Global Chat Suite
ULTIMATE SECURE CHAT SUITE
A peer-to-peer encrypted chat and file-sharing tool with military-grade cryptography.
MITM impossible • Triple encryption • Replay protection • No servers • No telemetry
- Mutual authentication — PSK + X25519 ephemeral keys (perfect forward secrecy)
- Triple encryption — ChaCha20 → AES-256-GCM → ChaCha20 with fresh nonces every message
- Replay protection — strictly increasing counters + 5-minute timestamp window
- Secure file transfers — sanitized filenames, optional confirmation, dedicated
received_files/folder - Remote code execution — disabled by default (
--enable-exec+ per-request confirmation) - Contact management — save/load trusted peers (
contacts.json) - Thread-safe with
RLock+ fixed input/output race condition - TCP keepalives for reliable connections
- No hardcoded secrets — PSK loaded only from environment variable
- Lightweight — pure Python +
cryptographylibrary
Designed for maximum privacy and security. No central servers, no accounts, no logs.
-
Clone or download the repository:
git clone https://github.com/TatorInfinity/Global-Chat-Suite.git cd Global-Chat-Suite -
Install the only dependency:
pip install cryptography
-
Set your shared secret (must be identical on all peers):
# One-time strong random key (recommended) export GCS_PSK=$(openssl rand -hex 32) # Or set a custom one export GCS_PSK='your_very_long_and_random_secret_here'
python3 gcs.pyYou will see:
Your secure ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Listening on port 9009
Remote exec: DISABLED
Type /help for commands.
All participants must use the exact same GCS_PSK value.
python3 gcs.py --port 12345 # Change initial listening port
python3 gcs.py --enable-exec # Allow remote Python execution (with confirmation)
python3 gcs.py --auto-accept-files # Skip file confirmation (use with care)| Command | Description |
|---|---|
/connect ip[:port] |
Connect to a peer |
/disconnect ip[:port] |
Disconnect specific peer |
/disconnectall |
Close all connections |
/addcontact name ip:port |
Save a contact |
/connectuser name |
Connect using saved contact |
/listcontacts |
Show saved contacts |
/sendfile filepath |
Send file to all connected peers |
/setport port |
Change listening port for new connections |
/py code |
Run Python code locally |
/pysend code |
Send remote exec request (requires --enable-exec) |
/pyevalsend expr |
Send remote eval request |
/myid |
Show your user ID |
/status |
Show connected peers |
/savecontacts |
Save contacts to contacts.json |
/reloadcontacts |
Reload contacts |
/clear |
Clear screen |
/help |
Show this help |
/exit |
Graceful shutdown |
Just type a normal message to broadcast it to all connected peers.
- Authentication: PSK + X25519 + transcript HMAC
- Encryption: Triple AEAD (ChaCha20Poly1305 → AESGCM → ChaCha20Poly1305)
- Replay protection: Per-session counters + timestamp validation
- File safety: Filename sanitization + user confirmation
- Remote execution: Explicitly disabled by default + manual approval per request
This is stronger than most commercial "secure" messengers.
- All peers must share the same
GCS_PSK - Remote code execution is a powerful feature — only enable with trusted contacts
- Files are saved to
./received_files/ - Works behind NAT/firewalls (direct TCP)
- Intended for educational, private, and trusted-group use
This project is licensed under the GNU General Public License v3.0 (GPL-3.0).
Feel free to use, modify, and share — just keep it open and free!
Original concept & development by TatorInfinity
Patched & hardened version — fixed input race condition, added TCP keepalives, improved thread safety, cleaner UX.