dereeqw

dereeqw / BerrySentinel

Public

Berry Sentinel v5.0 — Advanced behavioral C2 and reverse shell detector for Linux/Windows/Unix systems. Features real-time connection analysis, heuristic scoring, C2 framework signature detection, beacon interval analysis, and an interactive curses-based TUI with process kill engine.

anomaly-detection behavioral-analysis blue-team c2-detection cybersecurity
10
0
100% credibility
Found Mar 03, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

BerrySentinel is a real-time monitor that scans network connections for signs of malware command-and-control activity and allows users to investigate and terminate suspicious processes.

How It Works

1
🕵️ Discover BerrySentinel

You hear about a simple watchdog program that keeps an eye on your computer's internet chats to spot sneaky hackers.

2
📥 Grab and Start It

Download one easy file and launch it right away to begin watching your connections live.

3
📱 See the Live Dashboard

A colorful screen pops up showing all active internet links with safety scores and alerts.

4
🚨 Spot a Potential Threat

Red flags light up for suspicious chats, like hidden remote controls trying to sneak in.

5
🔍 Dive In and Act

Use arrow keys to check details, then safely stop any bad programs with a simple command.

🛡️ Stay Safe and Secure

Breathe easy as your computer is now guarded, with logs saved to review anytime.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is BerrySentinel?

BerrySentinel is a Python-based detector that scans active network connections across Linux, Windows, macOS, and even Android/Termux systems to uncover behavioral signs of C2 beacons, reverse shells, and RATs like Meterpreter or Cobalt Strike. It scores connections using heuristics—no AV signatures or IP blocklists needed—spotting suspicious stdin-to-socket redirects, beacon intervals, or script interpreters phoning home. Run it via a curses-based TUI for real-time monitoring, process killing, and JSON logging, or fire it up one-liner with curl for quick checks.

Why is it gaining traction?

Unlike traditional tools relying on static IOCs, BerrySentinel's advanced behavioral analysis catches zero-days through process patterns, deep memory scans (with root), and 14+ C2 framework signatures, all in a lightweight package using mostly Python stdlib (psutil optional). The interactive TUI with severity filters, whitelists, and one-keystroke kills feels snappy for live hunting, while cross-platform bulletproof collection from ss, netstat, or lsof ensures it works anywhere. Developers dig the exportable JSONL for jq/ELK pipelines and easy customization for custom signatures.

Who should use this?

Server admins securing prod Linux boxes against persistent beacons, red teamers validating implants on test VMs, or Termux power users monitoring mobile compromises. Ideal for SecOps folks scripting automated alerts or pentesters needing portable connection analysis during engagements.

Verdict

Grab it for quick behavioral detection if you're on supported platforms—solid docs and CLI options make it usable out of the gate, despite 10 stars and a 1.0% credibility score signaling early maturity. Test thoroughly before prod; pair with established tools for high-stakes environments.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.