// the find
lukeswitz/AntiHunter
AntiHunter Perimeter Defense Systems - DIGI Node Firmware
AntiHunter is ESP32-S3 firmware for a distributed wireless sensor node that does passive WiFi/BLE monitoring, drone Remote ID detection, and attacker-tool fingerprinting over a LoRa mesh. It's aimed at physical security teams, pentesters doing wireless audits, and OPSEC-conscious operators who want to detect surveillance before it detects them. You need to build or buy the hardware — this isn't a software-only tool.
The Sentinel counterintel engine is the most technically interesting part: it detects specific attack tools (airgeddon, bettercap, wifite, etc.) by frame signatures plus behavioral fallbacks, so it survives template changes. The MAC randomization correlation using IE fingerprinting, sequence number analysis, and timing patterns is genuinely hard to implement well and they've shipped it. The mesh architecture is sensible — nodes are independent, coordinate over Meshtastic LoRa, and the triangulation with Kalman filtering is a reasonable approach for RSSI-based location without dedicated hardware. CI includes PlatformIO builds, CodeQL, and a linter, which is more rigor than most ESP32 projects bother with.
The code is split into full/headless variants with duplicated source files rather than a shared library with compile flags — that's a maintenance debt that will cause subtle divergence bugs over time. Several detection methods are marked experimental with hardware testing pending, but the README presents them all in the same table without clearly differentiating confidence levels. Triangulation is inherently unreliable with RSSI on consumer WiFi in anything but open sky, and the path loss table with fixed 'n' values will mislead users into trusting coordinates that are meters off in anything but ideal conditions. The default AP password hardcoded in the README ('antihunt3r123') will get left in place by most deployers.