Free endpoint detection
for small teams

Monitor processes, files, and network connections in real-time. YAML-based detection rules. Web dashboard included. No cloud, no subscription, no data leaving your network.

Stars License Python
pip install psutil flask pyyaml && python guardian.py
๐Ÿ”

Process Monitoring

Detects new processes in real-time. Flags suspicious tooling โ€” Mimikatz, BloodHound, PowerShell encoded commands, and more.

๐Ÿ“

File Monitoring

Watches temp directories and sensitive paths for files created during post-exploitation activity.

๐ŸŒ

Network Visibility

Tracks active outbound connections. See which processes are phoning home to C2 infrastructure.

๐Ÿ“Š

Web Dashboard

Real-time alert dashboard in your browser. Filter by severity, inspect alert details, export findings.

Built-in detection

Mimikatz BloodHound CrackMapExec PowerShell -enc PowerShell IEX AMSI Bypass curl / wget certutil.exe bitsadmin New files in /tmp

Add custom YAML rules in detector/rules/ โ€” no code changes needed.

Usage

# Run with dashboard (default)
python guardian.py

# Run headless (servers)
python guardian.py --headless

# Custom dashboard port
python guardian.py --port 8080

# Run for 60 seconds then exit (test)
python guardian.py --duration 60

Quick install

curl -sL https://raw.githubusercontent.com/gnaixnaij/guardian/main/install.sh | bash

Installs dependencies, downloads Guardian, and shows next steps.

When to use Guardian