nullsec-cloaker

February 27, 2026 · View on GitHub

    ███▄    █  █    ██  ██▓     ██▓      ██████ ▓█████  ▄████▄  
    ██ ▀█   █  ██  ▓██▒▓██▒    ▓██▒    ▒██    ▒ ▓█   ▀ ▒██▀ ▀█  
   ▓██  ▀█ ██▒▓██  ▒██░▒██░    ▒██░    ░ ▓██▄   ▒███   ▒▓█    ▄ 
   ▓██▒  ▐▌██▒▓▓█  ░██░▒██░    ▒██░      ▒   ██▒▒▓█  ▄ ▒▓▓▄ ▄██▒
   ▒██░   ▓██░▒▒█████▓ ░██████▒░██████▒▒██████▒▒░▒████▒▒ ▓███▀ ░
   ░ ▒░   ▒ ▒ ░▒▓▒ ▒ ▒ ░ ▒░▓  ░░ ▒░▓  ░▒ ▒▓▒ ▒ ░░░ ▒░ ░░ ░▒ ▒  ░
   ░ ░░   ░ ▒░░░▒░ ░ ░ ░ ░ ▒  ░░ ░ ▒  ░░ ░▒  ░ ░ ░ ░  ░  ░  ▒   
      ░   ░ ░  ░░░ ░ ░   ░ ░     ░ ░   ░  ░  ░     ░   ░        
      ░   ░    ░   ░       ░       ░         ░     ░   ░ ░      
            ░                          ░    ░           ░        
   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
   █░░░░░░░░░░░░░░░░ C L O A K E R ░░░░░░░░░░░░░░░░░░░░░░░░░░█
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
                       bad-antics

Erlang

Overview

nullsec-cloaker is a process and file cloaking utility written in Erlang. Leverages Erlang's distributed computing and fault-tolerance for resilient stealth operations with self-healing capabilities.

Features

  • 👻 Process Cloaking - Hide processes from system tools
  • 📁 File Cloaking - Make files invisible to standard utilities
  • 🔄 Self-Healing - Automatic respawn using OTP supervisors
  • 🌐 Distributed Mode - Spread across multiple Erlang nodes
  • 🕐 Scheduled Operations - Time-based cloak/uncloak
  • 📡 Remote Control - Inter-node messaging for control

Requirements

  • Erlang/OTP 24+
  • Linux kernel (for rootkit-style features)
  • Root privileges (for some operations)

Installation

# Clone repository
git clone https://github.com/bad-antics/nullsec-cloaker.git
cd nullsec-cloaker

# Compile
erlc cloaker.erl

# Or run with escript
escript cloaker.erl

Usage

# Hide a process
escript cloaker.erl hide_process 1234

# Hide a file
escript cloaker.erl hide_file /path/to/file

# Start distributed mode
escript cloaker.erl start_node cloaker@localhost

# List hidden items
escript cloaker.erl list

# Uncloak all
escript cloaker.erl reveal_all

Options

CommandDescription
hide_process <pid>Cloak a process by PID
hide_file <path>Cloak a file from listing
reveal_process <pid>Uncloak a process
reveal_file <path>Uncloak a file
start_node <name>Start distributed Erlang node
listList all cloaked items
reveal_allUncloak everything

Architecture

Uses Erlang/OTP patterns:

  • gen_server for state management
  • supervisor for fault tolerance
  • distributed Erlang for multi-node operation
  • ETS tables for fast lookups

Cloaking Methods

Process Cloaking

  • Intercepts /proc filesystem reads
  • Modifies process accounting entries
  • Hides from ps, top, htop

File Cloaking

  • Intercepts directory listing syscalls
  • Modifies file system metadata
  • Hides from ls, find, locate

Disclaimer

This tool is intended for authorized security testing and educational purposes only. Unauthorized use for malicious purposes is illegal.

License

NullSec Proprietary License

Author

bad-antics - NullSec Security Team

Part of the NullSec Security Toolkit

GitHub X/Twitter