X.A.N.D.E.R
Xenomorphic Adaptive Network Defense & Emergency Response โ the home sentinel.
Local-first ยท Private by design ยท Watches every device, all the time
In active development โ not yet released
Xenomorphic Adaptive Network Defense & Emergency Response โ the home sentinel.
Local-first ยท Private by design ยท Watches every device, all the time
A guardian that learns your network
and never sends it anywhere.
Xander runs entirely on your own machine. It studies the devices on your network, learns what normal looks like, and raises the alarm when something changes โ without a cloud account, a subscription, or a single byte of your home leaving the house.
Xander sweeps your network on a heartbeat, baselining every device it finds. The simulation below is a small taste โ in the real dashboard you watch live scans, anomalies, and posture shifts as they happen.
| Typical home security | X.A.N.D.E.R |
|---|---|
| Protects one device at a time | Watches the whole network as one organism |
| Static signature lists | Learns a behavioral baseline for every device |
| One fixed sensitivity | Shifts posture as threat pressure rises |
| Cloud accounts & telemetry | Runs entirely on your machine |
| Black-box verdicts | Every action graded, logged, and auditable |
| Acts first, asks never | High-severity actions need approval before they fire |
An ARP and ping sweep finds every device on your network; an Nmap port scan fingerprints the services each one is running. New device on the network? Xander knows within a heartbeat.
Every device gets a behavioral baseline โ its usual open ports, services, uptime, and identity. Detection is statistical, not a fixed list, so it adapts to your home instead of a generic one.
When a device drifts from its baseline โ new ports, unexpected services, a flipped uptime pattern, a spoofed identity โ Xander grades the deviation and rates its severity from info to critical.
Xenomorphic by design: as anomaly pressure rises, Xander tightens from Normal to Vigilant to Lockdown โ scanning more often, raising sensitivity, and demanding approval before it acts.
Free public threat-intelligence feeds flag any device matching a known botnet or criminal netblock. The lists refresh on their own and keep working even when the internet doesn't.
Optional CVE matching checks the exact service versions on your network against known vulnerabilities, graded by severity โ so you learn that the old camera firmware is a real risk, not a guess.
An on-device LLM (via Ollama or LM Studio) reasons about suspicious findings, with a rule-based fallback when it's offline. No cloud keys โ and device names and banners can never trick it into standing down.
A campaign correlator links isolated low-severity events โ repeated probes, a subnet sweep, a multi-stage pattern โ into a single picture, so a slow, quiet attack doesn't slip by one alert at a time.
Sensitive actions like blocking a device run through an approval chain. A dry-run mode lets you watch what it would do before you ever let it touch the network.
Every scan, alert, block, and approval is written to a separate, append-only audit trail โ no edits, no deletes. You can always answer "what did it do, and why?"
A real-time dashboard shows the live alert feed, and high-severity events push to your phone over ntfy or Discord โ so you're warned even when no one's watching the screen.
Plain Python and SQLite, running on a spare PC or a Raspberry Pi. No accounts, no telemetry, no subscription. Your network's data is yours and stays on your hardware.
A defense that always behaves the same way is a defense an attacker can plan around. Xander reads the pressure on your network and changes its own behavior to match โ calmer when all is quiet, relentless when it isn't:
Your home network is a map of your life โ what you own, when you're home, who visits. A tool meant to protect it should never become one more thing watching you. Things Xander will never do:
The sentinel is real and running today โ discovery, behavioral baselines, anomaly scoring, the posture system, threat-intel feeds, local AI analysis, campaign correlation, approval chains, the audit trail, and a live dashboard, with a growing test suite behind every promise on this page. It's part of the Ares Realm family alongside L.U.C.Y and E.E.V.E.E. A public release will come when it's worthy of guarding a home. Until then, the forge is open on Discord.
X.A.N.D.E.R is built by Ares Realm Studios for the people who'll run it on their own networks. Come watch it grow, ask questions, or tell us what your home defense should never do.