Uncensored AI on the command line. Pipe code, binaries, obfuscated JS, packet captures — anything — through Aether and get a real answer back.
npx aether-cli ask "walk me through the EAC anti-debug detection chain"
echo "obfuscated_code" | npx aether-cli deobf
npx aether-cli explain ./decompiled.c --lang "Hex-Rays C from IDA"
cat shellcode.bin | xxd | npx aether-cli identifyPairs with aether-mcp (IDE integration via Model Context Protocol) and the aether-devtools browser extension. Same API key works across all three.
# One-off (recommended)
npx aether-cli ask "your question"
# Or install globally
npm install -g aether-cli
aether ask "your question"Requires Node 18+ (uses built-in fetch). Zero runtime dependencies.
- Generate an API key at trynoguard.com/account — keys start with
ak_live_. - Save it:
aether config set ak_live_your_key_here
# or via env:
export AETHER_API_KEY=ak_live_your_key_hereThe config file lives at ~/.aetherrc and is created with mode 0600 (user-only read).
aether ask "what does this CVE actually do?"
echo "explain GOT/PLT in 100 words" | aether askCleans Obfuscator.io / JScrambler / custom packers. Outputs readable JS + analysis.
aether deobf ./bundle.min.js
curl -s https://target.com/main.js | aether deobfSource files, decompiled C, Hex-Rays output — anything.
aether explain ./decompiled.c --lang "Hex-Rays C from IDA"aether disasm ./dump.asm --arch x64
objdump -d ./binary | aether disasm --arch x64Architectures: x86, x64, arm, arm64, mips, ppc, auto.
Names what something IS — packers, anti-cheat techniques, crypto algorithms, malware families, anti-VM, anti-debug.
aether identify ./suspicious.bin --hint "Windows x64 packed binary"
xxd shellcode.bin | aether identifyaether balanceAether
────────────────────────────────────────
Plan PRO
Balance 8,247 credits
plan 7,500
topup 747
Rate 12/1000 this hour
aether config set ak_live_xxx # save API key
aether config set-base https://... # override base URL (rarely needed)
aether config show # show current config
aether config path # print config file path| Flag | Effect |
|---|---|
--hint <text> |
Optional model hint (target product, architecture, etc.) |
--lang <text> |
Language hint for explain |
--arch <a> |
Architecture for disasm |
--raw |
Print raw output only — no headers, no metadata. Pipe-friendly. |
--json |
Print full API response as JSON. |
Web RE — pull and clean a target's bundle:
curl -s https://target.com/static/js/main.abc123.js | aether deobf > main.clean.jsQuick CVE explanation:
aether ask "walk me through CVE-2026-12345 from first principles"Pipe shellcode for identification:
xxd ./shellcode.bin | aether identify --hint "Windows x64 reverse shell"Identify what a packer is:
strings ./suspicious.exe | head -50 | aether identifyGet just the cleaned code, no commentary, into a file:
cat obfuscated.js | aether deobf --raw > clean.jsPipe the JSON output through jq:
aether explain ./code.c --json | jq -r '.text'- The CLI talks only to
trynoguard.com(configurable viaAETHER_BASE_URL). - Your API key is stored in
~/.aetherrcwith0600perms. Treat it like an SSH key. - No telemetry, no analytics, no error reporting.
- Source is plain ES modules, no minification, no bundling — read it before you trust it.
MIT — see LICENSE.
- aether-mcp — Model Context Protocol server. Adds 11 Aether tools to Claude Desktop, Cursor, Cline, Zed.
- aether-devtools — Browser extension. Right-click any JS, request, or selection in DevTools → analyze in Aether.
- trynoguard.com/learn — Free articles on RE, security, and AI tooling.
- trynoguard.com/prompts — Curated prompt library.