ScannerSend
Behavioral crypto mining defense. Catches miners by what they do, not just what they look like. One script. Zero dependencies. Free forever.
Scan-only by default. I believe in consent. · Clean uninstall. Leave no trace.
Six Reasons to Run It
Built from real attack experience. Every feature exists because something went wrong without it.
Behavioral Detection
Doesn't care what the binary looks like. Detects mining behavior — Stratum protocol, sustained CPU + network combos. Catches zero-days and custom miners.
Five Detection Layers
Network protocol. CPU behavioral analysis. Known signatures. Connection fingerprinting. Wallet forensics. If a miner runs, it dies — even custom-compiled, obfuscated, renamed miners.
Single File. Zero Deps.
One Python file. No pip install. No Docker. No config files. Works on any Linux with Python 3.6+. Download and run. That's it.
Self-Healing Persistence
Run --fortify to install 5 independent persistence layers. Systemd, cron watchdog, rc.local, immutable binary, self-copy. Kill one — four more bring it back.
Clean Uninstall
Run --uninstall and every trace is removed. Service files, cron jobs, immutable flags, the binary itself. One command. Clean exit.
Status Dashboard
Run --status to see your protection state at a glance. Which persistence layers are active, when the last scan ran, how many miners killed.
Stop miners. Not processes.
Stratum protocol detection has zero false positives. CPU behavioral analysis uses configurable thresholds with --whitelist support for your workloads.
Your antivirus may flag the persistence layers. That's normal — here's why. Use --no-persist for AV-friendly mode.