{"id":43334251,"url":"https://github.com/anonvector/slipnet","last_synced_at":"2026-04-18T13:05:37.828Z","repository":{"id":335930564,"uuid":"1147541225","full_name":"anonvector/SlipNet","owner":"anonvector","description":"Android VPN client with DNS tunneling (DNSTT, NoizDNS \u0026 Slipstream), NaiveProxy, SSH, Tor, and DoH support — featuring a built-in DNS scanner.","archived":false,"fork":false,"pushed_at":"2026-03-07T00:55:34.000Z","size":130043,"stargazers_count":376,"open_issues_count":6,"forks_count":30,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-03-07T01:41:43.788Z","etag":null,"topics":["android","dnstt","kotlin","slipstream","tunneling"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/anonvector.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-01T22:36:34.000Z","updated_at":"2026-03-07T01:05:43.000Z","dependencies_parsed_at":null,"dependency_job_id":"55e28073-3edb-4104-8756-5fc128558cd3","html_url":"https://github.com/anonvector/SlipNet","commit_stats":null,"previous_names":["anonvector/slipnet","blackjack45784/slipnet"],"tags_count":35,"template":false,"template_full_name":null,"purl":"pkg:github/anonvector/SlipNet","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anonvector%2FSlipNet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anonvector%2FSlipNet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anonvector%2FSlipNet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anonvector%2FSlipNet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/anonvector","download_url":"https://codeload.github.com/anonvector/SlipNet/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anonvector%2FSlipNet/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30367798,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T21:41:54.280Z","status":"online","status_checked_at":"2026-03-11T02:00:07.027Z","response_time":84,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","dnstt","kotlin","slipstream","tunneling"],"created_at":"2026-02-02T00:22:14.835Z","updated_at":"2026-04-18T13:05:37.820Z","avatar_url":"https://github.com/anonvector.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SlipNet\n\n\u003e **⚠️ NOTICE:** This project is protected under the [SlipNet Source-Available License](LICENSE). You may **not** copy, redistribute, or publish this app — in source or binary form — on **any** app store, website, or platform. You may **not** use the SlipNet name, logo, or any part of the code in your own projects. Violations will result in a **DMCA takedown** and may lead to the **permanent suspension of your account**.\n\n\u003e **SlipNet is NOT available on any app store.** Any version you find on Google Play, the Apple App Store, or any other marketplace is **not published by us** and may be outdated, modified, or unsafe. The only official sources are this GitHub repository and our [Telegram channel](https://t.me/SlipNet_app).\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"imgs/icon.png\" alt=\"SlipNet Logo\" width=\"200\"\u003e\n\u003c/p\u003e\n\nA fast, modern VPN client featuring DNS tunneling with support for multiple protocols. Available as an Android app (Jetpack Compose + Kotlin) and a cross-platform CLI client (Go).\n\n\u003e **This is a legitimate source-available anti-censorship tool** designed to help users in countries with internet censorship access the free internet. It is comparable to [Tor](https://www.torproject.org/), [Psiphon](https://psiphon.ca/), [Outline VPN](https://getoutline.org/) (Google Jigsaw), and [dnstt](https://www.bamsoftware.com/software/dnstt/). This project does not target, exploit, or attack any systems — it is a client-side privacy tool used voluntarily by end users.\n\n## Donate\n\nIf you want to support development:\n\n- **BEP-20 / ERC-20 / Arbitrum**: `0xd4140058389572D50dC8716e768e687C050Dd5C9`\n- **Monero (XMR)**: `48wa9asF4AdZCq8KvPqBmqN3s98XFQ2MG7pL8MY6hAc6ZXBd8D61LArebdmAwCk5jBBbR2BuiHkSraEYFhx5AdDqLxDB4GU`\n\n## Community\n\nJoin our Telegram channel for updates, support, and discussions:\n\n[![Telegram](https://img.shields.io/badge/Telegram-@SlipNet__app-blue?logo=telegram)](https://t.me/SlipNet_app)\n\n## Tunnel Types\n\nSlipNet supports multiple tunnel types with optional SSH chaining:\n\n| Tunnel Type | Protocol | Description |\n|-------------|----------|-------------|\n| **DNSTT** | KCP + Noise | Stable and reliable DNS tunneling |\n| **DNSTT + SSH** | KCP + Noise + SSH | DNSTT with SSH chaining for zero DNS leaks |\n| **NoizDNS** | KCP + Noise | DPI-resistant DNS tunneling |\n| **NoizDNS + SSH** | KCP + Noise + SSH | NoizDNS with SSH chaining |\n| **VayDNS** | KCP + Noise | Optimized DNS tunneling with configurable wire format |\n| **VayDNS + SSH** | KCP + Noise + SSH | VayDNS with SSH chaining |\n| **Slipstream** | QUIC | High-performance QUIC tunneling |\n| **Slipstream + SSH** | QUIC + SSH | Slipstream with SSH chaining |\n| **SSH** | SSH | Standalone SSH tunnel (no DNS tunneling) |\n| **NaiveProxy** | HTTPS (Chromium) | HTTPS tunnel with authentic Chrome TLS fingerprinting |\n| **NaiveProxy + SSH** | HTTPS + SSH | NaiveProxy with SSH chaining for extra encryption |\n| **DOH** | DNS over HTTPS | DNS-only encryption via HTTPS (RFC 8484) |\n| **Tor** | Tor Network | Connect via Tor with Snowflake, obfs4, Meek, or custom bridges |\n\n**Note:** DNSTT is the default and recommended tunnel type for most users. NoizDNS adds DPI resistance on top of DNSTT for censored networks. VayDNS offers an optimized wire format with configurable QNAME lengths, record types, and rate limiting. SSH variants add an extra layer of encryption and can prevent DNS leaks.\n\n## Features\n\n- **Modern UI**: Built entirely with Jetpack Compose and Material 3 design\n- **Multiple Tunnel Types**: DNSTT, NoizDNS, VayDNS, Slipstream, SSH, NaiveProxy, DOH, and Tor with optional SSH chaining\n- **NoizDNS**: DPI-resistant DNS tunneling with optional stealth mode\n- **VayDNS**: Optimized DNS tunneling with configurable wire format, record types, QNAME lengths, and rate limiting\n- **SSH Tunneling**: Chain SSH through DNSTT, NoizDNS, VayDNS, Slipstream, or NaiveProxy, or use standalone SSH\n- **SSH over TLS**: Wrap SSH in TLS with custom SNI for domain fronting and DPI bypass\n- **SSH over WebSocket**: Tunnel SSH through WebSocket (ws/wss) for CDN-based proxying (Cloudflare, etc.)\n- **SSH over HTTP CONNECT**: Route SSH through HTTP CONNECT proxies with custom Host headers\n- **SSH Payload Injection**: Send raw bytes before SSH handshake to disguise traffic for DPI bypass\n- **NaiveProxy**: Chromium-based HTTPS tunnel with authentic TLS fingerprinting to evade DPI\n- **DNS over HTTPS**: Encrypt DNS queries via HTTPS without tunneling other traffic\n- **DNS Transport Selection**: Choose UDP, DoT, or DoH for DNSTT DNS resolution\n- **SSH Cipher Selection**: Choose between AES-128-GCM, ChaCha20, and AES-128-CTR\n- **DNS Server Scanning**: Automatically discover and test compatible DNS servers with EDNS probing, NXDOMAIN hijacking detection, and country-based IP range scanning\n- **Multiple Profiles**: Create and manage multiple server configurations\n- **Configurable Proxy**: Set custom listen address and port\n- **Quick Settings Tile**: Toggle VPN connection directly from the notification shade\n- **Auto-connect on Boot**: Optionally reconnect VPN when device starts\n- **APK Sharing**: Share the app via Bluetooth or other methods in case of internet shutdowns\n- **Debug Logging**: Toggle detailed traffic logs for troubleshooting\n- **Dark Mode**: Full support for system-wide dark theme\n\n## Server Setup\n\nTo use this client, you must have a compatible server. Please configure your server using one of the following deployment scripts:\n\n**NoizDNS (recommended for censored networks):**\n[**noizdns-deploy**](https://github.com/anonvector/noizdns-deploy) — One-click NoizDNS server with interactive management menu. Auto-detects both DNSTT and NoizDNS clients.\n\n**DNSTT + Slipstream (combined):**\n[**dnstm**](https://github.com/net2share/dnstm) — DNS Tunnel Manager supporting both Slipstream and DNSTT with SOCKS5, SSH, and Shadowsocks backends\n\n**DNSTT**:\n[**dnstt-deploy**](https://github.com/bugfloyd/dnstt-deploy)\n\n**Slipstream:**\n[**slipstream-rust-deploy**](https://github.com/AliRezaBeigy/slipstream-rust-deploy)\n\n**NaiveProxy:**\n[**slipgate**](https://github.com/anonvector/slipgate)\n\n## Screenshots\n\n### Current UI (v1.9+)\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"imgs/screenshot_3_3.jpg\" alt=\"Home Screen\" width=\"250\"\u003e\n  \u0026nbsp;\u0026nbsp;\n  \u003cimg src=\"imgs/screenshot_2_2.jpg\" alt=\"Tunnel Types\" width=\"250\"\u003e\n  \u0026nbsp;\u0026nbsp;\n  \u003cimg src=\"imgs/screenshot_1_1.jpg\" alt=\"Settings\" width=\"250\"\u003e\n\u003c/p\u003e\n\n### Legacy UI (pre-v1.9)\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"imgs/screenshot_1.jpg\" alt=\"Home Screen\" width=\"250\"\u003e\n  \u0026nbsp;\u0026nbsp;\n  \u003cimg src=\"imgs/screenshot_2.jpg\" alt=\"Tunnel Types\" width=\"250\"\u003e\n  \u0026nbsp;\u0026nbsp;\n  \u003cimg src=\"imgs/screenshot_3.jpg\" alt=\"Settings\" width=\"250\"\u003e\n\u003c/p\u003e\n\n## Requirements\n\n### Android App\n- Android 7.0 (API 24) or higher\n- Android Studio Hedgehog (2023.1.1) or later\n- JDK 17\n- Rust toolchain (for building the native library)\n- Android NDK 29\n\n### CLI Client\n- Go 1.24+ (auto-downloaded via GOTOOLCHAIN if needed)\n- No external dependencies — fully self-contained (native Go SSH, no `ssh`/`sshpass` binaries needed)\n\n## Building (Android)\n\n### Prerequisites\n\n1. **Install Rust**\n   ```bash\n   curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh\n   ```\n\n2. **Add Android targets**\n   ```bash\n   rustup target add aarch64-linux-android armv7-linux-androideabi i686-linux-android x86_64-linux-android\n   ```\n\n3. **Set up OpenSSL for Android**\n\n   OpenSSL will be automatically downloaded when you build for the first time. You can also set it up manually:\n   ```bash\n   ./gradlew setupOpenSsl\n   ```\n\n   This will download pre-built OpenSSL libraries or build from source if the download fails. OpenSSL files will be installed to `~/android-openssl/android-ssl/`.\n\n   To verify your OpenSSL setup:\n   ```bash\n   ./gradlew verifyOpenSsl\n   ```\n\n### Build Steps\n\n1. **Clone the repository**\n   ```bash\n   git clone https://github.com/anonvector/SlipNet.git\n   cd SlipNet\n   ```\n\n2. **Initialize submodules**\n   ```bash\n   git submodule update --init --recursive\n   ```\n\n3. **Build the project**\n   ```bash\n   ./gradlew assembleDebug\n   ```\n\n   Or open the project in Android Studio and build from there.\n\n## CLI Client\n\nSlipNet includes a cross-platform CLI client for **macOS**, **Linux**, and **Windows**. It supports DNSTT, NoizDNS, VayDNS, SSH, and SOCKS5 tunnel types. It connects using a `slipnet://` config URI and starts a local SOCKS5 proxy. For a GUI alternative, see [SlipStreamGUI](https://github.com/mirzaaghazadeh/SlipStreamGUI).\n\n### Download\n\nPre-built binaries are available on the Releases page:\n\n| Platform | Binary |\n|----------|--------|\n| macOS (Apple Silicon) | `slipnet-darwin-arm64` |\n| macOS (Intel) | `slipnet-darwin-amd64` |\n| Linux (x64) | `slipnet-linux-amd64` |\n| Linux (ARM64) | `slipnet-linux-arm64` |\n| Windows (x64) | `slipnet-windows-amd64.exe` |\n\n### CLI Usage\n\n```bash\n# Basic usage — auto-detects server if DNS delegation isn't set up\n./slipnet 'slipnet://BASE64...'\n\n# Specify a custom DNS resolver\n./slipnet --dns 1.1.1.1 'slipnet://BASE64...'\n\n# Use a custom local proxy port\n./slipnet --port 9050 'slipnet://BASE64...'\n\n# Limit DNS query size (smaller = stealthier, slower)\n# Presets: 100 (large), 80 (medium), 60 (small), 50 (minimum)\n./slipnet --max-query-size 80 'slipnet://BASE64...'\n\n# Randomize query size with padding (e.g. 50–70 byte queries)\n./slipnet --max-query-size 50 --query-padding 20 'slipnet://BASE64...'\n\n# Show version\n./slipnet --version\n```\n\nOnce connected, configure your apps to use the SOCKS5 proxy:\n\n```bash\n# Test with curl\ncurl --socks5-hostname 127.0.0.1:1080 https://ifconfig.me\n\n# If the server requires SOCKS5 authentication (username:password)\ncurl --socks5-hostname user:pass@127.0.0.1:1080 https://ifconfig.me\n\n# Firefox: Settings → Network → SOCKS5 proxy: 127.0.0.1:1080\n#          Check \"Proxy DNS when using SOCKS v5\"\n\n# Chrome (launch with proxy flag):\ngoogle-chrome --proxy-server=\"socks5://127.0.0.1:1080\"\n```\n\nThe CLI auto-detects when DNS delegation isn't available and falls back to connecting directly to the server via its NS record.\n\n### Tunnel Types \u0026 Transport Guide\n\nAll transport settings (TLS, WebSocket, HTTP CONNECT, payload) are embedded in the `slipnet://` config URI exported from the app. The CLI auto-detects the tunnel type and transport — no extra flags needed.\n\n#### DNS Tunnels (DNSTT, NoizDNS, VayDNS)\n\nDNS tunnels encode traffic in DNS queries. The config specifies the tunnel type, and the CLI handles everything automatically.\n\n```bash\n# DNSTT — reliable DNS tunneling (default)\n./slipnet 'slipnet://BASE64...'\n\n# NoizDNS — DPI-resistant DNS tunneling\n./slipnet 'slipnet://BASE64...'\n\n# VayDNS — optimized wire format with configurable record types and QNAME\n./slipnet 'slipnet://BASE64...'\n\n# Override DNS resolver (useful when ISP blocks certain resolvers)\n./slipnet --dns 1.1.1.1 'slipnet://BASE64...'\n\n# Connect directly to server (bypass recursive resolvers)\n./slipnet --direct 'slipnet://BASE64...'\n\n# Override uTLS fingerprint for DoH/DoT transports\n./slipnet --utls Chrome_120 'slipnet://BASE64...'\n\n# Limit query size for restrictive networks\n./slipnet --max-query-size 80 'slipnet://BASE64...'\n```\n\n#### DNS + SSH Tunnels (DNSTT+SSH, NoizDNS+SSH, VayDNS+SSH)\n\nSSH is chained through the DNS tunnel for an extra layer of encryption and zero DNS leaks.\n\n```bash\n# DNS tunnel carries raw SSH — all settings from config\n./slipnet 'slipnet://BASE64...'\n\n# Override port and DNS resolver\n./slipnet --port 9050 --dns 8.8.8.8 'slipnet://BASE64...'\n```\n\n#### Standalone SSH Tunnel\n\nConnects directly via SSH and runs a SOCKS5 proxy through the SSH session. No external `ssh` or `sshpass` binaries needed — uses native Go SSH.\n\n```bash\n# Plain SSH — credentials and host from config\n./slipnet 'slipnet://BASE64...'\n\n# Custom local port\n./slipnet --port 9050 'slipnet://BASE64...'\n```\n\n#### SSH over TLS (stunnel-style)\n\nThe config enables TLS wrapping with a custom SNI hostname. The CLI wraps the SSH connection in TLS automatically — useful for bypassing DPI that blocks SSH.\n\n```bash\n# Config has sshTlsEnabled=true, sshTlsSni=cdn.example.com\n# CLI auto-detects and wraps SSH in TLS\n./slipnet 'slipnet://BASE64...'\n```\n\nConnection flow: `TCP → TLS (custom SNI) → SSH → SOCKS5`\n\n#### SSH over HTTP CONNECT Proxy\n\nRoutes SSH through an HTTP CONNECT proxy. Supports custom Host headers for CDN-based facades.\n\n```bash\n# Config has sshHttpProxyHost, sshHttpProxyPort, optional custom Host header\n./slipnet 'slipnet://BASE64...'\n```\n\nConnection flow: `TCP → HTTP CONNECT tunnel → (optional TLS) → SSH → SOCKS5`\n\n#### SSH over WebSocket\n\nTunnels SSH through a WebSocket connection. Compatible with CDN WebSocket proxies (Cloudflare Workers, xray, wstunnel, websockify, etc.).\n\n```bash\n# Config has sshWsEnabled=true, sshWsPath, sshWsUseTls, optional custom Host\n./slipnet 'slipnet://BASE64...'\n```\n\nConnection flow (wss): `TCP → TLS → WebSocket upgrade → WS frames → SSH → SOCKS5`\nConnection flow (ws): `TCP → WebSocket upgrade → WS frames → SSH → SOCKS5`\n\n#### SSH with Payload (DPI Bypass)\n\nSends raw bytes before the SSH handshake to disguise the initial connection. The payload supports placeholders that are resolved at connect time.\n\n```bash\n# Config has sshPayload with template like \"GET / HTTP/1.1\\r\\nHost: [host]\\r\\n\\r\\n\"\n./slipnet 'slipnet://BASE64...'\n```\n\nConnection flow: `TCP → raw payload bytes → (optional TLS) → SSH → SOCKS5`\n\nSupported placeholders: `[host]` (SSH server), `[port]` (SSH port), `[crlf]` (`\\r\\n`), `[cr]` (`\\r`), `[lf]` (`\\n`)\n\n#### Direct SOCKS5\n\nForwards to a remote SOCKS5 proxy (e.g., microsocks on the server) via SSH port forwarding.\n\n```bash\n# Config has tunnel type \"socks5\" or \"direct_socks\"\n./slipnet 'slipnet://BASE64...'\n```\n\n### Scanner\n\nThe CLI includes a built-in DNS scanner with multiple scan modes:\n\n#### DNS Scan\n\nTests resolvers for DNS tunnel compatibility using EDNS probing, NXDOMAIN hijacking detection, and latency measurement. Each resolver gets a score from 0–6.\n\n```bash\n# Scan with a file of resolver IPs\n./slipnet scan --domain t.example.com --ips resolvers.txt\n\n# Scan a single IP\n./slipnet scan --domain t.example.com --ip 8.8.8.8\n\n# Use the built-in resolver list\n./slipnet scan --domain t.example.com\n```\n\n#### DNS Scan + E2E\n\nRuns DNS scanning and automatically feeds resolvers meeting the score threshold into end-to-end tunnel tests. Each E2E test starts a real tunnel through the resolver and makes an HTTP request.\n\n```bash\n# Using a slipnet:// config (auto-extracts domain, pubkey, and mode)\n./slipnet scan --config 'slipnet://BASE64...' --ips resolvers.txt\n\n# Manual domain + pubkey\n./slipnet scan --domain t.example.com --ips resolvers.txt --e2e --pubkey HEXKEY\n\n# With NoizDNS mode\n./slipnet scan --domain t.example.com --ips resolvers.txt --e2e --pubkey HEXKEY --noizdns\n\n# With VayDNS mode\n./slipnet scan --domain t.example.com --ips resolvers.txt --e2e --pubkey HEXKEY --vaydns\n```\n\n#### E2E Test Only\n\nSkips the DNS scan entirely and runs E2E tunnel tests directly on the provided resolvers. Useful when you already have a list of known-good resolvers and want to verify tunnel connectivity.\n\n```bash\n# Using a slipnet:// config\n./slipnet scan --config 'slipnet://BASE64...' --ips resolvers.txt --e2e-only\n\n# Manual domain + pubkey\n./slipnet scan --domain t.example.com --pubkey HEXKEY --ips resolvers.txt --e2e-only\n\n# With custom concurrency and timeout\n./slipnet scan --config 'slipnet://BASE64...' --ips resolvers.txt --e2e-only --e2e-concurrency 20 --e2e-timeout 20000\n```\n\n#### Prism (Server-Verified Scan)\n\nSends HMAC-authenticated probes to verify that the tunnel server is genuine. Requires [SlipGate](https://github.com/anonvector/slipgate) running on the server.\n\n```bash\n# Using a slipnet:// config\n./slipnet scan --config 'slipnet://BASE64...' --ips resolvers.txt --verify\n\n# Manual domain + pubkey with custom probe settings\n./slipnet scan --domain t.example.com --pubkey HEXKEY --ips resolvers.txt --verify --rounds 5 --threshold 2\n```\n\n### Interactive Mode\n\nRunning `./slipnet` with no arguments launches an interactive menu with all modes accessible via numbered options:\n\n```\n  1) Connect (DNSTT / NoizDNS / VayDNS / Slipstream)\n  2) DNS Scanner\n  3) DNS Scanner + E2E Test\n  4) Quick Scan (single IP)\n  5) Prism (server-verified scan)\n  6) E2E Test Only\n  7) Help\n  0) Exit\n```\n\n### Building CLI from Source\n\n```bash\ngit clone https://github.com/anonvector/SlipNet.git\ncd SlipNet\ngit submodule update --init --recursive\ncd cli\nCGO_ENABLED=0 go build -trimpath -ldflags=\"-s -w\" -o slipnet .\n```\n\nCross-compile for other platforms:\n\n```bash\n# Linux\nCGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags=\"-s -w\" -o slipnet-linux-amd64 .\n\n# Windows\nCGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -trimpath -ldflags=\"-s -w\" -o slipnet-windows-amd64.exe .\n\n# macOS Intel\nCGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -trimpath -ldflags=\"-s -w\" -o slipnet-darwin-amd64 .\n```\n\n## Project Structure\n\n```\ncli/                        # Cross-platform CLI client (Go)\n├── main.go                 # URI parser, tunnel client, SOCKS5 proxy\n├── go.mod\n└── go.sum\napp/\n├── src/main/\n│   ├── java/app/slipnet/\n│   │   ├── data/               # Data layer (repositories, database, native bridge)\n│   │   │   ├── local/          # Room database and DataStore\n│   │   │   ├── mapper/         # Entity mappers\n│   │   │   ├── native/         # JNI bridge to Rust\n│   │   │   └── repository/     # Repository implementations\n│   │   ├── di/                 # Hilt dependency injection modules\n│   │   ├── domain/             # Domain layer (models, use cases)\n│   │   │   ├── model/          # Domain models\n│   │   │   ├── repository/     # Repository interfaces\n│   │   │   └── usecase/        # Business logic use cases\n│   │   ├── presentation/       # UI layer (Compose screens)\n│   │   │   ├── common/         # Shared UI components\n│   │   │   ├── home/           # Home screen\n│   │   │   ├── navigation/     # Navigation setup\n│   │   │   ├── profiles/       # Profile management screens\n│   │   │   ├── settings/       # Settings screen\n│   │   │   └── theme/          # Material theme configuration\n│   │   ├── service/            # Android services\n│   │   │   ├── SlipNetVpnService.kt\n│   │   │   ├── QuickSettingsTile.kt\n│   │   │   └── BootReceiver.kt\n│   │   └── tunnel/             # VPN tunnel implementation\n│   └── rust/                   # Rust native library\n│       └── slipstream-rust/    # QUIC/DNS tunneling implementation\n├── build.gradle.kts\n└── proguard-rules.pro\n```\n\n## Architecture\n\nSlipNet follows Clean Architecture principles with three main layers:\n\n- **Presentation Layer**: Jetpack Compose UI with ViewModels\n- **Domain Layer**: Business logic and use cases\n- **Data Layer**: Repositories, Room database, and native Rust bridge\n\n### Tech Stack\n\n- **UI**: Jetpack Compose, Material 3\n- **Architecture**: MVVM, Clean Architecture\n- **DI**: Hilt\n- **Database**: Room\n- **Preferences**: DataStore\n- **Async**: Kotlin Coroutines \u0026 Flow\n- **Native**: Rust via JNI (QUIC protocol implementation)\n- **SSH**: JSch (mwiede fork with AES-GCM, ChaCha20 support)\n- **HTTP**: OkHttp (HTTP/2 for DoH requests)\n\n## Configuration\n\n### Server Profile\n\nEach server profile contains:\n\n- **Name**: Display name for the profile\n- **Tunnel Type**: DNSTT, NoizDNS, VayDNS, Slipstream, SSH, NaiveProxy, DOH, Tor, or their SSH variants\n- **Domain**: Server domain for DNS tunneling\n- **Resolvers**: DNS resolver configurations\n\n#### DNSTT / NoizDNS settings:\n- **Public Key**: Server's Noise protocol public key (hex format)\n- **DNS Transport**: UDP, TCP, DoT (DNS over TLS), or DoH (DNS over HTTPS)\n- **Stealth Mode** (NoizDNS only): Trades speed for harder DPI detection\n\n#### VayDNS-specific settings:\n- **DNSTT Compatibility**: Use original dnstt wire format (8-byte ClientID) for dnstt server compatibility\n- **Record Type**: DNS record type for downstream data (TXT, CNAME, A, AAAA, MX, NS, SRV)\n- **Max QNAME Length**: Maximum query name wire length (default: 101)\n- **Rate Limit (RPS)**: Maximum outgoing DNS queries per second (0 = unlimited)\n- **Idle Timeout**: Session idle timeout in seconds\n- **Keep-Alive**: smux keep-alive interval in seconds\n- **UDP Timeout**: Per-query UDP response timeout in milliseconds\n- **Max Data Labels**: Maximum number of data labels in the query name\n- **Client ID Size**: ClientID size in bytes (default: 2)\n\n#### Slipstream-specific settings:\n- **Congestion Control**: QUIC congestion control algorithm (BBR, DCUBIC)\n- **Keep-Alive Interval**: QUIC keep-alive interval in milliseconds\n- **Authoritative Mode**: Use authoritative DNS resolution\n- **GSO**: Generic Segmentation Offload for better performance\n\n#### NaiveProxy settings (NaiveProxy, NaiveProxy+SSH):\n- **Server Port**: Caddy server port (default 443)\n- **Proxy Username**: HTTP proxy authentication username\n- **Proxy Password**: HTTP proxy authentication password\n\n#### SSH settings (SSH, DNSTT+SSH, NoizDNS+SSH, VayDNS+SSH, Slipstream+SSH, NaiveProxy+SSH):\n- **SSH Host**: SSH server address\n- **SSH Port**: SSH server port (default 22)\n- **SSH Username/Password**: Authentication credentials\n- **SSH Cipher**: Preferred encryption algorithm (AES-128-GCM, ChaCha20, AES-128-CTR)\n\n#### SSH transport options (available for all SSH tunnel types):\n- **SSH over TLS**: Wrap SSH in TLS with custom SNI hostname for domain fronting\n- **HTTP CONNECT Proxy**: Route SSH through an HTTP CONNECT proxy with custom Host header for CDN facades\n- **SSH over WebSocket**: Tunnel SSH through WebSocket (ws:// or wss://) with custom path and Host header, compatible with CDN proxies (Cloudflare Workers, xray, wstunnel, etc.)\n- **SSH Payload**: Send raw bytes before the SSH handshake to disguise traffic (DPI bypass). Supports placeholders: `[host]`, `[port]`, `[crlf]`, `[cr]`, `[lf]`\n\n#### DOH settings:\n- **DoH Server URL**: HTTPS endpoint for DNS queries (e.g., `https://cloudflare-dns.com/dns-query`)\n\n## Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.\n\n1. Fork the repository\n2. Create your feature branch (`git checkout -b feature/amazing-feature`)\n3. Commit your changes (`git commit -m 'Add some amazing feature'`)\n4. Push to the branch (`git push origin feature/amazing-feature`)\n5. Open a Pull Request\n   \n## License \u0026 Usage\n\nThis project is released under the **SlipNet Source-Available License**.\n\n**You are allowed to:**\n- View, study, and modify the source code for **personal, private use**\n- Use the software locally for educational or research purposes\n- Fork the repository to submit contributions (Pull Requests) to the original project\n\n**You are NOT allowed to:**\n- **Distribute** this software (source or binary) to third parties\n- **Publish** this application on app stores (including Google Play, F-Droid, or Apple App Store)\n- **Commercialize** the software or any derivative works\n\nSee [LICENSE](./LICENSE) for the full legal terms.\n\n## Name \u0026 Branding Notice\n\n**\"SlipNet\"** is the reserved project name.\n\nUse of the project name, logo, or branding in derivative works or republished versions is **strictly prohibited** without explicit written permission from the owner. This applies even if you have modified or forked the code.\n\n## Distribution Notice\n\nThis project is **not authorized** for distribution on any application store, marketplace, or file-hosting service.\n\n**If you find this application on Google Play, the Apple App Store, or any other marketplace, it is an UNAUTHORIZED build.** It may be outdated, modified, or malicious. Please download SlipNet only from the official repository.\n\n\n## Acknowledgments\n\n- [slipstream-rust](https://github.com/Mygod/slipstream-rust) - Rust QUIC tunneling library\n- [Stream-Gate](https://github.com/free-mba/Stream-Gate) - DNS tunnel scanning method\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanonvector%2Fslipnet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanonvector%2Fslipnet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanonvector%2Fslipnet/lists"}