AeroFTP is a multi-protocol file manager designed for secure and efficient file transfer and management across multiple cloud platforms. Built with Tauri 2 using Rust, React 18, and TypeScript, AeroFTP supports 16 protocols, including FTP, SFTP, WebDAV, Google Drive, Dropbox, OneDrive, and more.
Key Features:
AI assistant with 45 tools and support for 15 LLM providers
Built-in code editor, SSH terminal, and media player with visualizers
Support for 47 languages and 4 themes
Audience & Benefit:
Ideal for developers, IT professionals, and security-conscious users who need a versatile tool for managing files securely across various platforms. AeroFTP provides seamless integration, encryption, and AI-powered assistance to streamline file management tasks.
Available as an open-source application, AeroFTP can be installed via winget.
GNOME, KDE Plasma, XFCE, Hyprland, Sway, i3 (X11 & Wayland)
Windows
Stable
.msi, .exe, .zip portable, winget
Fully tested, not Microsoft Store signed
macOS (Apple Silicon)
Beta
.dmg (aarch64)
Not code-signed, requires xattr workaround
> macOS note: The .dmg is not yet signed with an Apple Developer ID certificate. macOS Gatekeeper will block it. After installing, run: sudo xattr -rd com.apple.quarantine /Applications/AeroFTP.app
FTP-First Design
AeroFTP is an FTP client first. Full encryption support with configurable TLS modes (Explicit AUTH TLS, Implicit TLS, opportunistic TLS), certificate verification control, MLSD/MLST machine-readable listings (RFC 3659), and resume transfers (REST/APPE). It then extends this foundation into a broad multi-protocol file management platform through six integrated product modules - the Aero Family.
Integrations
AeroFTP organizes integrations on three tiers, so what you see in the catalog is precise rather than vague:
Transport protocols (7): native wire-level support for FTP, FTPS, SFTP, WebDAV, S3, Azure Blob, OpenStack Swift.
Native provider integrations (25+): dedicated OAuth2 / API key / SDK code paths per provider, so each one's specific features (sharing, native delta sync, server-side copy, large-file chunking, media-CDN transformations) are first-class instead of best-effort. Includes the dedicated media services tier (ImageKit, Uploadcare, Cloudinary, Immich, Google Photos, PixelUnion).
Pre-configured presets (45+): server URL, port, base path, password-generation deep-link filled in automatically for compatible services on top of the protocols above (S3-compatible endpoints from MEGA S4 to Filen S5 to MinIO, WebDAV-compatible servers including Nextcloud, Tab.digital, Felicloud, Seafile, InfiniCLOUD, etc.).
Google Drive
OneDrive
Dropbox
MEGA
Box
pCloud
Filen
Internxt
Zoho
Koofr
kDrive
Jottacloud
Drime
FileLu
OpenDrive
Yandex Disk
4shared
Backblaze
AWS S3
Google Cloud
+ FTP, FTPS, SFTP, WebDAV, Swift protocols
We reached out directly to providers to ensure quality integration.
Special thanks to MEGA, Koofr, FileLu, Felicloud, Storj, pCloud, IDrive, Jottacloud, InfiniCLOUD, Tab.digital, ImageKit, Uploadcare, Cloudinary, and SourceForge for their responsive technical support.
Real-world protocol comparisons need real-world data. We do not have a credible basis to claim "protocol X is faster than Y on provider Z" from a single developer machine on a single ISP, so we invite the community to contribute sanitized, privacy-preserving benchmark reports.
Run aeroftp-cli --profile "My Server" benchmark quick against any saved profile (the CLI resolves credentials from the encrypted vault, you never paste passwords) and submit the resulting JSON via the dedicated Issue template. The report contains throughput / latency statistics, never hostnames, paths, or credentials.
AeroFTP bridges profiles with the three most widely used file transfer tools. Import and export server profiles freely through a unified interface in the GUI (Settings > Export/Import > Bridge) and CLI (aeroftp import rclone|winscp|filezilla). Credentials are automatically upgraded to AES-256-GCM encrypted vault on import, and re-encoded in the target format on export. Duplicate detection shows which servers already exist, with the option to update credentials on re-import.
> rclone crypt interop (full read/write): in addition to profile import/export, AeroFTP can browse, decrypt and re-encrypt existing rclone crypt remotes natively. Upload, download, rename, and delete all stream through a transparent crypto overlay session: the underlying provider sees only encrypted blobs and obfuscated filenames, while the UI shows plaintext paths. See the rclone crypt page.
> rclone filter conversion:aeroftp-cli import rclone-filter converts an rclone --filter-from file (with +/- rules and # comments) into an .aeroignore file. Rule order is reversed automatically to preserve rclone's first-match-wins semantics under gitignore last-match-wins. Brace alternation {a,b} and ! reset directives are reported as warnings since they have no direct gitignore equivalent.
Hosting Provider Integration
Web hosting providers can generate encrypted .aeroftp connection profiles from their control panels, so customers can import pre-configured FTP/SFTP connections with a single click - no manual setup, no credentials in plaintext emails.
> See the Hosting Integration Guide for the file format specification, encryption details, and ready-to-use code examples in Python and Node.js.
Turn any server into a private personal cloud. Connect through 7 transport protocols and 25+ native provider integrations with bidirectional sync, selective sync, file versioning, .aeroignore, share links, and per-project folders. Background tray sync with native OS file manager badges (Nautilus, Nemo, Windows Explorer). See the protocol features matrix for full per-provider capabilities.
A full-featured local file manager built into AeroFTP. Toggle between remote and local modes, or use both side-by-side. Three view modes (list, grid, large icons), Places sidebar with drives and network shares, Quick Look preview (Space), drag-and-drop transfers, batch rename, duplicate finder, disk usage treemap, trash browser, properties dialog with checksums, and 20+ keyboard shortcuts.
v3.7.1 polish: aggregate multi-file Properties dialog (Windows-style mixed-state indicators across the selection), recursive * flatten search that lists every descendant under the current directory in one shot, smart "Open with default app" routing in the right-click menu (vault containers open in AeroFTP, scripts drop into the AeroTools Terminal with the right shell prefix, anything else goes through the OS), and a PathBar with empty-area edit mode plus a trailing chevron dropdown over first-generation subdirectories.
Dual panel (v3.7.9, Slice A): two local panels side by side in AeroFile mode, toggled via the Columns icon in the toolbar or Ctrl+Shift+D. Full keyboard parity on the second panel (F2 / Delete / Enter / Backspace / clipboard / Quick Look / properties / arrows / Shift+arrow / Home / End all route to the focused pane; Tab cycles between local and local2). Total-Commander shortcuts: F5 copies the selection to the other panel, F6 moves it, F7 creates a folder in the focused panel. Drag-and-drop between the two panes uses the existing rename_local_file / copy_local_file backend; Ctrl+drag switches from move (default) to copy. The separator is resizable from mouse and from keyboard (Arrow Left/Right ±10%, Home/End to extremes, Enter/Space to reset to 50/50). Unified tab strip with L / R markers and per-panel persistence. Slice B (each pane configurable as a local path or as a saved remote profile) and Slice C (FreeFileSync-style compare / mirror / backup / bisync workflows on top) follow in their own release windows. Tracked in issue #162 section 2.
Persistent mount manager reachable from File > Mount Manager, the My Servers toolbar, and the connected remote address bar. Save multiple FUSE / WebDAV mount configs (profile, remote path, mountpoint, read-only, cache TTL, allow-other, auto-start) in either a plaintext sidecar JSON (default, daemon-friendly) or in the encrypted vault, toggleable from the dialog header. Per-row Mount / Unmount / Open in file manager / Edit / Delete actions, with a "Pick free drive letter" helper on Windows.
Cross-platform autostart: installs ~/.config/systemd/user/aeroftp-mount-.service units on Linux (Type=simple, Restart=on-failure) and Task Scheduler ONLOGON entries on Windows. Master-password vault mode blocks autostart with a clear UI explanation since the daemon cannot prompt for a password.
Open mount in file manager: a one-click action on the My Servers context menu that auto-creates a sensible default mount for the selected profile when none exists yet, waits 800 ms for the FUSE / WebDAV layer to settle, then opens the OS file manager at the mountpoint.
No secrets in mount configs: credentials are always resolved by the spawned aeroftp-cli through --profile against the same vault the GUI uses, mount configs only carry the profile id.
Enterprise-grade file synchronization built for real-world reliability. Three sync profiles (Mirror, Two-way, Backup), conflict resolution center with per-file strategies, SHA-256 checksum verification, transfer journal with checkpoint/resume, configurable retry with exponential backoff, bandwidth control, post-transfer verification (4 policies), and structured error taxonomy with 10 categories. Integrates with AeroCloud for background tray sync.
Independent clean-room Rust implementation of the rsync wire protocol 31. AeroRsync ships byte-level delta sync without bundling or replacing the rsync binary, so cross-platform deployments (Windows first-class) get the same wire-compatible delta transport as Unix.
The delta path is wired into:
AeroSync delta transfers (the original entry point).
Cross-Profile Transfer SFTP to SFTP with key-based auth, so only the bytes that differ from the destination travel on the wire.
AeroTools Code Editor save against a remote SFTP file, so a one-line change to a 5 MB file ships only the diff.
Session-cached batch transport (v3.7.0): a single SSH session amortizes many consecutive delta transfers via the new AerorsyncBatch trait: open the session once, transfer N files, close once. SyncReport surfaces delta_files (per-file delta breakdown) and bytes_on_wire so the UI shows exactly which files used the optimized path and the cumulative wire savings. Current scope is SFTP destinations with key-based auth; other providers and the classic rsync binary path on Unix coexist on the same DeltaTransport trait surface. The Cargo feature aerorsync is compiled by default; the runtime toggle (Settings → Advanced) is OFF pending the host-key algorithm negotiation asymmetry fix. Soft fallbacks (file too small, no key on disk, missing remote helper) silently route back to the classic upload path.
Create, manage, and browse encrypted containers that protect your files with a security stack that exceeds industry standards. The encryption engine is published as the standalone aerovault crate on crates.io for use in any Rust project.
AeroVault v2 (.aerovault containers)
Component
Algorithm
Details
Content encryption
AES-256-GCM-SIV (RFC 8452)
Nonce misuse-resistant - even nonce reuse doesn't compromise security
Key wrapping
AES-256-KW (RFC 3394)
Built-in integrity check on unwrap
Filename encryption
AES-256-SIV
Deterministic - file names are hidden, not just content
Optional double encryption layer for defense-in-depth
Chunk size
64 KB
Per-chunk random nonce + authentication tag
> Open format: The .aerovault binary format is fully documented in the AeroVault v2 Specification with implementation guides for Rust, Java, Python, Go, C, and JavaScript.
AeroVault v3 (Beta, v3.8.0)
A draft container format that ships alongside v2 and is opt-in via the Beta tier in the create dialog. v2 remains the default in the GUI and there is no automatic v2 → v3 migration; the full lifecycle is scriptable from the CLI for every format (aeroftp-cli vault create/add/info/extract, --vault-version v1|v2|v3 with header auto-detect, --cascade for the v2 paranoid mode, --receipt for the technical telemetry).
Component
Algorithm
Details
Chunking
Gear-CDC (content-defined)
Variable-size boundaries; same plaintext bytes always produce the same chunk so dedup is stable across edits
Compression
zstd, per chunk
Three profiles: fast (-3), balanced (-9), archive (-19)
Content encryption
AES-256-GCM-SIV (RFC 8452)
96-bit random nonce per chunk + per-chunk AAD bound to block index and chunk id
Chunk addressing
BLAKE3 keyed, 128-bit
Content-addressed chunk id, also the dedup key
Cipher integrity
BLAKE3-256
Pre-decryption check on cipher blocks; load-bearing for the future v4 ECC layer
Key derivation
Argon2id
128 MiB / t=4 / p=4, identical to v2; derives two independent KEKs via HKDF (encryption + MAC)
Key wrapping
AES-256-KW (RFC 3394)
Two independent random 256-bit working keys, one per KEK
Header integrity
HMAC-SHA512
1024-byte header, MAC verified before any key unwrap
Extension area
Reserved
Extension directory + payload region for the future v4 ECC layer; v3 readers skip non-critical unknown entries, reject critical unknown entries
The wire layout, the wrapper IDs, and the forward-compat contract (v3 + ECC = v4, the v3 vault is byte-equivalent to "v4 with ECC turned off") are pinned in the AeroVault v3 Specification (draft). Tracked in issue #162 section 4 / T-AEROVAULT-ECC. The v4 ECC layer (Reed-Solomon / Parchive blocks for single-bit-rot recovery on the encrypted chunks) is on the roadmap but not in v3.8.0.
Additional encryption features:
Overlay session model (v3.7.0): open an .aerovault once, then route every list/upload/download/rename through the encrypted overlay transparently. The provider sees only opaque vault chunks; the UI shows plaintext entries and folders. A status badge in the header marks when the overlay is active.
Directory support: Create nested folders inside vaults with encrypted directory entries, hierarchical navigation, and recursive delete
Cryptomator: Create and browse Cryptomator format 8 vaults (scrypt + AES-SIV + AES-GCM) via context menu
Integrated development panel with three tools in a tabbed interface: Monaco Editor (VS Code engine, 50+ languages, remote file editing), SSH Terminal (8 themes, multiple tabs), and AeroAgent AI Chat with bidirectional editor sync.
AeroAgent - AI-Powered Assistant
An AI assistant with 39 tools that work across local files and remote providers. Supports 24 AI providers (OpenAI, Anthropic, Gemini, xAI, Ollama, DeepSeek, Mistral, Cerebras, SambaNova, Fireworks, Nvidia, and 13 more). Vision/multimodal, RAG indexing, plugin ecosystem, streaming responses, multi-step autonomous execution, native MCP server mode (39 MCP tools), and Command Palette (Ctrl+Shift+P).
AeroFTP is built for both humans and AI agents. As agentic AI, computer use, and autonomous coding assistants become the standard way to interact with computers, AeroFTP provides native interfaces for both use cases.
For AI Agents (CLI): Tools like Claude Code, Open Interpreter, Cline, Aider, Devin, Codex, Cursor Agent, Windsurf, and other agentic frameworks can call aeroftp-cli directly. Structured --json output, vault-based --profile credentials (agents never see passwords), semantic exit codes, and .aeroftp batch scripts make AeroFTP a first-class tool in any agent's toolkit. External agents can also invoke aeroftp-cli agent to orchestrate AeroAgent as a credential-isolating proxy for multi-server operations. See Agent Orchestration for the full orchestration guide, CLI reference, and a verified field test report.
For Humans (GUI + AeroAgent): The desktop app provides drag-and-drop file management with AeroAgent, the integrated AI assistant offering 39 tools across local files and remote providers. AeroAgent supports multi-step autonomous execution, tool approval workflows with backend-enforced grants, and 24 AI providers.
Production CLI sharing the same Rust backend as the GUI. 49 subcommands across 7 transport protocols and 25+ native provider integrations, encrypted vault profiles, JSON output, batch scripting, daemon mode with job queue, FUSE filesystem mounting, ncdu TUI explorer, zero-knowledge crypt overlay, single-file AeroVault containers (vault, all formats v1/v2/v3), recursive used-storage scan (df --scan) with a manual total-cap override, and native MCP server mode for AI integration.
aeroftp-cli ls --profile "My Server" /var/www/ -l # Vault profile (no credentials exposed)
aeroftp-cli get sftp://user@host "/data/*.csv" # Glob download
aeroftp-cli check --profile "My Server" /local /remote --checksum # Verify local matches remote
aeroftp-cli sync --profile "My Server" /local /remote --watch # Continuous bidirectional sync
aeroftp-cli serve http sftp://user@host /data # Serve remote as local HTTP
aeroftp-cli serve webdav s3://key:secret@s3.aws.com # Serve remote as local WebDAV
aeroftp-cli agent --mcp # MCP server for Claude/Cursor/VS Code
aeroftp-cli mount sftp://user@host /mnt/remote # FUSE filesystem
aeroftp-cli ncdu sftp://user@host /data # Interactive disk usage
aeroftp-cli daemon start # Background job queue
Key features: --profile credential isolation for AI agents, --json structured output, semantic exit codes (0-11), .aeroftp batch scripts, check / cryptcheck for local-vs-remote verification (size/checksum against cleartext or encrypted remotes), dedupe / cleanup for orphan management, hashsum for remote file hashing (sha256/md5/blake3), link for shareable URLs, --bwlimit "08:00,512k 18:00,off" time-based bandwidth schedule (local time), serve http/webdav/ftp/sftp, MCP server mode, --immutable append-only mode, --files-from selective transfers, --fast-list S3 optimization, bisync with --conflict-mode rename, NO_COLOR compliant. See the CLI Guide and Credential Isolation docs.
MCP server (39 tools, v3.7.0+): curated tools for agents covering safe / medium / destructive operation tiers: file ops (aeroftp_list_files, aeroftp_read_file, aeroftp_upload_file), batch (aeroftp_delete_many, aeroftp_upload_many), tree sync (aeroftp_sync_tree with per-file delta_files[] + plan[]), tree diff (aeroftp_check_tree with two-sided checksum + per-group caps + omit_match), preflight (aeroftp_sync_doctor, aeroftp_reconcile, aeroftp_dedupe), cross-profile copy (aeroftp_transfer, aeroftp_transfer_tree between two saved profiles in one batch), agent ergonomics (aeroftp_agent_connect, aeroftp_speed, aeroftp_touch, aeroftp_cleanup), and pool introspection (aeroftp://connections resource + aeroftp_close_connection). Real-time notifications/progress during uploads, downloads, and sync. The pool auto-recovers from transport-level failures (stale FTP data channels, broken pipes) without manual intervention. Pool reuse gives roughly 14x speedup vs CLI cold-start on warm calls (measured 13-14 ms vs ~194 ms on Docker SFTP). Run aeroftp-cli mcp and plug it into Claude Desktop, Cursor, Windsurf, or VS Code via the axpdev-lab.aeroftp-mcp extension.
Built-in media player with 14 GPU-accelerated visualizer modes (Canvas 2D + WebGL 2 shaders), 10-band graphic EQ with presets, beat detection, and post-processing effects. Zero dependencies - native HTML5 Audio + Web Audio API.
Privacy-Enhanced
AeroFTP incorporates privacy protections that go beyond what traditional file managers offer.
Feature
Details
Master Password
Optional Argon2id vault encryption - all credentials locked behind a single password
Encrypted Vault
All sensitive data in AES-256-GCM encrypted storage - zero plaintext on disk
Zero Telemetry
No analytics, no phone-home, no network requests beyond user-initiated connections
Memory Zeroization
Passwords and keys cleared from RAM immediately after use
Clearable History
One-click clear for recent locations. No persistent browsing traces
Portable Deployment
AppImage runs without installation. Remove it and the config directory - no traces remain
See SECURITY.md for the security policy and architecture summary, and docs.aeroftp.app/security for the complete security documentation with encryption specs, AI security model, supply chain details, and audit history.
Self-Hosted Continuous Audit
AeroFTP runs its own vulnerability audit pipeline that does not depend on any vendor SaaS. The pipeline aggregates three independent advisory databases (RustSec, npm registry, Google OSV) and cross-references findings against a documented suppression list with written rationales for every accepted advisory.
npm run security:report # generate HTML report
npm run security:report -- --json # machine-readable output
> Note: Windows builds are not currently published on the Microsoft Store. The installer is not code-signed (no EV certificate), so Windows SmartScreen may show a warning on first run - this is safe to dismiss.
> Note: The macOS build is not notarized (no Apple Developer certificate). macOS Gatekeeper will block the app on first launch - right-click the app and select "Open" to bypass. See #47 for known issues on Apple Silicon.
Verifying Release Integrity
All release artifacts are signed with Sigstore using keyless signing via GitHub OIDC. Each release includes .sigstore.json verification bundles.
Install cosign, then verify any downloaded artifact:
<a href="https://openinventionnetwork.com/"><img src="icons/oin-2-0-stacked_80x80.png" height="80" /></a>
<a href="https://opensource.org"><img src="icons/Open_Source_Initiative_64x64.png" height="64" /></a>
<a href="https://sigstore.dev"><img src="icons/sigstore-signed.png" height="60" /></a>
OIN 2.0 Community Member
OSI Individual Member
Sigstore Signed Releases
<a href="https://aikido.dev"><img src="icons/aikido_security.png" height="48" /></a>
<a href="https://snyk.io"><img src="icons/snyk.png" height="48" /></a>
<a href="https://socket.dev"><img src="icons/socket.png" height="48" /></a>
<a href="https://www.coderabbit.ai"><img src="icons/coderabbit.png" height="48" /></a>
Aikido Security
Snyk
Socket.dev
CodeRabbit
Built with Rust (Tauri 2) + React 18 + TypeScript
Designed, architected and maintained by <a href="https://github.com/axpnet">axpnet</a>.
AI tools (Claude Code, Codex, Gemini) were used extensively for translations, code review,
implementation and documentation, always under strict human-defined specifications and patterns.
Every feature, design decision and architectural choice is human-driven.
AI accelerated development; it did not direct it.
<a href="AI-TRANSPARENCY.md">Full AI Transparency Statement</a>
