Installation
April 18, 2026 · View on GitHub
Linux (quick install)
curl -fSL https://raw.githubusercontent.com/gen0sec/synapse/refs/heads/main/install.sh | sh
The installer sets up synapse-agent (agent mode) or synapse-proxy (proxy mode) as a systemd service.
# Start agent (default / firewall-only)
systemctl enable --now synapse-agent
# Or start proxy (full L7 inspection)
systemctl enable --now synapse-proxy
# Reload config at runtime
systemctl kill -s HUP synapse-agent
Configuration file: /etc/synapse/config.yaml
Windows
One-liner (PowerShell 5+, run as Administrator):
iwr -useb https://raw.githubusercontent.com/gen0sec/synapse/main/install.ps1 | iex
Or double-click install.bat (auto-elevates, no PowerShell setup required):
install.bat # interactive
install.bat YOUR-API-KEY # with API key
install.bat /uninstall # remove
Or run install.ps1 directly for full control:
# With API key
powershell -ExecutionPolicy Bypass -File install.ps1 -ApiKey "your-key"
# With eBPF for Windows (XDP/BPF packet filtering)
powershell -ExecutionPolicy Bypass -File install.ps1 -ApiKey "your-key" -WithEBPF
# Without registering as a service
powershell -ExecutionPolicy Bypass -File install.ps1 -NoService
# Uninstall (preserves config and logs)
powershell -ExecutionPolicy Bypass -File install.ps1 -Uninstall
# Uninstall and purge all data
powershell -ExecutionPolicy Bypass -File install.ps1 -Uninstall -PurgeConfig
After install, manage the service:
sc start Synapse
sc stop Synapse
sc control Synapse paramchange # reload config without restart
synapse.exe --terminal # open live TUI dashboard
Config: C:\ProgramData\Gen0Sec\Synapse\config.yaml
Logs: C:\ProgramData\Gen0Sec\Synapse\logs\
On Windows, Synapse runs in agent mode. XDP/eBPF support requires eBPF for Windows v1.1.0+ with test signing enabled (
bcdedit /set testsigning on). Pass-WithEBPFto the installer to download it automatically.
Ansible
git clone https://github.com/gen0sec/synapse.git
cd synapse/moat/ansible
cp hosts.example hosts
# Edit hosts with your server IPs
ansible-playbook playbook.yml -e gen0sec_api_token=your_key_here
The playbook supports Debian/Ubuntu and RedHat/CentOS/Fedora. Optional features: ClamAV, Redis, Fail2Ban.
Full details: ansible/README.md
Kubernetes / Helm
helm repo add gen0sec https://helm.gen0sec.com
helm repo update
helm search repo gen0sec # gen0sec/synapse, gen0sec/synapse-stack
Minimal install:
export ARX_KEY="your-api-key"
helm upgrade --install synapse-stack gen0sec/synapse-stack \
-n synapse --create-namespace \
--set synapse.synapse.server.upstream="http://your-service:8080" \
--set synapse.synapse.arxignis.apiKey="$ARX_KEY"
Wait for rollout:
kubectl -n synapse rollout status deploy/synapse-stack
Full Helm reference: docs/KUBERNETES.md
Docker
docker run \
--cap-add=SYS_ADMIN \
--cap-add=BPF \
--cap-add=NET_ADMIN \
-v /etc/synapse:/etc/synapse \
ghcr.io/gen0sec/synapse:latest \
-c /etc/synapse/config.yaml
Required capabilities:
SYS_ADMIN— eBPF program loadingBPF— BPF map accessNET_ADMIN— XDP attachment and nftables/iptables management
Killercoda playground
Try Synapse in the browser with no installation:
curl -sSL https://raw.githubusercontent.com/gen0sec/synapse/main/scenarios/synapse-operator/synapse.sh \
| bash -s -- --api-key <YOUR_API_KEY>
Daemon mode (Linux background process)
Use daemon mode to run Synapse as a detached background process with privilege dropping:
daemon:
enabled: true
pid_file: "/var/run/synapse.pid"
working_directory: "/"
user: "nobody"
group: "daemon"
chown_pid_file: true
CLI flags:
synapse --daemon \
--daemon-pid-file /var/run/synapse.pid \
--daemon-user nobody \
--daemon-group daemon \
-c /etc/synapse/config.yaml
Signal handling:
# Reload config
kill -HUP $(cat /var/run/synapse.pid)
# Graceful shutdown
kill -TERM $(cat /var/run/synapse.pid)
Environment variables: DAEMON_ENABLED, DAEMON_PID_FILE, DAEMON_WORKING_DIRECTORY, DAEMON_USER, DAEMON_GROUP, DAEMON_CHOWN_PID_FILE.
Full daemon documentation: DAEMON_MODE.md
Building from source
# Clone
git clone https://github.com/gen0sec/synapse.git
cd synapse
# Default build (includes eBPF/XDP + IDS)
cargo build --release
# Run tests
cargo test
Build dependencies (Ubuntu/Debian):
apt-get install clang llvm libelf-dev libssl-dev zlib1g-dev \
libzstd-dev pkg-config libcap-dev binutils-multiarch-dev cmake
See REQUIREMENTS.md for full dependency and platform information.