Building offensive security tools — one wave at a time
Lightweight C2 — ECDH P-256 forward secrecy, AES-256-GCM encryption, uTLS fingerprinting 
|
Linux post-exploitation — kernel namespace isolation, polymorphic beacons, 36 stealth modules
|
Collaborative browser terminal — real-time sync, credential vault, variable substitution
|
Encrypted reverse shell + Hell's Gate process injector in pure x86_64 NASM assembly
|
| Tool | What It Does | Language |
|---|---|---|
| Flux | Swiss Army Netcat — replaces nc/ncat/socat/pwncat. TLS + Noise encryption, auto-PTY shells, file transfer with SHA256, SOCKS5 pivoting, TCP scanning. Single static binary. |  |
| Conduit | SOCAT relay with kernel-level process masquerading — prctl/setproctitle stealth, argument hiding, 50+ channel types |  |
| Aquifer | Linux post-exploitation — kernel namespace isolation, multi-channel C2, polymorphic beacons, 36 stealth modules |  |
| Siphon | Lightweight C2 — ECDH P-256 forward secrecy, AES-256-GCM transport, uTLS Chrome fingerprinting | |
| Wellspring | Payload delivery server — 12 delivery methods, token-gated access, AES-256-GCM at rest, memory zeroing. Single binary. | |
| Spillway | Reverse/bind/dormant FUSE mount — browse remote filesystems locally over TLS 1.3 with mutual PSK auth | |
| Undertow | Static SSH server — reverse/bind shells, SFTP, port forwarding, TLS wrapping with SNI spoofing. Under 1.5 MB. | |
| Slipstream | Drop-in SSH wrapper — tunnel management, file transfers, passive filesystem mapping, per-command logging, fingerprint identity | |
| Depth | Full SSH-2.0 in pure assembly — ChaCha20-Poly1305, Ed25519, X25519, SFTP, PTY, port forwarding. 94 KB static ELF, no libc. |  |
| Tool | What It Does | Language |
|---|---|---|
| Vapor | Encrypted reverse shell + process injector in pure x86_64 NASM — ChaCha20-Poly1305 AEAD, Hell's Gate syscalls, zero deps | |
| Grotto | Encrypted netcat in pure assembly — ChaCha20-Poly1305, Linux ELF + Windows PE, ~8 KB, zero dependencies | |
| Dew | HTTPS reverse shell — XChaCha20-Poly1305 over TLS, ~37 KB binary, zero dependencies | |
| Droplet | HTTPS reverse shell for Windows — ~50 KB C implant, AES-256 encryption, interactive Python listener | |
| Undercurrent | io_uring stealth loader in pure assembly — ChaCha20-Poly1305, ~4.2 KB, invisible to syscall monitoring | |
| Tool | What It Does | Language |
|---|---|---|
| Riptide | Collaborative browser terminal — real-time sync, credential vault, variable substitution, session recording, playbook workspace |  |
| Runoff | AD security audit — extract quick wins, attack paths, and misconfigurations from BloodHound CE |  |
| Maelstrom | NetExec wrapper — 35+ AD enumeration modules in one command, multi-target scanning, actionable recommendations | |
| Rapids | Credential spraying framework — 28 native protocol modules, adaptive skipping, pass-the-hash support | |
| Seep | Windows privesc enumeration — 16 checks, 97 tools, MITRE ATT&CK mapping, fileless agent, single-file HTML reports | |
| Whirlpool | Privesc reasoning engine — parses LinPEAS/WinPEAS output, generates ranked exploitation playbooks | |
| Tool | What It Does | Language |
|---|---|---|
| Shallows | Browser-native Linux terminals — x86 emulation in the browser. No servers, no installs, no accounts. | |
| Ripple | Browser-based Vim editor — full keybindings via CodeMirror 6, split panes, tabs, virtual filesystem, zero dependencies | |
| Deluge | Nmap & RustScan parser — color-coded terminal reports, multi-format export, interactive scanning, Catppuccin styling | |
| Surge | Markdown-to-command-reference — fuzzy search, variable substitution, offline-first PWA, Catppuccin themes | |
| Fathom | Offline man pages browser — TLDR summaries, instant search, Catppuccin themes. PWA, works without internet. | |
| Cascade | Native markdown editor — real-time collaboration, live preview, wiki-links, canvas whiteboard, 21+ themes. Tauri + Rust. |  |
| Sunken-Archive | Personal knowledge base — digital garden with interconnected notes, graph view, full-text search. Built on Quartz. | |
| HydroShot | Screenshot capture & annotation — region select, drawing tools, copy/save. Built with Rust, winit, tiny-skia. | |
| Tidepool | Interactive terminal portfolio — explore a developer profile through real shell commands in the browser via xterm.js | |
| Deadwater | Research publication platform — index, search, and serve computational papers. Full-text search, citation graph, API. | |
| Tool | What It Does | Language |
|---|---|---|
| armsforge | AI-powered security platform — intelligent automation, Claude Code integration, workflow orchestration for offensive operations | |
| Tool | What It Does | Language |
|---|---|---|
| Tidemark | Obsidian plugin — variable substitution in markdown via YAML frontmatter. Copy, replace, rename in one command. | |
| LigoloSupport | One-command ligolo-ng setup — auto-downloads binaries, configures TUN, guides pivoting. Zero to tunneling in 30 seconds. |  |
All tools are built for authorized security testing and educational purposes.