README.md

June 14, 2026 ยท View on GitHub

Gl4dius icon

Gl4dius

An interactive command-line toolkit for authorized MITM security labs.

License: GPL v3 Java 21 Platform: Linux Ask DeepWiki

Gl4dius terminal screenshot

Overview

Gl4dius gives security learners and researchers a guided shell for controlled network interception exercises. It helps organize repeatable lab sessions, switch between interception modes, manage session settings, and clean up local system changes after a run.

Use Gl4dius only on systems and networks you own or have explicit permission to test. It is intended for isolated labs, training environments, and authorized research.

Highlights

  • Interactive terminal experience with session-based workflows.
  • Session modes for sniffing, defacing, and phishing lab scenarios.
  • Global and per-session configuration commands.
  • Built-in cleanup command for restoring local forwarding and firewall changes.
  • Optional Docker-based development lab with a sample target container.

Features

  • Deface attack on the whole LAN network.
  • Phishing attack.
  • Sniffing attack.
  • SSL downgrade attack, also known as SSL-Stripping.
  • HSTS protection bypass support.
  • Automatic discovery-resistance mode for lab scenarios.

Be careful: there is no guarantee that you will be completely invisible. A skilled defender who understands MITM attacks deeply can still detect suspicious behavior, but Gl4dius is designed to make discovery more challenging in controlled lab exercises.

Requirements

  • Linux
  • Java 21
  • iptables
  • Root or equivalent network administration privileges
  • Docker and Docker Compose, only for the bundled development lab

Quick Start

Build the CLI:

./mvnw clean package

Run it locally:

sudo java -jar cli/target/gl4dius-cli.jar

Or open the bundled development lab:

./misc/installation/dev-env/dev-shell.sh
java -jar gl4dius-cli.jar

Inside the shell, start with:

help
config show
session ls

Basic Workflow

Create a session:

session init --name lab --description "Authorized test environment"
session switch lab

Choose a mode:

session mode sn

Show or update session settings:

session config show
session config set sslstripping false

Start the session on an interface in your authorized lab:

session start --interface eth0 --target-ip 172.28.0.20 --gateway 172.28.0.1

Stop the session and clean up:

session stop
cleanup

Commands

Application

CommandWhat it does
helpShow available shell commands.
clearClear the terminal screen.
exitExit the Gl4dius shell.

Global Configuration

CommandWhat it does
config showShow global settings.
config set <key> <value>Update a global setting.
cleanupRemove leftover local network changes from a previous run.

Common global keys:

KeyMeaning
PPORTProxy server port.
WPORTWeb server port.
SRUStatic resource URI.

Session Management

CommandWhat it does
session init --name <name> --description <text>Create a session.
session lsList sessions.
session get <id-or-name>Show one session.
session edit <id-or-name> --name <name> --description <text>Update a session.
session rm <id-or-name>Delete a session.
session switch <id-or-name>Make a session active.
session exitLeave the current session.

Session Modes

ModeAliasUseful settings
SNIFFINGsnsslstripping
DEFACINGdeftemplate, verbose
PHISHINGphdomain, template, sslstripping, verbose

Set a mode:

session mode sn
session mode def
session mode ph

For template-based modes, point template at an HTML file. In the bundled lab, the sample template is mounted at:

session config set template /home/gl4dius/template/index.html

Session Execution

CommandWhat it does
session start --interface <nic>Start the active session for a lab interface.
session start --interface <nic> --target-ip <ip>Start against a specific authorized lab target.
session start --interface <nic> --target-ip <ip> --target-mac <mac> --gateway <ip>Start with explicit target and gateway details.
session stopStop the active session.

ARP Lab Command

CommandWhat it does
arp poison --interface <nic>Start ARP poisoning in the current authorized lab network.
arp poison --interface <nic> --target-ip <ip> --spoof <ip>Start with explicit target and spoofed address.
arp poison --interface <nic> --daemon trueRun the ARP module in the background.

Development Commands

Run tests:

./mvnw test

Build the project:

./mvnw clean package

Start the app from source:

./mvnw -pl cli spring-boot:run

Start the Docker lab:

./misc/installation/dev-env/dev-shell.sh

Responsible Use

Gl4dius can affect network traffic and host networking state. Keep usage inside networks where you have explicit permission, prefer isolated lab environments, and run session stop followed by cleanup when finished.

Contributing

Bug reports and feature suggestions are welcome through GitHub Issues.

License

Gl4dius is released under the GNU General Public License v3.0.