DEV Community: Surajit Sen

Check out TorChat !!

Surajit Sen — Mon, 29 Dec 2025 19:45:06 +0000

I’ve spent the last few weeks working on a side project called TorChat. I wanted a way to chat with a friend that was truly ephemeral—no central servers, no logs, and no metadata trail left behind and ofcourse terminal based .

How it works:

Host Mode: It launches its own isolated Tor instance and creates a temporary Hidden Service. It generates a one-time chat:// invite URL with a random token.

Encryption: Uses ChaCha20-Poly1305 (AEAD) for end-to-end encryption.

Ephemeral: As soon as you close the app, the private keys and the .onion address are wiped from the temp directory. It’s like the chat never existed.

I just packaged it as an AppImage to make it easier to run on Linux without messing with dependencies.

I'm looking for some honest feedback on:

The UX: Is the QR code/invite link flow intuitive?

Security: I used cryptography primitives, but I’d love for more eyes to look at the logic.

Tor Stability: How fast is the bootstrap for you?

It’s totally open-source. If you’re into privacy tools or P2P networking, I’d love for you to check it out and let me know what you think!

GitHub: https://github.com/blackXploit-404/torchat

Cheers!

[Boost]

Surajit Sen — Fri, 26 Sep 2025 11:02:01 +0000

Checkout PacGuard.

Surajit Sen ・ Sep 7

#archlinux #pacman #arch #pacguard

Checkout PacGuard.

Surajit Sen — Sun, 07 Sep 2025 08:32:04 +0000

Hey folks,

I’ve been playing around with Arch packaging and wanted to make something small but useful for the community. The result is pacguard, a simple command-line tool that checks your installed packages against the Arch Linux Security Tracker.

Think of it as a lightweight, Python-based take on arch-audit. It goes through your installed packages and reports:

Which packages are vulnerable

Advisory name & CVEs

Severity level

Suggested fix (if one exists)

If no fixes exist, it warns you to keep an eye on the tracker.

Example output:

[] Collecting installed packages... [] Fetching Arch Security Tracker data...

Vulnerable packages found:

openssl (installed 3.0.14-1) Advisory: ASA-2025-001 Affected: <= 3.0.14 Fixed: 3.0.15 Severity: Critical CVEs: CVE-2025-XXXX, CVE-2025-YYYY Suggested fix: sudo pacman -Syu openssl

Install

It’s on the AUR:

yay -S pacguard

Or clone from GitHub: https://github.com/blackXploit-404/pacguard

It’s simple and not perfect — I mainly made it to learn packaging and Python with pyalpm — but maybe it can help others too. Feedback, ideas, or PRs are welcome!

SecurePaste – Encrypted, Self-Destructing Paste with No Logs

Surajit Sen — Mon, 23 Jun 2025 08:23:23 +0000

I wanted a secure way to share sensitive logs, credentials, and bug bounty info — but didn’t trust normal pastebin tools. So I built SecurePaste.

🔐 Fully encrypted with AES
💣 Self-destruct after read
🔏 Optional password
📄 Supports Markdown/code formatting
📱 Generates QR codes
❌ No accounts, no cookies, no tracking

📎 Try it here:
https://secure-paste.onrender.com

It’s 100% client-side encrypted — even the server can’t read your pastes.
Would love feedback, suggestions, or security tips!

🇮🇳 Made with ❤️ in India