Making Tomorrow Better Today <!-- cognis:featured:start --> ⚡ Start here — battle-tested, hard-target tools The places mainstream and SaaS security tools don't reach: firmware · ICS/OT · RF · C2…
Making Tomorrow Better Today
<!-- cognis:featured:start -->⚡ Start here — battle-tested, hard-target tools
The places mainstream and SaaS security tools don't reach: firmware · ICS/OT · RF · C2 · DFIR · compliance-as-code. Every tool is single-purpose, self-hostable, and emits machine-readable JSON/SARIF.🔴 Threat detection & DFIR
| Tool | What it does | | --- | --- | | c2detect ⭐29 | C2 server fingerprinter — Cobalt Strike, Sliver, Mythic, Havoc, Brute Ratel | | yararun | Run simple YARA-style string/regex rules over a directory |🔧 Firmware · hardware · ICS/OT · RF
| Tool | What it does | | --- | --- | | uefiscan | Audit UEFI firmware dumps for missing Secure Boot keys, unsigned modules, S3 boot-script vulns, and known SMM threats | | fwxray | Diff two firmware images and surface exactly what changed: new binaries, flipped config flags, added certs, and shifted entropy regions | | keyhunt | Scan firmware blobs and filesystem dumps for hardcoded private keys, API tokens, default creds, and weak RSA/ECC material | | sbomb | Generate a CycloneDX SBOM directly from an unpacked firmware root filesystem and flag components with known CVEs and EOL kernels | | otaverify | Validate OTA update packages end-to-end: signature chains, rollback protection, anti-downgrade counters, and delta-patch integrity | | modpot | Spin up a high-interaction Modbus/DNP3 ICS honeypot that logs attacker register reads/writes as structured JSON | | blescope | Sniff and decode BLE GATT traffic, fingerprint device profiles, and assert on insecure pairing/characteristics in CI against a capture | | adsbwatch ⭐3 | Analyze an ADS-B feed/CSV for anomalies: callsign spoofing, squawk 7500/7600/7700, and unusual loiter patterns |🛰️ OSINT & intelligence
| Tool | What it does | | --- | --- | | maritimeint | AIS vessel tracking & sanctions-evasion anomaly detection | | conflictwatch | Open-source conflict monitoring & situational awareness — ACLED/GDELT/UCDP + OSINT feeds, hotspots/trends, and a sourced 'what's working' lessons KB (OSINT/force-protection) | | cryptotrace | Free-tier blockchain investigator — ETH/BTC clustering + sanctions xref | | comint-osquery | DISA STIG-aligned osquery configs + RMF mapper |📋 Compliance-as-code
| Tool | What it does | | --- | --- | | fedramplens | FedRAMP boundary visualizer & OSCAL-format SSP/POAM generator | | compliance-atlas | Condensed, cross-walked reference for SOC2, ISO 27001, NIST CSF/800-53/800-171, CMMC, GDPR, CCPA, HIPAA, PCI DSS, EU AI Act |📱 Mobile & app security
| Tool | What it does | | --- | --- | | apkprobe | Android APK static security analyzer — MASTG-aligned, from-scratch binary-AXML decoder, zero dependencies | > New here? Start with these — they're the proven, most-used tools. The full catalog of every tool is below. ⭐ a tool if it earns its place in your stack. <!-- cognis:featured:end -->Usage — step by step
This is the Cognis Digital org profile. The tools live in the Cognis Neural Suite — here is how to go from catalog to a running tool. 1. Browse the catalog — open the full catalog (or awesome-cognis) and pick a tool. 2. Install it — most tools ship a CLI on PyPI under thecognis- prefix, e.g.:
bash
pip install cognis-mcpharden # see the chosen tool's README for its real package name
3. Run the primary command and get machine-readable output — tools emit JSON/SARIF:
bash
mcpharden scan . --format sarif --out report.sarif
4. Point your agents at it — every tool ships an MCP server, so Claude Desktop / Cursor / Cognis.Studio can scan, audit, and remediate autonomously (run the tool's mcp command).
5. Automate in CI — gate builds on findings and upload SARIF to code scanning:
yaml
- run: pip install cognis-mcpharden
- run: mcpharden scan . --format sarif --out report.sarif --fail-on high
- uses: github/codeql-action/upload-sarif@v3
with: { sarif_file: report.sarif }
👋 Welcome
Cognis Digital (Wyoming, USA) builds the Cognis Neural Suite — 372+ single-purpose, self-hostable, MCP-native tools across security, AI, military/IC, compliance, data, dev, and business. Every tool ships a CLI, JSON/SARIF output, an MCP server, polyglot ports (Py/JS/Go/Rust), a Dev Container, cross-OS + cloud deploy, and CI/CodeQL — and most ship real, tested code. > 🧠 Every tool is an MCP capability — point your agents (Claude Desktop, Cursor, Cognis.Studio) at the suite and they can scan, audit, and remediate autonomously. <!-- reliable buttons (shields render even when stats services are rate-limited) --> <!-- live stats (cached to dodge rate limits; shields above always render) -->🚀 Explore the suite
🗂️ Full catalog → cognis-neural-suite · ⭐ awesome-cognis · 🔗 cognis-sources <!-- FEATURED:START (generated by build_profile.py) -->🚀 Featured tools
372 open-source tools · 58⭐ and climbing · 8 languages · every tool CLI + JSON/SARIF + MCP-native. Single-purpose, self-hostable, and built to plug into your stack (SARIF→code-scanning, STIX/MISP/Sigma→SIEM, MCP→agents).🏆 Most popular
| Tool | ⭐ | What it does | |------|----|--------------| | c2detect | 29 | C2 server fingerprinter | | comint-osquery | 2 | DISA STIG-aligned osquery configs + RMF mapper | | adsbwatch | 2 | Analyze an ADS-B feed/CSV for anomalies: callsign spoofing, squawk 7500/7600/7700,… | | keyhunt | 1 | Scan firmware blobs and filesystem dumps for hardcoded private keys, API tokens,… | | uefiscan | 1 | Audit UEFI firmware dumps for missing Secure Boot keys, unsigned modules, S3… | | fwxray | 1 | Diff two firmware images and surface exactly what changed: new binaries, flipped… |📱 Mobile Security (12 tools)
| Tool | ⭐ | What it does | |------|----|--------------| | apkpeek | — | One-command static triage of Android APK/AAB binaries: surfaces hardcoded secrets,… | | apkprobe | — | Android APK static security analyzer | | dastlite | — | A headless, config-as-code DAST runner that crawls an authenticated web/mobile-API… | | deeplinkfuzz | — | Fuzzes Android/iOS deep links, intents, and custom URL schemes against an… | | dvmobile | — | Damn Vulnerable Mobile | | hookcraft | — | Generates ready-to-run Frida instrumentation scripts from a YAML intent (e.g |🤖 AI · Agents · MCP (66 tools)
| Tool | ⭐ | What it does | |------|----|--------------| | hermes | 1 | Model-agnostic, portable long-term memory framework for AI agents (MCP-native) | | keyhunt | 1 | Scan firmware blobs and filesystem dumps for hardcoded private keys, API tokens,… | | mcpharden | 1 | MCP server hardening linter | | tokenmeter | 1 | Token and cost counter / budgeter for LLM apps, CI-ready | | uncensored-fleet | 1 | Deploy a local multi-model LLM fleet (llama.cpp) with an agent harness, hermes… | | adversa | — | LLM red-team harness |🔭 OSINT & Intelligence (48 tools)
| Tool | ⭐ | What it does | |------|----|--------------| | adsbwatch | 2 | Analyze an ADS-B feed/CSV for anomalies: callsign spoofing, squawk 7500/7600/7700,… | | comint-osquery | 2 | DISA STIG-aligned osquery configs + RMF mapper | | blescope | 1 | Sniff and decode BLE GATT traffic, fingerprint device profiles, and assert on… | | conflictwatch | 1 | Open-source conflict monitoring & situational awareness | | geolens | 1 | Image geolocation toolkit | | maritimeint | 1 | AIS vessel tracking & sanctions-evasion anomaly detection |📋 Compliance & GRC (28 tools)
| Tool | ⭐ | What it does | |------|----|--------------| | compliance-atlas | 1 | Condensed, cross-walked reference for SOC2, ISO 27001, NIST CSF/800-53/800-171,… | | deidproof | 1 | Re-identification risk assessment that computes k-anonymity, l-diversity, and HIPAA… | | fedramplens | 1 | FedRAMP boundary visualizer & OSCAL-format SSP/POAM generator | | gsafinder | 1 | GSA Schedule opportunity surveyor | | stigsentry | 1 | DISA STIG checker + NIST 800-53 RMF mapper + POAM emitter | | admitd | — | Kubernetes policy-as-code admission engine |🔬 Forensics & Data (9 tools)
| Tool | ⭐ | What it does | |------|----|--------------| | canzap | 1 | Replay, fuzz, and assert on CAN bus traffic from a .pcap or SocketCAN interface… | | fwxray | 1 | Diff two firmware images and surface exactly what changed: new binaries, flipped… | | pcapsummary | 1 | Summarize flows/talkers/protocols from a pcap text export | | browserforensics | — | Analyze exported browser history/downloads for IOCs and exfil signs | | entropyscan | — | Scan files and binaries for high-entropy regions to flag packing, encryption, and… | | exfilwatch | — | Detect DNS/HTTP exfiltration patterns (entropy, beaconing) in logs |☁️ Infra · Cloud · Mesh (27 tools)
| Tool | ⭐ | What it does | |------|----|--------------| | crackq | 1 | Self-hosted password cracking queue | | awesome-cognis | — | Awesome Cognis | | bootkit | — | Air-gapped cluster bootstrap planner | | cloud-setups | — | Firebase, GCP, and Azure project setups | | cloudbill | — | Multi-cloud cost report, anomaly detection, and FOCUS export | | cloudkeys | — | Find leaked cloud keys (AWS/GCP/Azure) + classify blast radius |🛡️ Security & Detection (42 tools)
| Tool | ⭐ | What it does | |------|----|--------------| | c2detect | 29 | C2 server fingerprinter | | modpot | 1 | Spin up a high-interaction Modbus/DNP3 ICS honeypot…
-
c2detect
C2 server fingerprinter — Cobalt Strike, Sliver, Mythic, Havoc, Brute Ratel
Python ★ 33 12d agoExplain → -
codegraph-mcp
No-train, on-prem code knowledge graph served to AI agents over MCP, with a hash-chained audit row for every read.
Python ★ 5 13d agoExplain → -
adsbwatch
Analyze an ADS-B feed/CSV for anomalies: callsign spoofing, squawk 7500/7600/7700, and unusual loiter patterns.
Python ★ 2 15d agoExplain → -
compliance-atlas
Condensed, cross-walked reference for SOC2, ISO 27001, NIST CSF/800-53/800-171, CMMC, GDPR, CCPA, HIPAA, PCI DSS, EU AI Act
Python ★ 2 1d agoExplain → -
maritimeint
AIS vessel tracking & sanctions-evasion anomaly detection
Python ★ 2 15d agoExplain → -
cognis-neural-suite
Umbrella catalog of the Cognis Neural Suite (100+ tools)
Python ★ 2 1d agoExplain → -
cryptotrace
Free-tier blockchain investigator — ETH/BTC clustering + sanctions xref
Python ★ 2 16d agoExplain → -
comint-osquery
DISA STIG-aligned osquery configs + RMF mapper
Python ★ 2 15d agoExplain → -
grcforge
GRC control crosswalk engine (NIST 800-53 / CIS / SOC 2) + gap analysis
Python ★ 1 17d agoExplain → -
rootsentry
Mobile runtime-integrity detection: root/jailbreak/emulator/hook/tamper indicators with a scored posture verdict (RASP-style, zero deps).
Python ★ 1 17d agoExplain → -
yararun
Run simple YARA-style string/regex rules over a directory
Python ★ 1 1d agoExplain → -
otaverify
Validate OTA update packages end-to-end: signature chains, rollback protection, anti-downgrade counters, and delta-patch integrity.
Python ★ 1 3d agoExplain → -
sbomb
Generate a CycloneDX SBOM directly from an unpacked firmware root filesystem and flag components with known CVEs and EOL kernels.
Python ★ 1 3d agoExplain → -
blescope
Sniff and decode BLE GATT traffic, fingerprint device profiles, and assert on insecure pairing/characteristics in CI against a capture.
Python ★ 1 4d agoExplain → -
awesome-drone-warfare-osint
Citation-grade OSINT dataset: 8,300+ foreign components across 195+ drone & missile platforms, with cited effectiveness/EW/counter-UAS statistics. MIT (code) / CC BY 4.0 (data).
Python ★ 1 1d agoExplain → -
dealflow
Model your sales pipeline as a YAML state machine and compute conversion rates, stage velocity, and weighted forecast straight from CRM exports.
Python ★ 1 12d agoExplain → -
mcpharden ▣
MCP server hardening linter — capability declarations, transport, tool descriptions
Python ★ 1 12d agoExplain → -
hoplink
BLOS PACE communications architecture validator & failover simulator — four-pathway validation, physical-domain diversity, no-pLEO enforcement, LPI scoring, automated failover simulation. Self-hosted, verified.
Python ★ 1 1d agoExplain → -
scryer
Multi-domain ISR sensor fusion for counternarcotics (non-kinetic) — EO/IR+radar+AIS+ADS-B track fusion, dark-contact cross-cue, coverage cost modeling, GeoJSON. Self-hosted, verified metrics.
Python ★ 1 1d agoExplain → -
bootwarden
Audit UEFI firmware dumps for missing Secure Boot keys, unsigned modules, S3 boot-script vulns, and known SMM threats.
Python ★ 1 13d agoExplain → -
modlure
Spin up a high-interaction Modbus/DNP3 ICS honeypot that logs attacker register reads/writes as structured JSON.
Python ★ 1 13d agoExplain → -
keyhound
Scan firmware blobs and filesystem dumps for hardcoded private keys, API tokens, default creds, and weak RSA/ECC material.
Python ★ 1 13d agoExplain → -
opengcp
Independent open-source LOCAL reimplementation of core Google Cloud Platform primitives (object storage, document DB, pub/sub, event functions) for offline development and testing. Pure stdlib. Not affiliated with Google.
Python ★ 1 17d agoExplain → -
gsafinder
GSA Schedule opportunity surveyor — SAM.gov + eBuy + FedConnect
Python ★ 1 15d agoExplain → -
crackq
Self-hosted password cracking queue — multi-user hashcat with audit log
Python ★ 1 1d agoExplain → -
deidproof
Re-identification risk assessment that computes k-anonymity, l-diversity, and HIPAA Safe Harbor compliance on a dataset.
Python ★ 1 15d agoExplain → -
tokenmeter
Token and cost counter / budgeter for LLM apps, CI-ready
Python ★ 1 15d agoExplain → -
canzap
Replay, fuzz, and assert on CAN bus traffic from a .pcap or SocketCAN interface with a tiny YAML DSL.
Python ★ 1 1d agoExplain → -
pcapsummary
Summarize flows/talkers/protocols from a pcap text export
Python ★ 1 16d agoExplain → -
stigsentry
DISA STIG checker + NIST 800-53 RMF mapper + POAM emitter
Python ★ 1 13d agoExplain → -
packpeek
Static packer/loader fingerprinter (C) — UPX/ASPack/Themida/MPRESS/VMProtect + entropy; emits YARA + SARIF. JSON out, CI-tested.
C ★ 1 1d agoExplain → -
fedramplens
FedRAMP boundary visualizer & OSCAL-format SSP/POAM generator
Python ★ 1 16d agoExplain → -
apkprobe
Android APK static security analyzer — MASTG-aligned, from-scratch binary-AXML decoder, zero dependencies.
Python ★ 1 17d agoExplain → -
fwxray
Diff two firmware images and surface exactly what changed: new binaries, flipped config flags, added certs, and shifted entropy regions.
Python ★ 1 17d agoExplain → -
attestport
Air-gap software supply-chain gate — SBOM (CycloneDX), SLSA/in-toto-style provenance + signature, CI policy gate
Python ★ 0 4h agoExplain → -
vendorvet
Third-party / vendor risk questionnaires with SBOM cross-ref
Python ★ 0 15h agoExplain → -
depgraph
Dependency risk visualizer — Scorecard + OSV + typosquat + maintainer signals
Python ★ 0 1d agoExplain → -
dvmobile
Damn Vulnerable Mobile — a self-contained, intentionally-vulnerable mobile backend lab with MASVS-mapped challenges, writeups, and a flag scoreboard. Training only.
Python ★ 0 1d agoExplain → -
licenselens
Dependency license + SBOM gate, developer-CLI first
Python ★ 0 2d agoExplain → -
pipewatch-pro
CI/CD supply-chain auditor — GH Actions / GitLab CI / OWASP CI/CD Top 10
Python ★ 0 2d agoExplain → -
conflictwatch
Open-source conflict monitoring & situational awareness — ACLED/GDELT/UCDP + OSINT feeds, hotspots/trends, and a sourced 'what's working' lessons KB (OSINT/force-protection)
Python ★ 0 15d agoExplain → -
geolens
Image geolocation toolkit — EXIF, sun-shadow, OCR, reverse-search
Python ★ 0 15d agoExplain → -
bastionkit
Hardened security baseline for air-gapped/regulated Kubernetes — assess + generate NetworkPolicy/PodSecurity/RBAC/quota controls
Python ★ 0 4d agoExplain → -
auditrail
Tamper-evident audit-log aggregator with hash-chained attestation
Python ★ 0 1d agoExplain → -
binhunt
Game/desktop binary integrity scanner that fingerprints executables, detects common packers/obfuscators, and diffs against a known-good baseline to catch tampering.
Python ★ 0 5d agoExplain → -
aisgapwatch
Detect & score AIS transponder-gap anomalies in vessel tracks (maritime situational awareness / defensive OSINT)
Python ★ 0 5d agoExplain → -
admitd
Kubernetes policy-as-code admission engine — declarative allow/deny/mutate with built-in CIS/NSA hardening policies
Python ★ 0 6d agoExplain → -
advsim
Benign, authorized-use-only adversary-emulation & detection-validation harness mapped to MITRE ATT&CK (purple-team; Caldera/Atomic Red Team category).
Python ★ 0 6d agoExplain → -
attestinfer
Cryptographically prove an AI answer came from a specific local model + private corpus, verifiable by a third party without revealing either. Signed Merkle attestation transcripts with selective disclosure.
Python ★ 0 6d agoExplain → -
reconforge
Scope-gated red-team reconnaissance & attack-surface mapping for AUTHORIZED engagements. Passive-first, fail-closed scope gate, STIX/SARIF/HTML export. Offline-capable, zero deps.
Python ★ 0 6d agoExplain → -
agentprint
No description.
Python ★ 0 6d agoExplain → -
perpetua
No description.
Python ★ 0 6d agoExplain → -
fixpoint
Empirically characterizing convergence of the AI code generate-verify-repair loop: converge / stall / oscillate / exhaust. Deterministic CI study + data-only 43-task benchmark.
Python ★ 0 6d agoExplain → -
taskloom
Deterministic, auditable multi-agent orchestration — register tools, run a fixed or rule-driven plan, get a fully-traced reproducible result. Zero deps, offline.
Python ★ 0 6d agoExplain → -
agenttax
Classify findings against Microsoft's AI-agent threat taxonomy with mitigations
Python ★ 0 6d agoExplain → -
apidiff
Breaking-change detector for OpenAPI / GraphQL across commits
Python ★ 0 1d agoExplain → -
approvewarden
Scans any wallet for dangerous ERC-20/721/1155 token approvals and infinite allowances, scoring drainer exposure and emitting revoke transactions.
Python ★ 0 7d agoExplain → -
mnestra
Substrate-agnostic, structure-complete memory fabric — read the whole book from any address; forward-compatible across classical, photonic, and quantum hardware (rare-earth quantum memory). Reproducible O(N^2)->O(N) LLM efficiency.
Python ★ 0 7d agoExplain → -
meldkit
Self-hosted, edge-capable multi-INT fusion & agent orchestration — offline entity extraction, provenance-tracked knowledge graph, TF-IDF retrieval, deterministic multi-agent loop, pluggable local-LLM (Ollama), STIX 2.1. Verified with ground-truth metrics.
Python ★ 0 7d agoExplain → -
peststack
Declarative pentest-toolkit orchestrator (authorized engagements)
Shell ★ 0 8d agoExplain → -
agentlog
Agentic workflow replay & audit with OTel GenAI semantic conventions
Python ★ 0 8d agoExplain → -
comwatch
COM-hijack & persistence detector (C#/.NET) — parses .reg exports, maps to MITRE ATT&CK, emits Sigma. JSON out, CI-tested.
C# ★ 0 8d agoExplain → -
startboard
Self-hostable analyst start-page / dashboard generator
JavaScript ★ 0 8d agoExplain → -
longscroll
Longform timeline static-site generator with a recency engine
Go ★ 0 8d agoExplain → -
streamrelay
Self-hosted livestream relay control plane (ffmpeg)
TypeScript ★ 0 8d agoExplain → -
meshvpn
WireGuard overlay-network config generator + healthcheck
Shell ★ 0 8d agoExplain → -
handyops
Cross-platform sysadmin script library with an audited runner
PowerShell ★ 0 8d agoExplain → -
baadiff
Scan a repo or infra manifest for HIPAA Security Rule gaps and produce a Business Associate readiness scorecard.
Python ★ 0 8d agoExplain → -
aegis
AI Agent Permission & Access Auditor — surfaces the lethal trifecta of credentials + injection + reach
Python ★ 0 9d agoExplain → -
safequeue
Durable, idempotent at-least-once job queue (library + HTTP service)
Go ★ 0 11d agoExplain → -
injectguard
Detection-rule tuning lab: score signatures against a labeled corpus
Go ★ 0 11d agoExplain → -
txqueue-sdk
Go client SDK + CLI for the safequeue durable job-queue API
Go ★ 0 11d agoExplain → -
fixwval
Fixed-width record validator (COBOL/GnuCOBOL) — numeric-field integrity for batch pipelines. JSON out, CI-tested.
COBOL ★ 0 11d agoExplain → -
nginxwatch
Access-log scanner (Lua) — scanning, sensitive-path probing, flooding. JSON out, CI-tested.
Lua ★ 0 11d agoExplain → -
certpeek
X.509 certificate auditor (C#/.NET) — expiry, weak keys, weak signatures, SANs. JSON out, CI-tested.
C# ★ 0 11d agoExplain → -
mcpscaffold
Scaffolder, validator & test harness for local MCP servers
TypeScript ★ 0 1d agoExplain → -
agentskillpack
Portable packaging format & CLI for AI-agent skills
Rust ★ 0 11d agoExplain → -
banlex
Multilingual content-risk lexicon + classifier for moderation pipelines
Rust ★ 0 11d agoExplain → -
sanitext
Turn raw/uncensored text into provider-acceptable text for Claude, ChatGPT, and other LLM providers — strips profanity, slurs, PII, secrets, and hostile tone (rules engine + LLM rewriter). A compliance normalizer, not a filter-evasion tool.
Python ★ 0 11d agoExplain → -
skillvet
The trust gate for agent skills — vet a Claude Skill / MCP server / plugin BEFORE you install it. Static capability analysis + TRUST/REVIEW/BLOCK verdict, offline.
Python ★ 0 11d agoExplain → -
scopeward
Engagement authorization & scope enforcement for authorized mobile security testing (signed scope, ROE gating, tamper-evident audit log).
Python ★ 0 11d agoExplain → -
logsift-perl
Auth-log brute-force & password-spray detector (Perl port of logsift). JSON out, CI-tested.
Perl ★ 0 11d agoExplain → -
iocsift
Extract & defang IOCs from any text (Ruby). JSON out, CI-tested.
Ruby ★ 0 11d agoExplain → -
entroc
Windowed Shannon-entropy scanner (C) — flags packed/encrypted/embedded-key regions. JSON out, CI-tested.
C ★ 0 11d agoExplain → -
.github
Cognis Digital org profile
★ 0 12d agoExplain → -
snare
Snare — one blocklist that snares ads, trackers, scams & redirect attacks in any browser. Aggregates AdGuard + 20 more public lists, compiles to hosts/AdGuard/dnsmasq. Self-hosted, keyless, zero-dependency.
Python ★ 0 12d agoExplain → -
huntkit
Detection-engineering kit — 10 tools (IOC/YARA/Sigma/Elastic/ATT&CK/SIEM) + an ATT&CK-mapped rule library + a live-refreshable known-bad blocklist. Offline, zero-dep.
Python ★ 0 12d agoExplain → -
acqnav
Defense Acquisition Navigator — open, self-hostable software for DoD acquisition & program management: pathway recommender, transparent transition-probability scoring, TRL/MRL readiness, color-of-money, JCIDS alignment, milestone gates, pilot-to-program planning.
Python ★ 0 12d agoExplain → -
passkit
Open, self-hostable, standards-based phishing-resistant authentication tooling: WebAuthn/FIDO2 verifier, attestation, zero-trust assurance scoring, and policy.
Python ★ 0 12d agoExplain → -
geopulse
Open situational-awareness data engine: real public feeds (quakes/fires/weather/volcanoes/disasters/ADS-B/space-weather/tsunami/OSINT) exported into ATAK and Google Earth formats. Defensive SA only.
Python ★ 0 11d agoExplain → -
syntheon
Build your app, own every line. The open-source, local-AI full-stack app builder — menu-driven, generates + verifies your Next.js app until it's green. No cloud, no lock-in.
TypeScript ★ 0 1d agoExplain → -
specie
Counter-Threat-Finance Attribution & Fusion Platform — fuses IP/infrastructure deanonymization with multi-chain blockchain analytics into a confidence-scored, STIX-exportable threat-actor graph. Self-hosted, offline, zero-dependency. Verified with ground-truth metrics.
Python ★ 0 12d agoExplain → -
edgemesh
Cross-OS federated gateway unifying every OpenAI-compatible inference backend (Cognis fleet, Ollama, llama.cpp, vLLM) behind one /v1 endpoint
Python ★ 0 12d agoExplain → -
attackmap ▣
Map findings to MITRE ATT&CK techniques + coverage heatmap
Python ★ 0 12d agoExplain → -
elastdetect ▣
Elastic detection-rule CLI: validate, diff & deploy
Python ★ 0 12d agoExplain → -
sigmacheck ▣
Lint and unit-test Sigma detection rules against sample events
Python ★ 0 12d agoExplain → -
yaragen ▣
Generate candidate YARA rules from sample files/strings
Python ★ 0 12d agoExplain → -
stixgen ▣
Build STIX 2.1 bundles from a list of IOCs/observables
Python ★ 0 12d agoExplain → -
iocrep ▣
Score IOCs against offline reputation/allow lists with explainable verdicts
Python ★ 0 12d agoExplain → -
iocextract ▣
Extract & defang IOCs (IPs/domains/hashes/URLs) from any text
Python ★ 0 12d agoExplain → -
garak ⑂
the LLM vulnerability scanner
★ 0 12d agoExplain → -
awesome-agent-skills-security ⑂
🛡️ A curated list of resources on agent skills security: attacks, defenses, frameworks, and benchmarks for securing AI agent tool use and skill ecosystems
★ 0 12d agoExplain → -
awesome-mcp-security-fork ⑂
🔥🔒 Awesome MCP (Model Context Protocol) Security 🖥️
★ 0 12d agoExplain → -
agentsigs ▣
The open detection-signature library for AI-agent threats — prompt injection, jailbreaks, tool poisoning. Mapped to MITRE ATLAS + OWASP LLM Top 10. nuclei-templates for AI agents.
Python ★ 0 12d agoExplain → -
shrike
The autonomous security agent for your AI stack — finds the vulns in your MCP servers & agent tools AND writes the fixes, on a local model.
Python ★ 0 12d agoExplain → -
trustgate ▣
Detect symlink-hijack / one-click-RCE / unsafe-trust settings in AI coding-agent projects
Python ★ 0 12d agoExplain → -
promptmirror ▣
Prompt-injection & indirect-injection scanner for any LLM context input
Python ★ 0 12d agoExplain → -
ssrfmcp ▣
Consent-based SSRF probe harness for MCP servers that fetch URLs
Python ★ 0 12d agoExplain → -
mcppin ▣
Trust-On-First-Use pinning & drift detection for MCP tool definitions — catches the tool-poisoning / rug-pull attack
Python ★ 0 12d agoExplain → -
mcpauth ▣
Drop-in token-auth gateway in front of unauthenticated MCP servers
Python ★ 0 12d agoExplain → -
mcpscan
Scan MCP servers for RCE/SSRF/no-auth/tool-poisoning vulnerabilities
Python ★ 0 12d agoExplain → -
geoshift
Geospatial change detection & pattern-of-life for counternarcotics (non-kinetic) — AOI-grid new-activity hotspots, off-pattern anomaly detection, geofencing. Self-hosted, verified metrics.
Python ★ 0 13d agoExplain → -
terravue
AI/ML multi-modal illicit-crop detection & yield estimation — multispectral + SAR classification, area estimation with confidence intervals, yield modeling, change detection, GeoJSON. Self-hosted, verified metrics. Early prototype.
Python ★ 0 13d agoExplain → -
humind
Cognitive-architecture-inspired NL context engine (entities/intent/affect + working/episodic/semantic memory) that speaks agentlex. Models facets of cognition, not a literal brain.
Python ★ 0 15d agoExplain → -
cognis-code
Local uncensored AI coding suite — one endpoint wired into VS Code, JetBrains, Cursor, Zed, Neovim, opencode, and Aider
Python ★ 0 1d agoExplain → -
repo-warden
Access governance for git repos you already host: RFC 8628 device-flow auth, scoped revocable tokens, branch protection as a pre-receive hook.
Python ★ 0 15d agoExplain → -
creatorforge
The AI content team you own: voice-trained hooks, scripts, captions, thumbnails & multi-platform packaging. Offline by default, your model when you want it.
Python ★ 0 16d agoExplain → -
accountable-ai-suite
Accountable AI Engineering — an open suite for running AI agents you can prove are under control, on infrastructure you own.
Python ★ 0 13d agoExplain → -
cyclework
A tiny, dependency-free engine for iterative refinement loops: propose, check, revise, repeat.
Python ★ 0 13d agoExplain → -
sentinel-policy
An open governance doctrine (the SENTINEL seven rules) and a file-backed policy-gate engine for AI agents.
Python ★ 0 15d agoExplain → -
dastlite
A headless, config-as-code DAST runner that crawls an authenticated web/mobile-API surface and fires a curated active-scan ruleset, emitting deduplicated SARIF.
Python ★ 0 17d agoExplain → -
convoy-or
Military convoy routing w/ escort, dwell, threat-cost overlays
Python ★ 0 17d agoExplain → -
oscalkit
OSCAL compliance-as-code — validate, convert & diff control coverage for catalogs, profiles, component definitions & SSPs
Python ★ 0 17d agoExplain → -
cloudbill
Multi-cloud cost report, anomaly detection, and FOCUS export
Python ★ 0 17d agoExplain → -
dealroom
M&A/VC due-diligence assistant: generate a dataroom checklist, track items, and flag risks in local documents — fully local, no network needed.
Python ★ 0 17d agoExplain → -
gitopsd
GitOps drift detection — diff declared Kubernetes manifests against live cluster state and emit a reconcile plan
Python ★ 0 17d agoExplain → -
dnsaudit
DNS posture & misconfiguration scanner — SPF/DKIM/DMARC/DNSSEC/CAA
Python ★ 0 17d agoExplain → -
corsaudit
Detect permissive/misconfigured CORS from headers or a config
Python ★ 0 17d agoExplain → -
edgarpull
SEC EDGAR intelligence: 13F institutional holdings, Form 4 insider trades, 8-K material events by ticker/CIK
Python ★ 0 17d agoExplain → -
agentsmith
Config-first scaffolding and orchestration for multi-agent workflows
Python ★ 0 1d agoExplain → -
boardroom
Investor-update and KPI one-pager generator from your metrics
Python ★ 0 17d agoExplain → -
asnmap
Map ASN/CIDR ownership & neighbors from whois/RIR exports
Python ★ 0 17d agoExplain → -
authmatrix
Test an access-control matrix (role x endpoint) for IDOR/authz gaps
Python ★ 0 17d agoExplain → -
cspm
Cloud security posture from a config export (public buckets, open SGs, weak IAM)
Python ★ 0 17d agoExplain → -
tokenrotate
Plan + track secret rotation across providers from an inventory
Python ★ 0 17d agoExplain → -
cyberbench
Chainable encode/decode/transform pipeline (base64/hex/rot/xor/url/gzip)
Python ★ 0 17d agoExplain → -
crmsync
Bidirectional, idempotent sync of contacts/deals between a local SQLite source-of-truth and CRM APIs (HubSpot/Pipedrive/Salesforce) via one config.
Python ★ 0 17d agoExplain → -
runbookgen
Incident runbook and SOP generator from templates
Python ★ 0 17d agoExplain → -
certsearch
Analyze Certificate-Transparency exports for subdomains & rogue issuance
Python ★ 0 17d agoExplain → -
modelroute
Local model router / proxy across Ollama, vLLM, and cloud with fallback
Python ★ 0 17d agoExplain → -
mftparse
Analyze an NTFS $MFT CSV for timestomping and suspicious file activity
Python ★ 0 17d agoExplain → -
seedforge
Synthetic test-data generator with referential integrity
Python ★ 0 17d agoExplain → -
fpv-strike-drone
FPV Strike Drone — first-person drone flight & strike sim.
HTML ★ 0 17d agoExplain → -
shipcheck
Dockerfile linter with image-size and CVE advisories
Python ★ 0 17d agoExplain → -
embedaudit
Embedding / vector-store drift and poisoning audit
Python ★ 0 17d agoExplain → -
sbomx
Generates a CycloneDX SBOM for mobile apps by unpacking native libs and bundled SDKs, then matches components against known-vuln and tracker/privacy databases.
Python ★ 0 17d agoExplain → -
ossaudit
OSS license compliance auditor — AGPL contamination + NOTICE generation
Python ★ 0 17d agoExplain → -
vulntimeline
Vulnerability disclosure timeline builder with patch-window metrics
Python ★ 0 17d agoExplain → -
dmarcaudit
Audit a domain's DMARC, SPF, and DKIM posture and report spoofability with prioritized fixes.
Python ★ 0 17d agoExplain → -
sbomgate
Continuous SBOM diff & vulnerability watch with maintainer-change tracking
Python ★ 0 17d agoExplain → -
cisbench
CIS-style DB/SQL hardening checker with pass/fail evidence
Python ★ 0 17d agoExplain → -
filecarve
Carve and recover files from raw disk images and memory dumps by signature — fast, dependency-light forensics triage.
Python ★ 0 17d agoExplain → -
entropyscan
Scan files and binaries for high-entropy regions to flag packing, encryption, and embedded secrets.
Python ★ 0 17d agoExplain → -
quantumready
Post-quantum migration readiness scanner — find quantum-vulnerable crypto and map to NIST PQC (FIPS 203/204/205)
Python ★ 0 17d agoExplain → -
wafproof
Measure your WAF/detection coverage against a labeled test corpus
Python ★ 0 17d agoExplain → -
sqlsec
SQL-injection safety linter + trainer (defensive)
Python ★ 0 17d agoExplain → -
cveintel
CVE prioritization: correlate CVSS + CISA KEV + EPSS into an explained ranking
Python ★ 0 17d agoExplain → -
exfilwatch
Detect DNS/HTTP exfiltration patterns (entropy, beaconing) in logs
Python ★ 0 17d agoExplain → -
chainreserve
Open crypto market/reserve/seizure intelligence tracker (CEX reserves, ETF/treasury flows, seizures, strategic reserves, whales)
Python ★ 0 17d agoExplain → -
frameworkmap
Crosswalk controls across NIST, ISO 27001, SOC 2, CMMC, PCI
Python ★ 0 17d agoExplain → -
cloudkeys
Find leaked cloud keys (AWS/GCP/Azure) + classify blast radius
Python ★ 0 17d agoExplain → -
agentforge
Build entire organizations of AI agents (roles, personalities, experience, skills, tools); run them, export to CrewAI/AutoGen/LangGraph/OpenHands/TaskWeaver/MetaGPT, sync to PM suites. Interoperable with the Cognis 300+ suite.
Python ★ 0 17d agoExplain → -
bootkit
Air-gapped cluster bootstrap planner — turn a node inventory + artifacts into the ordered plan to seed a disconnected k3s/RKE2 cluster
Python ★ 0 17d agoExplain → -
pactgen
Generate branded sales proposals and SOWs from a YAML scope file + pricing table into PDF/HTML, with a deterministic line-item math check.
Python ★ 0 17d agoExplain → -
mcpify
Turn any command-line tool into an MCP server — one line, zero boilerplate
Python ★ 0 17d agoExplain → -
airgap-pkg
Self-contained installer for airgapped (SIPR/JWICS-style) environments
Python ★ 0 17d agoExplain → -
dripcheck
Lint email sequences and drip campaigns for deliverability: SPF/DKIM/DMARC, link health, unsubscribe presence, and CAN-SPAM/GDPR compliance.
Python ★ 0 17d agoExplain → -
oradeck
OCI registry mirror & artifact copy — move container images and their signatures, SBOMs & attestations across an air-gap
Python ★ 0 17d agoExplain → -
locateanything
Infer where a photo was taken using a local uncensored vision + reasoning model (OSINT/geoint, 100% local)
Python ★ 0 17d agoExplain → -
archivesnap
Web-page snapshot + change monitor with significance diffing
Python ★ 0 17d agoExplain → -
codegraph
Turn any Python codebase into a queryable knowledge graph you can search, diagram, and ask questions about — grounded via a local LLM fleet
Python ★ 0 17d agoExplain → -
adversa
LLM red-team harness — OWASP LLM Top 10 + MITRE ATLAS attack packs
Python ★ 0 17d agoExplain → -
docarchive
Full-text archive indexer & search for public-record collections
Python ★ 0 17d agoExplain → -
rtosmap
Statically map task structures, stack usage, and ISR call graphs in FreeRTOS/Zephyr firmware to flag stack overflows and priority-inversion risks.
Python ★ 0 17d agoExplain → -
milstdlint
Lint documents against MIL-STD / DoD formatting and classification-marking rules.
Python ★ 0 17d agoExplain → -
classguard
Validate classification banner markings (CUI/CONFIDENTIAL/SECRET) in documents per portion-marking rules.
Python ★ 0 17d agoExplain → -
atslens
ATS field-schema mapper & exporter for candidate-data portability
Python ★ 0 17d agoExplain → -
checkpoint-ai
NIST AI RMF / EU AI Act / ISO 42001 self-assessment & SSP generator
Python ★ 0 17d agoExplain → -
alertmux
Alert dedup, correlation, and routing in front of Grafana / PagerDuty
Python ★ 0 17d agoExplain → -
aicard
Auto-generated NIST AI RMF / EU AI Act Annex IV model & system cards
Python ★ 0 17d agoExplain → -
accessreview
Periodic user-access-review (UAR) campaign runner
Python ★ 0 17d agoExplain → -
compliancedrift
Config/compliance drift detector against a signed baseline
Python ★ 0 17d agoExplain → -
playbookforge
ATT&CK-mapped incident-response playbook generator + linter
Python ★ 0 17d agoExplain → -
sigmeta
Parse and classify signal metadata (freq, modulation, bandwidth) into a normalized catalog.
Python ★ 0 17d agoExplain → -
browserforensics
Analyze exported browser history/downloads for IOCs and exfil signs
Python ★ 0 17d agoExplain → -
openfirebase
Independent open-source LOCAL reimplementation of core Firebase developer primitives (Firestore-style docs, realtime JSON tree, local auth, static hosting, function triggers) for local development & testing. Std-lib Python, not affiliated with the vendor.
Python ★ 0 17d agoExplain → -
openazure
openazure - an independent, open-source LOCAL reimplementation of core Azure primitives (Blob, Table, Queue, Functions) for local development and testing. Not affiliated with Microsoft.
Python ★ 0 17d agoExplain → -
wazuhdeploy
Wazuh stack deployment scaffolder + healthcheck
Shell ★ 0 17d agoExplain → -
erambox
Config-as-code deployment scaffolder for a self-hosted GRC stack
Shell ★ 0 17d agoExplain → -
cybercard
Printable security quick-reference card generator
TypeScript ★ 0 17d agoExplain → -
ropecheck
Token-contract rug/honeypot risk scanner (defensive)
TypeScript ★ 0 17d agoExplain → -
interviewforge
Security-interview question bank + spaced-repetition trainer
TypeScript ★ 0 17d agoExplain → -
bookmarkforge
Auditable bookmarklet manager: lint, hash & export browser bookmarks
TypeScript ★ 0 17d agoExplain → -
localmcphub
Registry, launcher & health dashboard for local MCP servers
TypeScript ★ 0 17d agoExplain → -
skillsmith
Author, lint, validate & package AI-agent skills
TypeScript ★ 0 17d agoExplain → -
chainwatch
EVM/Arbitrum event watcher with rule-based alerting
TypeScript ★ 0 17d agoExplain → -
telemetrydash
Telemetry dashboard kit: summaries, threshold alerts & inline-SVG charts
TypeScript ★ 0 17d agoExplain → -
classmark
CAPCO-shape classification banner + portion marking library — placeholders only
Python ★ 0 17d agoExplain → -
scifops
SCIF/SAPF compliance helpers: badge audit, TPI, escort tracker
Python ★ 0 17d agoExplain → -
rmf-package
Auto-generate SSP / POAM / SAR (eMASS / Xacta import format)
Python ★ 0 17d agoExplain →
No repos match these filters.