Lightweight, local-first memory for AI agents. Hybrid vector + BM25 search, LLM-powered fact extraction, zero infrastructure — just pip install.

C2 server fingerprinter — Cobalt Strike, Sliver, Mythic, Havoc, Brute Ratel

Re-identification risk assessment that computes k-anonymity, l-diversity, and HIPAA Safe Harbor compliance on a dataset.

MCP server hardening linter — capability declarations, transport, tool descriptions

DISA STIG checker + NIST 800-53 RMF mapper + POAM emitter

Audit UEFI firmware dumps for missing Secure Boot keys, unsigned modules, S3 boot-script vulns, and known SMM threats.

Scan firmware blobs and filesystem dumps for hardcoded private keys, API tokens, default creds, and weak RSA/ECC material.

Model your sales pipeline as a YAML state machine and compute conversion rates, stage velocity, and weighted forecast straight from CRM exports.

Spin up a high-interaction Modbus/DNP3 ICS honeypot that logs attacker register reads/writes as structured JSON.

Replay, fuzz, and assert on CAN bus traffic from a .pcap or SocketCAN interface with a tiny YAML DSL.

Token and cost counter / budgeter for LLM apps, CI-ready

DISA STIG-aligned osquery configs + RMF mapper

Image geolocation toolkit — EXIF, sun-shadow, OCR, reverse-search

Generate a CycloneDX SBOM directly from an unpacked firmware root filesystem and flag components with known CVEs and EOL kernels.

Sniff and decode BLE GATT traffic, fingerprint device profiles, and assert on insecure pairing/characteristics in CI against a capture.

Diff two firmware images and surface exactly what changed: new binaries, flipped config flags, added certs, and shifted entropy regions.

Run simple YARA-style string/regex rules over a directory

Validate OTA update packages end-to-end: signature chains, rollback protection, anti-downgrade counters, and delta-patch integrity.

AIS vessel tracking & sanctions-evasion anomaly detection

Analyze an ADS-B feed/CSV for anomalies: callsign spoofing, squawk 7500/7600/7700, and unusual loiter patterns.