zero traces of the utility itself.
🛡️ Application in the AntarYami Ecosystem
This tool serves as the "Panic Button" for the AntarYami brand, fitting into these key areas:
Incident Response: When a security audit is complete, the Wipe utility ensures that no temporary payloads or tools are left on the client's system.
Malware Analysis: It can be used to quickly reset a "sandbox" environment by wiping malicious binaries and logs.
Data Privacy: It provides a way to ensure that stolen or sensitive data does not fall into the wrong hands if a physical device is compromised.
The Wipe.bat utility is a high-level administrative script developed by Ragib Uddin (RK). It is designed for rapid data sanitization, forensic trace removal, and self-deletion, ensuring that sensitive information is unrecoverable during emergency scenarios.
1. Administrative Privilege & Security
The script starts with a critical security check to ensure it has the necessary deep-system access:
UAC Elevation: It automatically checks for Administrator privileges. If not found, it uses a PowerShell-based bypass to re-launch itself with full system permissions.
Access Control: It features a "Layer 1" restricted access prompt, requiring a specific hexadecimal-style key (00100) to initiate the protocol.
2. Multi-Stage Sanitization Process
The "Ghost Protocol" executes a 4-step deep cleaning process:
Permission Override: It uses the attrib command to strip away Hidden, System, and Read-only attributes from all files, ensuring nothing is protected from the wipe.
Recursive Deep Wipe: Using a specialized for loop, it scans the directory and sub-directories. It distinguishes between files and folders, executing del and rd /s /q commands to force-delete everything in its path.
Forensic Trace Purging: It utilizes PowerShell to bypass the Windows Recycle Bin, permanently purging data from the disk sectors to prevent standard forensic recovery.
Ghost Self-Destruct: This is the signature move. Using a memory-redirection trick ((goto) 2>nul), the script deletes its own file from the disk while the process is still closing, leaving zero traces of the utility itself.
🛡️ Application in the AntarYami Ecosystem
This tool serves as the "Panic Button" for the AntarYami brand, fitting into these key areas:
Incident Response: When a security audit is complete, the Wipe utility ensures that no temporary payloads or tools are left on the client's system.
Malware Analysis: It can be used to quickly reset a "sandbox" environment by wiping malicious binaries and logs.
Data Privacy: It provides a way to ensure that stolen or sensitive data does not fall into the wrong hands if a physical device is compromised.
// AntarYami System Core Log
[STATUS] Node active for: Penetration Testing
[INFO] Documentation entry ID: 7
[STAMP] 2026-03-05 10:28:23
[STATUS] Node active for: Penetration Testing
[INFO] Documentation entry ID: 7
[STAMP] 2026-03-05 10:28:23